There are four major classes of access control commonly adopted in modern day access control policies that include:
- Role-based
- Mandatory
- Rule-based
- Discretionary
Aside from their classifications, access control procedures normally have 5 major phases – authorization, authentication, accessing, management, and auditing.
Any modern access control system will have a detailed checklist of protocols to ensure each of the above phases passes with flying colors, guaranteeing the greatest safety and most efficient access to a space.
Cloud-based access control systems, like Kisi, allow an administrator to authorize a user (whoever needs access to the space) with a specific level of access to any door connected to the required reader and controller. Conversely, authorization can be easily changed or revoked through a cloud-based administrator dashboard, meaning all the data and user credentials are stored and managed securely in the cloud.
Authentication #
When a user attempts to open a door they've been granted access to, the reader and controller installed on the door communicate via Bluetooth (or NFC, depending on what type of access token is being used) to determine whether the person is indeed allowed access to that particular space. Authentication happens when the hardware connected to the door sends a signal to the cloud database, essentially connecting all the dots within seconds to grant access to the user. The remote access system ensures that only those with proper permissions are authenticated to enter.
Accessing #
Once the necessary signals and user data have been authenticated in the cloud, a corresponding signal is sent to remotely unlock the door for the person requesting access. The door temporarily unlocks just long enough for the user to enter and then locks automatically once the door closes again. The beauty of a cloud-based access control system for this purpose is that users can access the space without the need for a traditional key or token. Kisi allows users to enter a locked space with their mobile phone or any device that has been authorized by the administrator, whether it be a traditional NFC card, Bluetooth token, or mobile device.
Management and auditing #
With a cloud-based access control system, it is extremely easy to manage access remotely as well as view the data recorded for each door and user in the system. Administrators are provided a clean interface (accessible from a desktop or on a mobile device) where they can track every detail of each unlock event for their users. A cloud-based access control system also means that software and firmware updates are seamless and require no effort from the administrator.
The criteria, conditions, and processes, as well as how they should be implemented in each of those access control phases, is known as a robust access control policy. This unified policy will also cover a major component of security known as the physical access control policy.
Importance of physical access control policy #
A scenario that underscores the importance of a physical security policy is when a hacker gets through your system and is able to access your data. Every server and bit of data storage, customer data, client contracts, business strategy documents, and intellectual property are under full scale logical security controls. However, a hacker is able to reach your IT room through some lapse in your physical security system.
Perhaps the IT Manager stepped away from his computer during an important update, or an employee accidentally revealed where the key to the server room is kept. In the event of a hacker situation, will your logical security mechanism work as robustly as it is required to? The answer is never, which means having a physical security policy is a critical, comprehensive element of access control that safeguards the assets and resources of the company.
The importance and benefits of having physical access control policy include the following points:
- Protects equipment, people, money, data, and other assets
- Physical access control procedures offer employees and management peace of mind
- Reduces business risk substantially
- Helps safeguard the logical security policy more robustly
- Helps in the compliance of physical access control rules by ISO, PCI, and other organizations
- Helps improve business continuity in natural disasters or destructive sabotage situations
- Improves effective tracing of culprits
- Reduces financial losses and improves productivity
- Ensures fast recovery from any loss of assets or disaster
- Helps to take preventive measures against any possible threat
For more information about access control systems, you can consult our overview guide or learn more about Kisi security platform.