Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & TrainingFire & Life SafetyPhysical Security

Education & Training

Are you suffering from access chaos?

An often-hidden issue, access control chaos creates enhanced risks for organizations. Here’s how to mitigate the effects and optimize your enterprise’s use of access control data.

By Brian McIlravey
workplace-security

Asia-Pacific Images Studio / E+ via Getty Images

September 9, 2022

Is your organization suffering from Access Chaos?

Ask yourself these three questions:

  1. When was the last time you checked to see if there was any outdated or inaccurate information stored within your access control system?
  2. Would you recognize invalid permissions if you saw them?
  3. Can you guarantee right now that your access control database is 100% accurate?

If you are unable to answer these questions with confidence, your access control system that was initially designed to reduce risk is now potentially creating risk.

In an ideal world, a physical access control system would accurately account for continually changing access roles, ensuring that those identities with appropriate authority are granted access and those without are not. However, in reality, many access control systems lack the capability to keep up with rapidly changing staff and contractor populations, related access rights, badging and other changes in authority, roles and responsibilities. This creates significant vulnerabilities within an organization: let’s call it Access Chaos — a threat that is often invisible to security management.

Access Chaos describes the state of an access control system where there is a significant amount of missing, outdated and/or incorrect information, including many of the roles and permissions assigned to identities.

Such inappropriate access creates chaos within the system and subsequently puts an organization at risk of theft, physical violence or other harmful incidents the access control system was intended to prevent.

Independent research shows that more than 90% of companies with access control systems experience Access Chaos and are either unaware or unsure how to address it. They could start from scratch and reset the entire system, but that could take years, requiring scarce labor and capital to execute.

If this situation sounds familiar to you, then you are likely experiencing Access Chaos.  


What Causes Access Chaos?

Because most physical access control systems operate in isolation, every access change requires manual input. This laborious process quickly leads to outdated information, access rights accumulation, and the wrong people having access. If even 1% of access rights are incorrect, this means dozens, hundreds or even more individuals could have inappropriate access to your facilities, including high-risk areas containing secure systems and high-value assets. This constitutes an insider threat.

Access Chaos occurs and compounds over time as personnel changes happen. For example, a warehouse employee might be promoted and moved to an office location without revoking their permission to enter the warehouse they were previously stationed at. Or an employee might be transferred or relocated without their badge having been de-provisioned from the old office campus, leaving a valid badge that could be lost or misused. Access permissions and statuses frequently change, but administrative oversights, the sheer volume of requests, and a disconnect between internal systems will inevitably cause a backlog of inaccurate access information.

The evolving business environment, accelerated in recent years by the pandemic, has created a new set of vulnerabilities. In a hybrid work model, some employees come into the office regularly on a set schedule or as they please, but not every day. Security administrators charged with managing access for hybrid employees struggle to keep up with these shifting schedules and frequent access change requests. The pandemic and subsequent “Great Resignation” have caused many employees to lose or leave their jobs. With these rapid changes, companies of all sizes are struggling to identify and manage inappropriate or outdated access, resulting in Access Chaos.


The Effects of Access Chaos

Access Chaos manifests itself in a variety of different forms, creating a variety of unique challenges for physical security teams. In most cases, it is impossible to tell if your current access permissions are correct due to changing schedules, roles and employment statuses. Perhaps there are more people in the access control database than employees and active contractors. In this case, security personnel may not be able to easily identify who should and should not have access based on current roles. If this same database is used for employee mustering during an emergency, the identification of employees or visitors still at risk will not be accurate, leading to potential harm or loss of life.

Access Chaos also poses a threat when it comes to ensuring regulatory compliance. Whether it be occupation limits, social distancing requirements or other industry-based regulations, an organization’s inability to accurately control access to high-value or hazardous assets could have costly implications. For example, a pharmaceutical business could be fined if an employee whose certifications had lapsed was still working in a laboratory. Another organization could be subject to legal and financial liability for an incident wherein a threat actor was unintentionally provided access because a terminated employee’s badge was still valid. In scenarios such as this, the symptoms of Access Chaos are hidden until it is too late and an undesirable event has occurred.


Access Chaos Relief

While it can be devastating to recognize that an organization is suffering from Access Chaos, there is technology that can solve the problem by automating the identification of access compliance and security risks. Using data from access control systems, human resources (HR), active directory (AD), learning management system (LMS), and enterprise resource planning (ERP) solutions, powerful analytical software can discover and alert users to risks such as out-of-date physical access data, unused badges, changing work schedules and potential compliance infractions. This kind of access visibility would otherwise be virtually impossible for security teams to accomplish manually.

The symptoms of Access Chaos can be further reduced with the inclusion of access control wearables. These can make access permissions visible to all, providing continuous, multi-factor authentication throughout a facility. Advanced wearables even make it possible to leverage existing building access cards to create business rules such as zone access control, contact tracing, visitor group tethering and fast mustering.

Amazingly, more than 90% of current access control systems contain out-of-date data. Your database may be right today — but will it be right tomorrow? While it can seem like an overwhelming problem, it is possible to address Access Chaos with software that quickly and automatically identifies invalid permissions and inappropriate access. Recognizing that your organization is suffering from or at risk of Access Chaos is the first step to creating an improved security stance and environment of reduced risk.

But first, you need to acknowledge the problem.


For more articles on access management, visit:

Access control considerations for healthcare settings

Get more out of your access control

5 security benefits of OSDP access control standards

KEYWORDS: risk assessment risk management security management security operations

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Brian McIlravey, CPP, Executive Vice President, PPM

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Global infrastructure

    From chaos to control: The power of immutable backups in disaster scenarios

    See More
  • remote work

    What you cannot see you cannot secure: Shining a light on cybersecurity threats in a work-from-home environment

    See More
  • business resilience responsive default

    Now That You Have a Plan, Are You Testing It?

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing