InfoWorld ran a thought provoking article this week,
IT security gets physical, about the convergence of IT and physical security.
This is one of those great philosophical questions of the information security universe. While a lot has been said about this subject -- and I agree it's a good thing -- it's still a pipe dream at many companies. The bureaucratic barriers at most companies are too great.
But all hope may not be lost. The US government
HSPD-12 initiative, which requires all federal facilities to have uniform access by Smart Card, could lead the way for the same in private industry. So, what's the big deal with physical access? The big deal is that the same systems can be integrated, eventually, into an access management system.
That means both physical and logical access to computer systems would be linked as part of the same multi-factor authentication system. This would provide seamless auditing. logging and tracking of users both through facilities and their access to computer systems.
Yes, yes, I know. Just like Single Sign-On (SSO), it's a single key to the whole store. That means that, if compromised, a malicious user would have access to both the facilities and their system. More on that later. Let's see step one implemented first.