9.10.21 – SIW – ROI in data-rich access control solutions is being realized today across some of the world’s leading enterprises.
Organizations want to be able to intelligently mine data across the corporate world for new, invaluable insights and trends that help mitigate diverse threats and enhance daily operations. Data-rich access control solutions are enabling some of the world’s most advanced enterprises to account for varied risks presented to their facilities, to successfully protect people and critical assets and to go further to realize benefits across the business.
The data framework of access control solutions is constantly evolving and redeveloping as the industry itself changes. Basic transaction-oriented databases are old news, and enterprises require ever-evolving, dynamic and logical databases. Knowing where the change lies is key to implementing the best practices possible for your organization going forward in this digital workplace revolution.
With this in mind, making the decision at the right time to transition to the cloud helps organizations to completely re-architect their entire application stack with on-demand cloud computing offerings such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud. It is thanks to this that organizations can provide customers with the broadest and deepest portfolio of purpose-built analytics and services optimized for their unique analytical cases.
Creating New Opportunities to Cultivate Data
Opening new possibilities to perform greater data cultivation through deep integrations across data-rich access solutions is of growing importance and value to enterprises globally.
Via REST APIs (representational state transfer application programming interfaces), enterprises connect their access control solutions into their enterprise application ecosystem and leverage data across the corporate leadership, thus helping them to make the right decisions in real-time. The REST API software architectural style is created to guide the design and development of the architecture.
A strong enterprise solution will also now comprise a business intelligence (BI) layer, which allows customers to leverage their metadata and realize its power in other tools like Tableau, PowerBI and Oracle Apex, among others. Combining this work with AWS QuickSight, for instance, releases a whole new reporting tool within the application of access control. AWS QuickSight is an example of a scalable, serverless and embeddable BI service built for the cloud. QuickSight allows an organization to easily create and publish interactive BI dashboards that include machine learning-powered insights.
These reports only begin to scratch the surface and are generally leveraged by the day-to-day end users of the products, such as facility and local security managers. The real data-mining value is to be found down another layer, where enterprises can leverage global security information and event management systems (SIEMs).
Asking the Right Questions
SIEMs enable the chief information security officer’s global team to effectively manage corporate security policies at scale. There are many platforms to choose from (Splunk, IBM Security QRadarLog, RhythmSumo, etc.). Evolved well beyond their log-management roots, today’s SIEM software vendors have introduced machine learning-based, advanced statistical analysis. Combined with the right datasets—and, more importantly, the right team to configure and manage the system and action the data—SIEMs are a formidable tool to manage, address and mitigate risks to the enterprise in real-time.
Immediate physical security fused with wider corporate data provides insights that have previously been a data black spot. Therefore, the question really isn’t how to build a data-rich solution; rather, we must extend further to probe how to build good data within your solution. We first need to consider data-entry standards at conception.
A well-managed framework for converging information technology (IT) and physical security certainly helps mitigate some common issues with data duplication. However, a superior system also will employ duplicate detection rules. Other key considerations around review of data quality, options sets and determination of key data often are overlooked. Whether your data-entry standards are formalized or not, every member of your personnel should be made aware of the procedures that the company wishes to follow. Training your employees on these standards is key.
When everything comes in a well-architected framework, a wide range of issues can be detected, such as suspicious and malicious activity, inside threat detection, unusual badge reader access and out-of-hours access, to name a few.
The data points themselves have advanced far beyond just access events. We now see the integration of real-time location services for various industries. Tracking solutions, navigation, visitor management systems, life safety solutions, evacuation systems and more have become fully intelligent in providing a return on investment (ROI) from security down to facilities management. For example, an upcoming lock failure could be predicted before it happens, enabling a ticket for service to be generated to proactively replace before an issue ever occurs.
Realizing ROI Across the Business
Indeed, ROI in data-rich access control solutions is being realized today across some of the world’s leading enterprises:
● An organization’s global health and safety team now has the metrics it needs from the integrated mustering solution to proactively identify weaknesses in the evacuation process at one of its production facilities that could have led to loss of life. Through machine learning, the risk has been identified and rectified, potentially saving the business millions of dollars in loss of earnings, shutdowns, investigations, public image, etc.
● The global workspace experienced team uses a BI plugin to leverage the metadata in its own BI tool. Dynamic reports are created, revealing bottlenecks in the check-in process at the new corporate headquarters. This was originally hampering the organization’s guest-experience process and creating a security and fire risk with large crowds gathering in the main lobby.
● A global security team, working alongside the global workspace teams, runs a special intelligence project for insider threats. This is achieved by leveraging data points from the global visitor management solutions (which have been integrated with the access control solution) to identify a disgruntled ex-employee. This employee, who was returning to the office under the persona of a contractor after his termination period, had been issued physical access credentials on more than one occasion. It turned out that he was planning an attack on his employers, and a disaster was averted when security took swift action with the support of local law enforcement. This also brought to light some major changes in the standard operating procedures for the business and how it validates contractors on arrival and provides access credentials. The solution is now integrated with the access control system to eliminate the chances of human error.
● A facilities team reports unusual activity around a disembarked aircraft late at night at a major international airport. The security team investigates, using multiple data points across the system. Custom reports are run to identify any staff operating doors outside of working hours, unauthorized access attempts and new access requests. The team can quickly narrow down a small group of airline contractors who had been operating a smuggling ring for some time through a process of trial and error on airside exits.
Also, due to the falsification of new access requests, along with altering their rosters to suit their operating hours, these contractors had been able to leverage a weakness in the site’s operating procedures. The site in question has since updated its reporting tools and leverages machine learning to automatically detect unusual patterns like this to prevent future insider threat events.
● An employee who was earmarked for offboarding in four weeks enters a restricted area and attempts to steal intellectual property (IP) in hopes of a quick promotion at a competing firm. The company has already integrated access control and human resources into their SIEMs and the rules engine using a risk-rating detection tool displaying the offboarding system. The unauthorized access alerts as a “P1” risk. The employee’s credentials are immediately disabled. Plus, an incident report is created, generating an alert to the local security team, as well as a block to the reader on the door until the incident is deemed resolved in the dynamic workflow that has started.
The simple addition of including the onboarding data points into the access control workflow prevents a major leave of IP that could have cost this company years’ worth of competitive advantage and millions of dollars in losses and damages. The addition of these access data points is now protecting some of the world’s largest organizations and will continue to redevelop as and before new alerts are raised.
Successfully Avoiding and Adapting for Varied Threats
These examples show the different capabilities an organization holds when it comes to identifying risk and loss of data in their organization. The workflow of most organizations’ systems will have threats that can successfully be avoided when empowering a data-rich access control solution with deep integrations. From data to servers and through the safe and secure transition into the cloud, an organization can provide security across every visitor, host and admin of its system. And all queries are heavily optimized to ensure large datasets don’t impact client performances.
With change comes the need for more agile security systems. This is just the beginning, as even more innovative software and data-mining approaches are developed every day to prepare for ever-changing data standards around the world.
About the author: Shane Butler is Global Strategic Partnership Manager at TDS focused on super enterprise security SaaS applications for Fortune 500 financial, pharmaceutical, industrial, aviation, and critical infrastructure industries. Collaborating with Fortune 500 CISOs, global security directors and security system architects, Shane works with high specialist groups within the world’s biggest brands.