Is there a way to bridge physical and logical security without using smart cards or biometrics?

Ask the Expert

Is there a way to bridge physical and logical security without using smart cards or biometrics?

For smaller companies that may not be able to afford the cost of biometrics, smart cards, etc., are there any other IAM technologies that can bridge physical and logical security?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

Anything that bridges physical and logical security requires a hardware investment, which costs money -- no matter how it's done. Biometrics and smart cards are the obvious choices, but they can be costly as well.

Merging physical and logical security systems also strengthens physical security. A plain user ID displayed to a guard at a gate doesn't compare to a smart card with embedded credentials stored on an authentication server that needs to be scanned by a reader to allow access.

But there are guidelines a smaller company can follow without putting a strain on its budget.

One is the Homeland Security Presidential Directive-12 (HSPD-12), a directive that started out as a way to standardize physical access to government facilities but ended up as a program for merging physical and logical security. HSPD-12 requires uniform smart cards for accessing both government facilities and their IT systems.

Again, the smart card system required by HSPD-12 may be too expensive for your company. But the guidelines detailing implementation of HSPD-12 and the Federal Information Processing Standard Publication 201 (FIPS 201) may offer suggestions for setting up a system meeting your budget.

Some companies offering products to private industry are AMAG Technology, CoreStreet, Gemalto and Intercede. AMAG offers a Windows-based system geared for small businesses. CoreStreet has a handheld device, PIVMAN, which is well-suited for smaller offices. The device can be configured to read bar-coded driver's licenses -- saving you from the headache of deploying smart cards.

Options exist for smaller companies, but some hardware, even if minimal, will be required at some cost.

For more information:

  • In this tip, contributor Mark Diodati explains why implementing a common authenticator for physical and logical security takes time and careful consideration.
  • Visit SearchSecurity.com's Identity Access and Management Security School and learn how IAM tools can be used to improve compliance.
  • This was first published in October 2007