Cybersecurity and cyberattacks make regular headlines in our increasingly digital world.
Those in charge of protecting data – whether it be an entire data centre, or an individual company – are rightly bolstering their cybersecurity defences with the latest software.
But in the race to always stay one step ahead of cyber-criminals online, it can be easy to overlook a crucial component of an effective strategy – physical security.
"Omitting physical security from a data protection strategy is like deadlocking and alarming your front door, but then leaving the back window open. It creates a vulnerability that can easily be exploited by savvy hackers," says Michael Fisher, Managing Director of Boon Edam Australia*.
"One of the easiest ways for a hacker to gain access to a secure server and to sensitive information is to enter the physical premises and connect directly to on-premise hardware. This is where physical entrance security – like speed gates or security portals – is so important," says Fisher.
"The hacker or threat doesn't always have to be external to the company, either. It could be a disgruntled employee accessing an area they are not authorised to enter, and causing intentional harm," he adds.
Mistakes to avoid when specifying security entrances
Entrance security provides a way to detect, deter, or prevent unauthorised access, but there are mistakes to look out for, says Fisher, who lists three common traps specifiers can fall into:
- Not using security entrances for the purposes they were designed for. For example, speedlanes (also known as speed gates, speedstiles or turnstiles) are an excellent deterrent, and are ideal for lobbies and foyers where they can be combined with a receptionist or security staff member. But Speedlanes should not be used in high security applications. Applications that need to guaranteeing prevention of unauthorised entry should utilise a security revolving door or portal, typically with biometric integration.
- Placing biometric readers on the exterior of a high security portal when you want to guarantee only authorised personnel can enter the secure space. Having the biometric reader on the outside, allows for one person to authorise from the outside, and then an unauthorised person can enter, and gain access, defeating the purpose of the technology.
- Not considering throughput when specifying security entrances. Every building and facility – and secured areas within them – has an average number of people likely to enter and exit each day. Specifying a high security portal where only one person can be identified at a time will work brilliantly where foot traffic is minimal, but will slow things down unbearably in some applications where larger numbers need to go through the authorisation process. In these cases, a security revolving door is a superior option, and it will typically be able to handle numbers four or five times greater than a security portal.
High security entrances done right – a layered approach
While mistakes may be present out there, the majority of companies take the time to do their due diligence, and install a well thought out physical security system. For high security applications, such as data centres, this typically involves a layered approach.
"For high security applications, certified bullet and burglar resistant upgrades to security revolving doors and portals can provide an added level of protection against unwanted and unwelcome threats," says Fisher.
In these applications, a layered approach could involve a combination of:
- Full height turnstiles, which are useful at the outer perimeter, because they provide both a visual and physical deterrent against unauthorised access.
- Speedlanes in the lobby, to prevent tailgating – unauthorised people tailing authorised personnel through security gates – through to the use of alerts and visual recognition features that alert security staff to a potential breach.
- High security portals to protect data server rooms. These portals use biometric scanning and overhead sensors to ensure the credentials of each user. It guarantees each user is alone and is exactly who they say they are. This is the ultimate security front line – essential for protecting data at its hub.
High security means high stakes
When a high security entrance is specified, it's usually because there is highly valuable equipment, IP, data or people that a company is seeking to protect.
In these cases, a single breach can have catastrophic consequences, and it could be the company directors that are legally liable if they haven't met their duty of care obligations.
"Data breaches can have harsh consequences on a brand's reputation. You only have to look at recent breaches in Australasia and the negative sentiment it builds around the affected company," says Fisher.
"Insurance companies are now asking for strong physical access security to be in place as an integral part of more stringent risk management measures required to combat these threats," he adds.
Final word – choose security that's fit-for-purpose
For buildings and facilities implementing physical entrance security, it's important to evaluate each entrance individually, rather than picking a product that ticks a lot of boxes, or has a lot of features, says Fisher.
"Too often we see companies come to us with a less than ideal solution in place, which they've paid a fortune for, and they're genuinely surprised when we tell them that a far more cost-effective option would have provided better security," he says.
"You have to consider flow rate, different security levels, potential biometric integration, location of each entrance and disability access, for example. It's far more effective to start with the outcome – such as guaranteed prevention of unauthorised access – and work backwards to find the ideal combination of entrance security technologies that will deliver the desired outcome."
*Boon Edam Australia is the local arm of the 150-year-old Royal Boon Edam architectural revolving door and security entrance organisation, which is a global leader in its field, serving scores of Fortune 500 companies in 27 countries, as well as Australasian private and public buildings, data centres, government buildings, cash centres, medical and scientific facilities, and other high security applications requiring protection against physical threats.
Key Facts:
"Omitting physical security from a data protection strategy is like deadlocking and alarming your front door, but then leaving the back window open. It creates a vulnerability that can easily be exploited by savvy hackers," says Michael Fisher, Managing Director of Boon Edam Australia.
About us:
With work environments becoming increasingly global and dynamic, smart, safe entry has become the centre of activity in and around many buildings. Royal Boon Edam is a global market leader in reliable entry solutions, operating in 27 countries. Headquartered in the Netherlands, with 150 years of experience in engineering quality, we have gained extensive expertise in managing the transit of people through office buildings, airports, healthcare facilities, hotels, and many other types of buildings. We are focussed on providing an optimal, sustainable experience for our clients and their clients. By working together with you, our client, we help determine the exact requirements for the entry point in and around your building.
