Access Management

Ready to Tailgate?

January 1, 2011
KEYWORDS Badges / ID card / tailgate
/ Print / Reprints /
/ Text Size+


I love tailgating. I tailgate at my own institution and try to tailgate at others, even at corporate sites. Yet, I strongly disapprove of tailgaters and the practice in general. Of course, I’m referring to the practice of tailgating into a secured space or building, whether it’s a facility protected by standard locks and keys, guard stations, or electronic card access. Tailgating is the act of following an authorized individual into a protected/secured space by one who is not authorized to enter that space or perhaps, just that particular entrance or space.

Tailgating has been challenging physical security practices throughout history. There is myriad technology and design solutions to thwart tailgating into your facility. Facilities that require a high level of security employ tools ranging from tailgate sensors to mantraps, biometrics and the like. What are some solutions, then, for spaces that don’t require that level of security?   

Consider a corporate structure with a single point of entry that is monitored by security personnel. Exits from the building are equipped with alarms. Customers, delivery staff, visitors and others desiring to enter the building present some form of credential and are required to sign in, literally, on a notebook denoting the date and time entered and likely, their destination. They are to sign out when leaving, so at the end of the day, it’s a simple matter of ensuring that sign outs = sign ins and the building, in theory, is now unoccupied except for the security staff. This is a very common and traditional entrance to an office building. 

This hypothetical building also has employee entrances that are protected by electronic card access. Employees carry an ID badge that also serves as a card access key. OK, now I’m going to tailgate. I can either choose a time when a large number of employees are entering and just get in the middle of the line and walk right in. I can time my entrance to be just prior to the arrival of a lone employee, for example, and be fumbling through my wallet as if looking for an ID badge. This helpful individual who arrives shortly after I did will card-in and allow me to enter. 

The last scenario is one easily activated feature that has been around for decades in card access control – the anti-passback feature. The majority of enterprise level (if not virtually all) card access systems have had anti-passback enabled for some time. That is, the system won’t allow the same credential to be presented twice at the same location within “X”number of minutes or hours and allow access. Another solution that’s been around for some time is the addition of optical tailgate sensors: One credential is presented to the system, the tailgate sensor reads two people entering, an alarm sounds and a security response is initiated. Access control course level 101, right?

When electronic access technology was new, these are details that received a lot of our attention from the system users. Consider security cameras. They have been around for a long time, but due to cultural changes and due to the affordability of video security, they seem to be just about everywhere. So much so that employees are caught on video, by very overt cameras, committing a crime, as they’ve become so accustomed to seeing video cameras that they simply blend in with the building architecture.

If you read this column regularly, you know that I preach best practices, adopting standards and reviewing the basics. It’s human nature that developed the insensitivity to the presence of visible surveillance cameras just as it becomes human nature for system users to allow tailgating. It can become so common place that it escapes the attention of our security staff and our leadership. Perhaps adding tailgate sensors in your application would be an effective solution, if you have the resources to manage the additional alarm responses. Whether you have the system capabilities, funding and resources to do so or not – it’s just time to implement that no-cost solution: education.  

Remind your system users that, while it is in their nature to be friendly and helpful, letting people through the door who shouldn’t be there can cause losses and possibly harm. Remind the security front line and their leadership to be watchful for tailgating and provide them with some simple, positive responses to help them educate system users. That’s a guaranteed return on investment. 

Yes, I do resort to spot checking for tailgating. In my work environment, I can do this as a sometimes “fun” challenge, yet not anger folks or insult my colleagues. Your environment may be quite different, so my approach should be used with care. Also, I’ve tailgated my way into other facilities where I had appointments with colleagues in our profession. Not to embarrass them, just to let them know. I appreciate it when people do the same for me – I’d rather have some hole in the fence discovered by a colleague who will share it in private with me versus the other possibilities.

By the way, I’ve never tried tailgating at any government, airport or any high security areas – it can be fun but I’d like to retain my professional credibility and also maintain personal safety!   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Joel Jensen

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive


CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+