Cybersecurity and cyberattacks make regular headlines in our increasingly digital world.
Those in charge of protecting data – whether it be an entire data centre, or an individual company – are rightly bolstering their cybersecurity defences with the latest software.
But in the race to always stay one step ahead of cybercriminals online, it can be easy to overlook a crucial component of an effective strategy – physical security.
“Omitting physical security from a data protection strategy is like deadlocking and alarming your front door, but then leaving the back window open. It creates a vulnerability that can easily be exploited by savvy hackers,” says Michael Fisher, managing director of Boon Edam Australia.
“One of the easiest ways for a hacker to gain access to a secure server and to sensitive information is to enter the physical premises and connect directly to on-premise hardware. This is where physical entrance security – like speed gates or security portals – is so important,” says Fisher.
“The hacker or threat doesn’t always have to be external to the company, either. It could be a disgruntled employee accessing an area they are not authorised to enter, and causing intentional harm,” he adds.
When a high security entrance is specified, it’s usually because there is highly valuable equipment, IP, data, or people that a company is seeking to protect, so a breach can have dire consequences
Mistakes to avoid when specifying security entrances
Entrance security provides a way to detect, deter, or prevent unauthorised access, but there are mistakes to look out for, says Fisher, who lists three common traps specifiers can fall into:
- Not using security entrances for the purposes they were designed for: For example, speedlanes (also known as speed gates, speedstiles or turnstiles) are an excellent deterrent, and are ideal for lobbies and foyers where they can be combined with a receptionist or security staff member. But speedlanes should not be used in high security applications. Applications that need to guarantee prevention of unauthorised entry should utilise a security revolving door or portal, typically with biometric integration.
Speedlanes are ideally suited to lobbies and reception areas, but they should not be used in areas requiring a higher level of security, such as server rooms in data centres
- Placing biometric readers on the exterior of a high security portal when you want to guarantee only authorised personnel can enter the secure space: Having the biometric reader on the outside allows for one person to authorise from the outside, and then an unauthorised person can enter, and gain access, defeating the purpose of the technology.
- Not considering throughput when specifying security entrances: Every building and facility – and secured areas within them – has an average number of people likely to enter and exit each day. Specifying a high security portal where only one person can be identified at a time will work brilliantly where foot traffic is minimal, but will slow things down unbearably in some applications where larger numbers need to go through the authorisation process. In these cases, a security revolving door is a superior option, and it will typically be able to handle numbers four or five times greater than a security portal.
High security portals like the example, left, are ideal for biometric integration to provide top levels of protection against unauthorised access. In other applications requiring higher throughput, but still high levels of security, security revolving doors, like the example, right, are better suited.
High security entrances done right – a layered approach
While mistakes may be present out there, the majority of companies take the time to do their due diligence, and install a well thought out physical security system. For high security applications such as data centres, this typically involves a layered approach.
“For high security applications, certified bullet and burglar resistant upgrades to security revolving doors and portals can provide an added level of protection against unwanted and unwelcome threats,” says Fisher.
In these applications, a layered approach could involve a combination of:
- Full height turnstiles, which are useful at the outer perimeter, because they provide both a visual and physical deterrent against unauthorised access.
- Speedlanes in the lobby to prevent tailgating – unauthorised people tailing authorised personnel through security gates – through to the use of alerts and visual recognition features that alert security staff to a potential breach.
- High security portals to protect data server rooms. These portals use biometric scanning and overhead sensors to ensure the credentials of each user. It guarantees each user is alone and is exactly who they say they are. This is the ultimate security frontline – essential for protecting data at its hub.
High security portals, like Boon Edam’s Circlelock, above, provide the highest level of security for the most sensitive areas. Shown left is the Circlelock Solo model, and right is the Circlelock Combi, which is an interlocking half portal that attaches to an existing swing door, transforming an ordinary door into a high security entrance.
High security means high stakes
When a high security entrance is specified, it’s usually because there is highly valuable equipment, IP, data or people that a company is seeking to protect.
In these cases, a single breach can have catastrophic consequences, and it could be the company directors that are legally liable if they haven’t met their duty of care obligations.
“Data breaches can have harsh consequences on a brand’s reputation. You only have to look at recent breaches in Australasia and the negative sentiment it builds around the affected company,” says Fisher.
“Insurance companies are now asking for strong physical access security to be in place as an integral part of more stringent risk management measures required to combat these threats,” he adds.
Final word – choose security that’s fit-for-purpose
For buildings and facilities implementing physical entrance security, it’s important to evaluate each entrance individually, rather than picking a product that ticks a lot of boxes, or has a lot of features, says Fisher.
“Too often we see companies come to us with a less than ideal solution in place, which they’ve paid a fortune for, and they’re genuinely surprised when we tell them that a far more cost-effective option would have provided better security,” he says.
“You have to consider flow rate, different security levels, potential biometric integration, location of each entrance and disability access, for example. It’s far more effective to start with the outcome – such as guaranteed prevention of unauthorised access – and work backwards to find the ideal combination of entrance security technologies that will deliver the desired outcome.”
Main image: High security portals like Boon Edam’s Circlelock Solo provide the highest level of security
