Security on physical access is a priority in this day and age with the multitude of incidences’ of network system breeches recorded annually. “Physical access control primarily protects computer equipment and is designed to prevent unauthorized users from gaining physical access to equipment in order to use, steal, or vandalize it” (Ciampa, 2009, p. 244). Weaknesses abound throughout these breeched systems as physical access is usually ignored.
Corporate Physical Access Control
A large, New Jersey pharmaceutical corporation that has numerous security systems employs the writer of this essay. I believe that my employer has adequate physical access control security systems in place. When I enter the facility, I must produce a company-provided photographic, electronically encoded security badge to gain access to the campus. At the front security gate, aside from showing my badge, the vehicle I drive must be registered, and an identifiable company sticker must be placed on the vehicle’s rear view mirror.
Numerous closed circuit television (CCTV) cameras are installed throughout the campus. At a recent company resource exposition, the security department demonstrated the motion detection systems, concentrated video surveillance at key sensitive locations, as well as general surveillance at entrances to each building.
Entrances are controlled by badge access. Badges contain electronic information about the employee with regard to access level granted by the employer. Each time an employee’s badge is scanned, it is logged in a database by the security department. Different areas are locked down depending on what type of work is performed there, for instance, research areas, legal departments and laboratories. Elevators are also controlled by access badges. Visitors may not enter the campus unless cleared by an employee, which is requested a day in advance. Visitors
to the campus are guided to a new state-of-the-art security welcome center. Here, the visitor is photographed and asked to provide identification which is scanned and added to the security database. The visitor is then provided with a temporary, photographic, electronic badge for a specific length of time. Employees must notify security if the visitor should be escorted to a destination or not. The temporary badge must be returned at the conclusion of the visit even though the electronic access code expires.
Server equipment and technology personnel reside in specific buildings with multiple levels of physical access and floors equipped with CCTV.
Although security seems very tight where I work, I have noticed that adjacent to the mail center’s shipping area lacks CCTVs. My building is the oldest on campus, and some doors do not fully close all of the time. These vulnerabilities are opportunities for a criminal element to capitalize on. This weakness is an opening in a security system that can be exploited by an angry employee out for retaliation or a criminal disguised as a delivery person or employee of a shipping company to gain unauthorized access.
“Loading docks serve as a primary gateway for would-be offenders as they are often left open and unattended. Valuable assets, such as computers, are sometimes stored on the dock for extended periods of time” (Threat Analysis Group, LLC, 2010).
Physical access control systems are paramount in the security of organizations that have millions, even billions, of dollars of assets in the form of equipment, digital information and trade secrets. “Although physical security seems obvious, in practice it is frequently overlooked because so much attention is focused on preventing attackers from reaching a computer electronically. However, ensuring that devices or the data on those devices cannot be reached physically is equally important. Physical access control includes computer security, door security, mantraps, video surveillance, and physical access logs.” (Ciampa, 2009, p. 244). To overlook the obvious security holes may sometimes be difficult for the security team in place. Periodic assessments must be conducted at regular intervals by an outside security organization to find easily overlooked weaknesses.