Something big is coming to ISC West Booth #13115

EN

Is Policy-Based Access Control and Zero Trust the Future of Physical Security?

May 18, 2023

An image of a robot hand pointing at a white security icon.

Policy-based access control (PBAC) has proved too complex for most physical access control systems (PACs) – until now. As organizations across industries face evolving security threats and more complicated hybrid work schedules for every type of employee, PBAC just might be the Zero Trust physical security solution we’ve all been waiting for.

Increase in physical security events

In a survey by Pro-Vigil, 20% of respondents indicated a higher number of physical security incidents in 2020 than the year prior. A third of the 124 business operations leaders who participated expected another increase in 2021.

And physical security threats put more than physical and intellectual property in danger. In addition to concerns over shoring up physical access to servers, 69% of respondents feared irreversible damage to both company finances and reputation in the event of security-related fatality.

24/7 access is a problem

One glaring gap in physical security for many companies is card-based building access for employees. Owing to the limitations of legacy access control systems, most organizations grant 24/7 access to all employees, regardless of their specific needs. This opens the enterprise to new levels of liability in terms of both employee safety and security breaches.

But tempting though it may be, simply locking everything up and throwing away the key won’t serve a modern organization’s more complex access needs.

The problem with PACS

Policy-based access could, in theory, solve the 24/7 access problem and help organizations tighten up their physical security posture – even as schedules become more sporadic and site locations expand. By automating PBAC, employees would only be able to access company facilities during their designated shifts or planned “in-office” days.

But PBAC begets another issue owing to most companies’ dated security infrastructure: PACS. Legacy access control systems simply don’t have the capacity to manage multiple contingencies for every employee. Historically, as a result, the only way to implement tailored access policies has been by hand.

PBAC – A Zero Trust Approach for Physical Security

A common initiative for cyber security, a Zero Trust approach is a shift of network defenses toward a more comprehensive IT security model that allows organizations to restrict access controls to networks, applications, and environment without sacrificing performance and user experience. In short, a Zero Trust approach trusts no one, verifies everyone.

Within a PBAC Zero Trust approach for physical security, your organization’s posture assumes all identities have zero access and that every physical access event such as a badge or mobile credential swipe or biometric scan is validated and authorized against identity attributes, roles and policies.

R.I.P to Rip & Replace

Even as security budgets see growth over previous years, a “rip & replace” approach to updating infrastructure remains unappealing for most organizations, both for its cost and inconvenient interruption to operations.

But what if PBAC was possible within legacy access control systems?

In partnership with Bioconnect, we’ve introduced the first ever PBAC cloud solution for physical security. With our solution, you can implement zero trust, dynamic authorization for employee access according to individual work schedules – as well as assign seniority-based access privileges for physical spaces.

Alert Enterprise Policy-Based Access Control

Use our PBAC solution to:

  • Deliver trusted and compliant access at scale across the enterprise in real time
  • Control access to sensitive areas
  • Block access to terminated employees or individuals identified as high risk
  • Prevent rogue or unauthorized cardholder account access
  • And more

And thanks to our Bioconnect partnership, you can even introduce biometric and mobile device-based credentials and door readers together with or in lieu of the traditional card swipe. Either way, you can keep your existing PACs and dynamically authorize and enforce policy at scale. All the security benefits, none of the rip and replace hassle.

Start now with Alert Enterprise

Let’s connect on how we can help you protect your site locations, intellectual property, and most importantly, your people with policy-based access control for physical security.

Let's chat.

A black and white headshot of David Cassady.

David Cassady

Chief Strategy Officer

David Cassady has been selling and leading teams in Silicon Valley for more than 30 years. During that time, he’s led a mix of established software players and startups. Cassady has also been involved with five IPOs — and at least as many acquisitions. 

As Chief Strategy Officer, David leverages his extensive experience helping software businesses drive growth through deep and impactful partnerships with the world’s most successful SaaS providers like ServiceNow, Microsoft and SAP. 

A black and white headshot of Mark

Mark Weatherford

Chief Security Officer
Senior Vice President, Regulated Industries

Mark Weatherford brings years of high-level cyber-physical expertise to Alert Enterprise, and as Chief Security Officer (CSO), he guides the strategy of data management and protection by advising cyber-physical security policies and procedures within the company. Weatherford also works in liaison with businesses and executive professionals in the cyber and physical security industries to further accelerate security convergence adoption.

Mark has held numerous high-level cyber-centric positions, including Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC), the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity under the Obama administration, California’s first Chief Security Officer, and the first CISO for the state of Colorado.

A black and white headshot of Harsh Chauhan

Harsh Chauhan

Chief Technology Officer

As Chief Technology Officer (CTO) of Alert Enterprise, Harsh Chauhan is responsible for the company’s engineering technology innovation and solution delivery. A 20-year technology veteran and leader, Chauhan is focused on the growth of the company’s 3D Governance Risk Compliance (GRC) hyperscale cloud platform.

He also continues to develop integrated solutions with leading technology partners like SAP, SAP NS2, and ServiceNow. Before Alert Enterprise, Mr. Chauhan held multiple CTO positions, as well as Product Owner and Head of Development at SAP GRC 10.0, delivering targeted solutions to high-profile SAP clients.

Ruby Deal headshot

Ruby Deol

Chief Operations Officer

Ruby Deol oversees all business units at Alert Enterprise. With more than 20 years of experience in global sales and support services, Deol nurtures existing client relationships with a customer-first approach. As Alert Enterprise continues to grow in industry recognition and stature, Deol is charged with developing and implementing methods to meet organization goals and facilitate the company’s ongoing transformation.
A black and white headshot of Kaval

Kaval Kaur

CFO and Co-Founder

As Chief Financial Officer (CFO) and Co-Founder of Alert Enterprise, Kaval Kaur leads all finance and administrative back-office operations. Kaur is a member of the national professional organization American Institute of Certified Public Accountants (AICPA) and the California State CPA Society.

Prior to joining Alert Enterprise, she was the CFO and Co-Founder of Virsa Systems, a position she held until its acquisition by SAP.

Kaur is a philanthropist at heart, embracing the diversity of the San Francisco Bay area by assisting with and promoting special cultural events. She recently sponsored 2,000 public schools in rural India to advance computer literacy skills for children and is a foster mother to a 10 year old.

Jasvir Gill

Jasvir Gill

Founder and CEO

Leading the charge of digital transformation and security convergence is Jasvir Gill, Founder and CEO of Alert Enterprise, Inc. An accomplished engineer by trade, Gill is driving the long-overdue digital transformation of the physical security industry.

Prior to launching Alert Enterprise, Gill was the founder and CEO of Virsa Systems, where he grew the company into a global leader of application security software. An early pioneer in establishing governance, risk and compliance as a software market segment, he drove exponential growth at Virsa, facilitating its acquisition by SAP in 2006.

In his free time, Jasvir helps drive social and economic empowerment in the community. He’s also a trustee at the American India Foundation.