Beyond Badges: Converged Security Starts with Identity Verification

Author: Yossi Zekri, President & CEO, Acuant

Once upon a time, physical security could be as simple as a friendly security guard with sign-in sheet and a knack for remembering faces, locks on doors and desks, and a fire alarm. These days, access management is much more complicated, and central to securing both physical and virtual assets. As machine, infrastructure, business, government, and social interconnections proliferate at blinding speed, security threats are increasingly difficult to distill, in part because cybercriminals are leveraging them in innovative combinations.

Often, numerous vectors are employed to carry off an attack, including both physical and cyber means of gaining access to valuable data and infrastructure. As we come to better understand the blended and multi-layered nature of most attacks, we realize we must counter with more holistic defenses. The more obstacles we can erect between bad actors and valuable assets, the more likely it is we will stop, minimize, or discourage attacks. Defenses must address physical and virtual threats from external and internal origins. It follows that the more collaborative and converged security measures are, the harder they will be to penetrate.

Thanks to a growing list of safety issues, physical security checks are fairly common, whether you’re opening an account, visiting a client’s office, or catching a flight. It’s not only important to check the identity of visitors and authenticate access, but to keep records of these checks for compliance, reporting, and investigative purposes. But without intelligent verification, the effectiveness of the identification process is unacceptably limited. Just because a visitor has an ID to hand you, doesn’t confirm he is who he claims to be. Conversely, most people expect their ID to be proof enough; no one wants to be treated like a criminal.

There are ample reasons to question the authenticity of IDs, badges, and drivers’ licenses. Given the state of digital imaging and printing technology, fakes are relatively easy to create. Even more concerning is the widespread incidence of identity theft, one of the fastest growing crimes in the US. The Bureau of Justice Statistics estimates 17.6 million Americans were victims of identity theft in 2014.

Crimes related to identify fraud cost US consumers $16 billion that year. Many of those stolen IDs are used to open accounts or make purchases, but they are also leveraged to commit larger scale cyber attacks.

Assuming you have a protocol for checking visitors’ IDs, how do you verify the IDs themselves? There is a key first step that all types of organizations should take to ensure that their visitor management, access control, and customer onboarding processes are efficiently and accurately verified. Advanced scanning solutions, including mobile and kiosk-based options, can scan IDs and badges, digitize the information contained therein, populate it to databases, and automatically connect to backend data sources (e.g., DMV and credit bureaus) for cross referencing. The transaction takes place seamlessly and can be completed anywhere you can use a mobile device. The scanning technology removes the tedious and error-prone task of manual data entry. Instead of staring at a keyboard and screen, security guards, bankers, sales reps, and front desk staff can focus on personal interactions and watch for red-flag behaviors.

Maintaining physical and cyber security is more feasible when bad actors are caught at the perimeter, before they can enter a system (building or network) and begin criminal activity: stealing laptops, smartphones, thumb drives; casing a location; opening a fraudulent account; stealing a car during a test drive; even picking up a child outside of permitted custody arrangements.

Many institutions operate under regulations that require collection and verification of customer data, but must create an appealing customer experience. If the onboarding process feels like an interrogation, it’s hard to make customers feel welcome. Automated scanning and verification solutions help account managers complete their compliance and fraud prevention tasks without alienating the prospective client. The information entered into their systems is accurate and verified from the first step, so all the back end processes relying on that information are secure as well.

In the past, different departments have managed physical and cyber security systems, but experts argue that a holistic approach to enterprise security calls for greater convergence. For example, access to corporate equipment would be tied to identity scans in the lobby, so anyone bypassing the security checkpoint without being scanned would be unable to login to any terminals or access control points. Enterprise-wide security alerts could be sent and received by all security staff, whether physical or cyber, in a more efficient and collaborative manner. This approach dovetails with the trend toward identity-based security measures.

In any organization, the web of security relies on many factors, from human intuition and observation to hidden associations discovered by cross-referencing databases. As our personal, professional, and economic lives become increasingly digitized and interconnected, the convergence of physical and cyber security becomes more imperative. Security experts know that gaps between systems represent vulnerability and risk. Smart scanning and identity verification solutions seamlessly connect people and processes at crucial access points, enhancing both safety and service.

Yossi Zekri is President & CEO of Acuant, the leading provider of identity solutions. The company’s patented technologies have been transforming unstructured customer data into useful and insightful information through a technology-driven process that automates intake, increases accuracy and adds value to its partners’ applications.

Join the CSO newsletter!

Error: Please check your email address.

Tags Acuantsecurityidentity verificationcybercriminalsBureau of JusticeCSO Australiacyber security

More about AdvancedSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Yossi Zekri

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts