Merging physical and logical security systems also strengthens physical security. A plain user ID displayed to a guard at a gate doesn't compare to a smart card with embedded credentials stored on an authentication server that needs to be scanned by a reader to allow access.
But there are guidelines a smaller company can follow without putting a strain on its budget.
One is the Homeland Security Presidential Directive-12 (HSPD-12), a directive that started out as a way to standardize physical access to government facilities but ended up as a program for merging physical and logical security. HSPD-12 requires uniform smart cards for accessing both government facilities and their IT systems.
Again, the smart card system required by HSPD-12 may be too expensive for your company. But the guidelines detailing implementation of HSPD-12 and the Federal Information Processing Standard Publication 201 (FIPS 201) may offer suggestions for setting up a system meeting your budget.
Some companies offering products to private industry are AMAG Technology, CoreStreet, Gemalto and Intercede. AMAG offers a Windows-based system geared for small businesses. CoreStreet has a handheld device, PIVMAN, which is well-suited for smaller offices. The device can be configured to read bar-coded driver's licenses -- saving you from the headache of deploying smart cards.
Options exist for smaller companies, but some hardware, even if minimal, will be required at some cost.
For more information:
This was first published in October 2007