Free Demo Contact
Manage all access with HelloID?

Manage all access with HelloID?

6 November 2024

It has now been about 15 years since the Stuxnet worm was spread within the Natanz nuclear facility in Iran via a tampered USB device. The perpetrators used that tactic because the facility was completely disconnected from other digital networks for security reasons. An online hack was simply not possible.

It is undoubtedly the most famous, but certainly not the last, hybrid attack with both physical and digital characteristics. That is not surprising, since it is often much harder to penetrate a well-secured corporate network online than to enter the building and plug a tampered device into the network. Just as unattended paper bins often form an ideal starting point for social engineering hacks; and a physical break-in often begins with taking down the camera network. In short, the boundaries between physical and digital attacks are blurring.

Security convergence

Security convergence

Security specialists recognize this risk, and there is therefore far more attention today on the alignment between physical and digital security measures. This is called security convergence, and the principle is that security must now be organized as one whole. That sounds obvious, but the reality is that these have always been highly separate worlds; physical security and IT security often also fall under different departments.

There are many areas where we can improve the cooperation between digital systems and physical security measures. At Tools4ever we are particularly interested in what you might call ‘access security convergence’. Although both digital and physical access systems are becoming more advanced, they are usually still managed completely separately. With our HelloID platform we want to help bridge that gap.

fysieke toegangsbeveiliging

Today: separate access management

Many organizations today have modern access security for both their IT applications and their physical locations. Within IT environments, in addition to passwords, you often have Multi-Factor Authentication and biometric methods to secure access. In the physical domain, a personalized access badge is now the minimum that organizations provide; increasingly, you can gain access with an iris scan or via your smartphone.

The real challenge, however, lies in managing individual access rights. How do you manage access to your assets when your organization has thousands of employees, uses dozens of applications, and has multiple locations:

  • We typically organize user accounts and access rights to IT systems with an IAM platform that grants accounts and permissions based on a person’s job function and department. This ensures that every employee only has access to the applications and data needed for their work. A finance employee therefore receives access to the financial systems based on their role, while an IT administrator normally does not.

  • Physical access security is usually managed from a central system that assigns access badges to users and activates the correct access rights on that badge. In this way you determine who gets access to which buildings and rooms, and on which days and times. You can also specify whether different departments have their own physical spaces that are not accessible to people from other departments.

Both use a central management platform, but these are usually not connected. What happens when an employee changes roles and moves from the finance department to the IT team? An IAM platform like HelloID will automatically adjust digital entitlements right away. But what about physical access? There is often still a process where you must ask the administrator of the badge system via the ticketing system to change the rights. The risk is that mismatches arise and that people gradually accumulate more and more physical access rights unnoticed.

Iam fysieke toegangsbeveiliging

HelloID to improve your security convergence?

Can we not professionalize this further by synchronizing both systems? Can we use a central IAM platform to manage both digital and physical access rights? With HelloID we can, and we offer this at two levels:

  • Basic: The physical security system still manages the detailed access rights per person. Our IAM platform ensures that new employee accounts are automatically added and activated in the system. We also ensure that when employment ends the user is deactivated and removed from the system. This keeps the user directory in the physical security system in sync with the current employee population.

  • Advanced: The issuance of physical access rights is also centrally orchestrated from the IAM platform. It is based as much as possible on a person’s role and other attributes that the IAM platform receives from the HR system. Someone who works in the IT department automatically receives access to IT applications and IT department areas. A finance employee automatically receives access to the financial software and the other facilities of the relevant department.

voorbeeld IAM en fysieke toegangsbeveiliging

In this way, with a single IAM environment we can manage all access rights, physical and logical, in a unified way. We prevent unnecessary privilege accumulation and mismatches between physical and digital access rights. It makes your organization more efficient, more secure, and demonstrably compliant.

How does this work in HelloID?

Let us make this a bit more concrete. HelloID has an extensive set of connectors to integrate systems. We can connect HR systems as the source system. An HR system registers, per employee, the person’s job function and department. Based on that, HelloID can then create the required accounts and assign permissions in various target systems, ranging from Active Directory to the CRM system.

Our connector catalog is organized into different categories, and if you filter on ‘IT management and security’ you will find applications like Nedap AEOS, Dormakaba, iLOQ, iProtect, and Salto Space. These are examples of business applications focused on building management and physical security. For example, Salto Space is an integrated, intelligent access control platform for different rooms within a building. The Salto system manages user authorizations, and organizations can choose the smartphone, a PIN code, or a keycard as the access method.

With the Salto Space connector, HelloID can synchronize the access settings in Salto Space with the information in the source system. In this way we ensure that employees receive access to the facilities and rooms that match their role and tasks. For different groups of employees you can also configure access groups with a predefined set of permissions. Administration is similar to the permissions management of your business applications. For a new employee, HelloID automatically creates an account in the system so that they can get started right away. If a person’s job function is changed in the HR system, HelloID automatically adjusts the required physical access rights as well. This is how we truly deliver fully integrated physical and digital access management.

Want to learn more about HelloID for your physical access security?

Integrating your physical and digital access management optimally requires proper preparation. Part of this is establishing a key policy that is based on different roles and their tasks. You then incorporate that key policy into the business rules of the HelloID platform. Do you want to learn more about integrating your digital and physical access security with HelloID? We will be glad to tell you all about it.