When security professionals are faced with the question of how many unauthorized people are acceptable in their buildings, the answer is always a resounding zero. If asked a similar question of who has access to organizational facilities now and whether they are authorized, would the answer be as confident?
As today’s physical security risks turn into cybersecurity risks and vice versa, reassuring stakeholders that their facility is safe from unauthorized entry or penetration is an ominous task for all security and information technology (IT) operations teams. As security leaders know, it takes more than perceived improvements and assumptions to prove such a notion. Security professionals therefore need to plan, operate and demonstrate risk reduction using reporting platforms — and a modern secured entry strategy can help.
Why measuring risk matters
The question is, “Do security operations managers need security entrance products to be smart or intelligent artificial intelligence (AI) driven edge devices?” On one hand, the answer is an emphatic yes — primarily because secured entry incident response is in real time, and their data assimilation is the demarcation point for escalated rules, policies and procedures. On the other hand, if they can’t integrate with the existing access control platform; whether it be Software as a Service (SaaS) or Platform as a Service (PaaS), or even a hybrid on-premises data accumulator, how does that impact security operations? If the technology requires licenses, hybrid data management costs, training, policy and procedures updates, and likely more disparate reporting, the answer may be no.
Successful secured entry risk measurement strategies establish a fact-based platform designed to achieve the goal of zero unauthorized access to organizational facilities. Otherwise, attaining zero instances of unauthorized entry is just a guessing game. Measuring risk provides security professionals and managers with concrete evidence their risk reduction strategies are effective.
The ability to measure risk may also help organizations better align their security and life safety compliance policies. For example, the National Fire Protection Association (NFPA) enforces strict codes outlining free, unobstructed door egress. These codes could be in direct contrast to an active shooter or similar emergency entry lockdown plan that would effectively prevent individuals from physical danger and or contain the physical threat. Overriding fire codes and enacting such a plan would require an approved variance from local jurisdictions. The ability to provide a physical security plan based on verifiable metrics would improve the likelihood of a variance being approved.
Creating a risk measurement strategy
Measuring a building’s risk of unauthorized entry has been virtually impossible up until now. Today’s secured entry solutions can help gather metrics and predict probabilities at entry points, the basis of risk measurement. Because enterprises cannot adequately manage their level of penetration risk without knowing exactly who comes and goes, risk measurement starts with an effective tailgating prevention strategy.
It is important to acknowledge that a tailgating prevention strategy differs from a tailgating detection strategy. Common tailgating detection tools monitor for a potential tailgating infraction with a forced door or hold open alarm. However, after event detection, these design solutions require human intervention after a tailgater has already infiltrated the building. In many cases, often due to staffing, human error or negligence, these alarm triggers go unaddressed or undocumented. Thus, standard swinging doors with access control provide security while closed, but no clear metric for the risk of breach after being opened. The best way to gather an adequate baseline for risk measurement, i.e. an accurate count of who is in the building, is to prevent tailgating at the source.
The process of secured entry is an all-encompassing subgroup of a controlled workflow, and just like any other workflow, has vulnerabilities and potential for business process improvements. Are the security barriers being utilized to maximize incident response and improve the fluidity of secured entry? The technology and data management at this point is critical to incident response and, if integrated into secured entry workflows properly, can be a force-multiplier for security operations.
Security revolving doors and mantrap portals can help prevent tailgating while enforcing policy and procedures without human intervention. Access control tools that measure risk with AI and threat detection applied at the door supply two important things to a security manager: a return on investment (ROI) tied to the elimination or redeployment of manpower and the predictable measurement tied to risk. More specifically, these access control tools can help measure the probability an entrance can be breached expressed as a reliable percentage, or measured risk. A secured entry designed to prevent piggybacking and tailgating allows security operations teams to balance false rejection vs. false acceptance according to their own risk level.
This measurable risk rate can then be deployed across an enterprise with predictable results. Doing so not only proves compliance, but also delivers ROI. Security managers and enterprises alike can now effectively deploy secured entry solutions under their risk reduction strategy with the confidence that people, property and assets are properly protected.