VPN for VIPs
This is even more apparent at enterprises where corporate espionage threats are added to such standbys as theft, violence and unauthorized visitors.
One example comes from the cutthroat field of automobile manufacturing. When these firms encounter defective or improper parts, they call on quality control vendor Product Action, based in Indianapolis, to analyze and sort out the problem parts to keep the production line running. Protecting the anonymity of Product Action clients is imperative. To better ensure no unauthorized people gain facility entry, the company recently installed door controllers and access control software from Kantech Systems (Brossard, Ontario) at 14 of 40 North American locations.
Eliminating security failuresIn its business model, if an assembly plant or supplier has a quality problem, Product Action’s inspection teams help identify nonconforming parts and improve manufacturing operations. This may involve meeting with clients at a Product Action facility or dispatching engineers to the auto plant’s assembly line to resolve a defect and get them back up to speed.
The company had become frustrated with the unreliability of its previous access system. “We’re very big on security,” said Facilities Engineer Shawn Oliver. “We need to know who is entering a building and when, and verify that the person is authorized to enter the facility – our customers expect it of us. The card swipe system we had used at our Toledo, Ohio, location failed many times. The reader would lose information and often had to be reprogrammed. This took up valuable time that we can’t afford to spend.”
Oliver was introduced to Kantech, part of Tyco Fire & Security’s Access Control & Video Systems, by General Security Services when Product Action opened its first facility in Canada. “I liked the fact that the products could be integrated into a centralized access control system, so security for all of our 40 plus sites could be managed from one location.” Oliver evaluated numerous access systems, selecting Kantech based on its reliability and ease of use. “With our previous solution, each of the 44 devices controlled access to up to 16 doors,” explained Oliver. “If one controller failed, it interfered with access for all of those doors. Each Kantech controller handles a maximum of two doors, so it limits exposure.”
Product Action hired F&J Security of Ohio to install the equipment at 12 facilities. EntraPass connected all of the controllers and readers, which were in turn tied to the main server at the corporate office in Indianapolis. This software displays current activities that occur throughout the day and has pop-up alarms for pre-programmed activities.
Through the access control software and the Lantronix device on its main server, the company can now add, delete and update security access for personnel from its corporate office instead of site by site. Authorized employees use a proximity card, eliminating wear and tear typical of physical swiping of a card.
F&J also integrated EntraPass with an existing security system from Tyco’s Digital Security Controls at two facilities. This enabled the vendor to use its access system to activate and deactivate the system, and access information such as the name of the person who last activated the alarm and when it occurred, even for offsite locations. The system also ties to unlock doors in case of a fire.
All locations connect through the VPN, enabling a secure communication link from each facility to the corporate office. If communication is lost, the security system goes stand-alone until VPN is restored.
Improving accountability“We can see when people enter and exit each building,” said Oliver. “I can log onto EntraPass from anywhere to add or remove employees’ access. If we encounter a problem, such as a break-in, the system identifies when the last person was on the premises and the time they left. We’ve been able to save costly staff time and also keep extraneous people out of the system. It’s a lot easier to have one person activate/deactivate cards and avoid the hassle of going to every location.”
The new system has also been beneficial for employees who travel to multiple locations. Previously, they had to use a different card for each site they visited. This meant inconvenience for traveling employees as well as the significant cost of issuing close to $100 in cards for each person, as each site had a different card reader. With a staff of 4,500 employees, these costs could be significant. Now employees simply notify Oliver that they’ll be traveling and he activates one card to give them access to all applicable facilities. “They love how they can just go to a site and not have to shuffle multiple cards to enter various facilities.”
Sidebar: Smart Badges for ‘Ultra-security’Pfizer, Inc., the world’s largest research-based pharmaceutical company, is deploying a smart badge identity management system that sets the bar higher for security convergence. The approach includes technology from Horsham Pa.-based Gemplus International S.A.
The leap-forward mirrors convergence strategies of enterprise companies identified through Security Magazine studies and other research in which physical and logical access are combined in one system and, often, one credential. A recent Security Magazine poll, for example, found security executives view smart cards as a means of blending functions together.
Pfizer’s program seeks to build a globally aligned, company-wide electronic identity management infrastructure that is provisioned via an integrated smart badge. The objective of implementing smart cards is to improve the overall level of protection against intrusion, while enabling more efficient and secure collaboration among employees and business partners using digital signatures, according to the company.
The Gemplus identity management solution, called SafesITe, allows Pfizer to benefit from two-factor authentication, which combines the traditional “something you know” (password or PIN) with “something you have” (smart integrated badge), enabling greater security than traditional username/passwords.