Is Policy-Based Access Control and Zero Trust the Future of Physical Security?

Policy-based access control (PBAC) has proved too complex for most physical access control systems (PACs) – until now. As organizations across industries face evolving security threats and more complicated hybrid work schedules for every type of employee, PBAC just might be the Zero Trust physical security solution we’ve all been waiting for.

Increase in physical security events

With the pandemic came an uptick in cybersecurity events that has the executive suite on high alert – but unfortunately, digital threats are not the only area of concern for the modern enterprise. Physical security incidents have also increased since the start of COVID-19.

In a survey by Pro-Vigil, 20% of respondents indicated a higher number of physical security incidents in 2020 than the year prior. A third of the 124 business operations leaders who participated expected another increase in 2021.

And physical security threats put more than physical and intellectual property in danger. In addition to concerns over shoring up physical access to servers, 69% of respondents feared irreversible damage to both company finances and reputation in the event of security-related fatality.

24/7 access is a problem

One glaring gap in physical security for many companies is card-based building access for employees. Owing to the limitations of legacy access control systems, most organizations grant 24/7 access to all employees, regardless of their specific needs. This opens the enterprise to new levels of liability in terms of both employee safety and security breaches.

But tempting though it may be, simply locking everything up and throwing away the key won’t serve a modern organization’s more complex access needs.

The problem with PACS

Policy-based access could, in theory, solve the 24/7 access problem and help organizations tighten up their physical security posture – even as schedules become more sporadic and site locations expand. By automating PBAC, employees would only be able to access company facilities during their designated shifts or planned “in-office” days.

But PBAC begets another issue owing to most companies’ dated security infrastructure: PACS. Legacy access control systems simply don’t have the capacity to manage multiple contingencies for every employee. Historically, as a result, the only way to implement tailored access policies has been by hand.

PBAC – A Zero Trust Approach for Physical Security

A common initiative for cyber security, a Zero Trust approach is a shift of network defenses toward a more comprehensive IT security model that allows organizations to restrict access controls to networks, applications, and environment without sacrificing performance and user experience. In short, a Zero Trust approach trusts no one, verifies everyone.

Within a PBAC Zero Trust approach for physical security, your organization’s posture assumes all identities have zero access and that every physical access event such as a badge or mobile credential swipe or biometric scan is validated and authorized against identity attributes, roles and policies.

R.I.P to Rip & Replace

Even as security budgets see growth over previous years, a “rip & replace” approach to updating infrastructure remains unappealing for most organizations, both for its cost and inconvenient interruption to operations.

But what if PBAC was possible within legacy access control systems?

In partnership with Bioconnect, we’ve introduced the first ever PBAC cloud solution for physical security. With our solution, you can implement zero trust, dynamic authorization for employee access according to individual work schedules – as well as assign seniority-based access privileges for physical spaces.

AlertEnterprise Policy-Based Access Control

Use our PBAC solution to:

  • Deliver trusted and compliant access at scale across the enterprise in real time
  • Control access to sensitive areas
  • Block access to terminated employees or individuals identified as high risk
  • Prevent rogue or unauthorized cardholder account access
  • And more

And thanks to our Bioconnect partnership, you can even introduce biometric and mobile device-based credentials and door readers together with or in lieu of the traditional card swipe. Either way, you can keep your existing PACs and dynamically authorize and enforce policy at scale. All the security benefits, none of the rip and replace hassle.

Start now with AlertEnterprise

Let’s connect on how we can help you protect your site locations, intellectual property, and most importantly, your people with policy-based access control for physical security.

Let's chat.

David Cassady

Chief Revenue Officer

David Cassady has been selling and leading sales teams in Silicon Valley for more than 30 years. During that time, he’s led a mix of established software players and startups. Cassady has also been involved with five IPOs — and at least as many acquisitions.

As Chief Revenue Officer, David leverages his extensive experience helping software businesses drive growth through skill-building for cloud and SaaS-focused teams. Together with the AlertEnterprise team, David is focused on the intersection of a repeatable sales process, a predictable pipeline and a multi-channel go-to-market strategy that includes physical security system integrators and SAP — all with the goal of driving explosive growth for the company.

Mark Weatherford

Chief Security Officer
Senior Vice President, Regulated Industries

Mark Weatherford brings years of high-level cyber-physical expertise to AlertEnterprise, and as Chief Security Officer (CSO), he guides the strategy of data management and protection by advising cyber-physical security policies and procedures within the company. Weatherford also works in liaison with businesses and executive professionals in the cyber and physical security industries to further accelerate security convergence adoption.

Mark has held numerous high-level cyber-centric positions, including Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC), the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity under the Obama administration, California’s first Chief Security Officer, and the first CISO for the state of Colorado.

Harsh Chauhan

Chief Technology Officer

As Chief Technology Officer (CTO) of AlertEnterprise, Harsh Chauhan is responsible for the company’s engineering technology innovation and solution delivery. A 20-year technology veteran and leader, Chauhan is focused on the growth of the company’s 3D Governance Risk Compliance (GRC) hyperscale cloud platform.

He also continues to develop integrated solutions with leading technology partners like SAP, SAP NS2, and ServiceNow. Before AlertEnterprise, Mr. Chauhan held multiple CTO positions, as well as Product Owner and Head of Development at SAP GRC 10.0, delivering targeted solutions to high-profile SAP clients.

Ruby Deol

Chief Operations Officer

Ruby Deol oversees all business units at AlertEnterprise. With more than 20 years of experience in global sales and support services, Deol nurtures existing client relationships with a customer-first approach. As AlertEnterprise continues to grow in industry recognition and stature, Deol is charged with developing and implementing methods to meet organization goals and facilitate the company’s ongoing transformation.

Kaval Kaur

CFO and Co-Founder

As Chief Financial Officer (CFO) and Co-Founder of AlertEnterprise, Kaval Kaur leads all finance and administrative back-office operations. Kaur is a member of the national professional organization American Institute of Certified Public Accountants (AICPA) and the California State CPA Society.

Prior to joining AlertEnterprise, she was the CFO and Co-Founder of Virsa Systems, a position she held until its acquisition by SAP.

Kaur is a philanthropist at heart, embracing the diversity of the San Francisco Bay area by assisting with and promoting special cultural events. She recently sponsored 2,000 public schools in rural India to advance computer literacy skills for children and is a foster mother to a 10 year old.

Jasvir Gill

Founder and CEO

Leading the charge of digital transformation and security convergence is Jasvir Gill, Founder and CEO of AlertEnterprise, Inc. An accomplished engineer by trade, Gill is driving the long-overdue digital transformation of the physical security industry.

Prior to launching AlertEnterprise, Gill was the founder and CEO of Virsa Systems, where he grew the company into a global leader of application security software. An early pioneer in establishing governance, risk and compliance as a software market segment, he drove exponential growth at Virsa, facilitating its acquisition by SAP in 2006.

In his free time, Jasvir helps drive social and economic empowerment in the community. He’s also a trustee at the American India Foundation.