granting organizations the ability to effortlessly make changes to their systems when needed. Users can begin by defining their current de- mands and leverage the cloud to meet such needs, instead of invest- ing in high-expense servers and technologies of traditional systems that may become obsolete or need to be expanded in the future at further expense to the organization. Agencies can work with cloud- smart companies to continually redefine their needs and establish a price that fits their specific use.
Ensuring Cybersecurity
According to the 2019 Verizon Data Breach Report, almost 80 per- cent of all network intrusions detailed in the survey were the result of the exploitation of weak authentication systems (password hacks), the same results of their 2013 study. It is no wonder Bill Gates himself declared the password dead in 2004.
But old habits die hard — especially if they are cheap and easy. When you consider that the average cost to U.S. companies of a data breach is more than $8 million, clinging to these single-factor au- thentication systems is anything but inexpensive.
Organizations, particularly government agencies, have woken up to the fact that the current cybersecurity situation is broken and are looking for better solutions. Many of those organizations rely on physical security solution providers to deliver secure, reliable physi- cal access control solutions – and many are now turning to those same providers to achieve the same level of security to the virtual world. There are a few essential cybersecurity tools that all govern- ment agencies should leverage, many of which are also FICAM re- quirements.
Implementing Multi-Factor
Authentication Protocols
Multi-factor authentication is essential for government security and is also a central component in achieving FICAM compliance. Every major hacking incident in the past decade — from Target to Ukraine’s power grid — has had one thing in common: the lack of multi-factor authentication. Usernames and passwords, even the most secure and frequently changed ones, are still susceptible to be- ing compromised. The very best passwords can, with the right equip- ment, be cracked in a matter of weeks. With multi-factor authentica- tion, users add an additional element to the log-in process that makes hacking nearly impossible.
Multi-factor authentication can include various elements, from the inclusion of biometrics to the use of one-time passwords. The most common form of multi-factor authentication is two-factor au- thentication. Two-factor authentication requires something you have and something you know. In 2004, President George W. Bush signed HSPD-11, which began the U.S. government’s road toward mandated two-factor authentication.
From that directive, the government settled on using a smart card with encrypted security certificates — something you have — and a six to eight digit personal identification number (PIN) — something you know — as a requirement for access to all government systems. The smart card also offers a third factor authentication — something you are — such as a biometric template (i.e., fingerprint).
Still, it is important to note that not all multi-factor authentica- tion protocols are created equal. Both native and third-party tools for web access and email, the two most common needs of an employee
on their mobile device, are either completely absent or else lack the features needed for an enterprise deployment.
Luckily, as manufacturers have specialized and become more ac- quainted with the government space, they have developed a series of applications that meet these challenges and conform to FICAM com- pliance. For Identiv, that meant developing an entire suite of differ- ent applications that provide users with the ability to use two-factor authentication to access websites and to sign, encrypt, and decrypt email (S/MIME).
Physical and Logical Access Control Convergence
Working with a PACS provider to strengthen LACS security issues by converging the two areas can provide several advantages, including the following:
• Physical access control. PACS data can be encoded into a high-
frequency portion of the card for organizations, like government agencies, demanding a more secure platform than proximity. This high-frequency contactless interface protects the data exchange be- tween card and reader with a secure, standards-based encryption technique, eliminating the chance of anyone “cloning” the card data.
• Two-factor logical access control. This protocol allows workers to securely log onto desktops, laptops, VPNs, and mobile devices. Some smart cards have a contact element that includes PKI pub- lic and private encryption keys and certificates, providing a secure means to log onto computers without having to remember complex passwords, or more likely, write them down.
• Protect data in transit. Digitally sign and encrypt emails.
• Protect data at rest. Encrypt files and hard drives.
• Secure mobile devices. Generate One-time passwords (OTP) for
secure login.
• Secure access to web apps. Access Office 365, Google Drive, Sales-
force.com, and more.
• Physical ID. Design and print badges as would be done with any
badging system.
The convergence of PACS and LACS solutions can significantly
enhance the overall security of any organization. Applying advanced, two-factor physical access control concepts and technologies to cyber and network security can help overcome the inherent limitations of single-factor password technology.
As organizations begin this convergence in earnest, these advan- tages will undoubtedly result in reduced risk, improved risk manage- ment, and operational efficiencies, and are considerations all users should make when choosing an access control system.
Ask yourself: “Can my PACS provider also contribute to height- ened levels of cybersecurity?” If the answer is no, you should con- tinue your search elsewhere.
The Bottom Line
When choosing an access control system, it is vital to keep these tips in mind to be sure a system meets all compliance regulations and has room to grow as needs evolve.
When in doubt, partnering with a trusted technology provider that has established itself as a government-grade supplier is one way to be sure all of these points are considered. Federal security is un- like security for other vertical markets and requires a specialized and focused understanding of current trends and regulations.
David Helbock is the senior sales engineer at Identiv. WWW.SECURITYTODAY.COM GS5