Infrastructure security is one of the key challenges that facility managers will face in 2023. As facilities become increasingly filled with connected devices, facility managers now have to worry about cyber threats alongside repelling physical attacks.

As such, there must be a new approach to securing infrastructures without compromising the efficiency of operations within a facility. That presents the question of how to add advanced security features to existing layers of protection.

To achieve this, reinventing the wheel is essential.  It is also important to not discard traditional systems, but rather enhance them. This includes, for example, adding automation to visitor management systems, or increasing the modes of authentication.

This article discusses six such means of upgrading physical security operations that will be most relevant in 2023 and beyond.

1. Automate Visitor Management Systems

The main aim of visitor management is to achieve a balance of back-end security for the organization and front-end ease for the visitors. Also, there is the challenge of meeting compliance requirements of visitor logging standards as established in documents like ISO/IEC 27001 (Information Security Management Systems – Requirements). That is where automation comes in.

Automated visitor management systems work by using a combination of technology and processes to streamline the process of tracking visitors in a facility. Today’s cloud-based visitor management systems are easily scalable to meet a facility’s needs at any time.

Beyond mere digitization and keeping electronic logs, such systems also generate actionable reports and gain insights from visitor traffic as required. This ultimately enables “attribute-based access and deeper integrations with other business systems for business intelligence applications beyond simply security,” in the words of security consultant Brian McIlravey.

2. Implement the Principle of Least Privilege

By implementing the least privilege security principle, facility managers can ensure that the information they store is secure and only accessed by those who are authorized to do so. In explaining its physical security architecture, IBM stated that “access to the data center does not in turn confer access to the secured rooms within the data center.”

In doing so, least privilege ensures that employees do not have access to more rooms or systems than they need as stated in their job descriptions. Some of the essentials in implementing least privilege security include the following:

• Role-based access control;
• Multi-level authentication;
• Clear privileged access management policies and restrictions;
• Regular review of user privileges based on changing roles and responsibilities; and
• Continuous monitoring for automatic detection of misused or compromised privileges.

3. Enable Frictionless Access Control

60% of organizations stick to traditional identification badges as their means of access control, whereas only 30% use more modern technology such as biometrics systems. However, it is notable that 17% of organizations already express willingness to transition to biometrics access control.

This corroborates evidence from a report by Alcatraz AI stating that access control systems with a frictionless user experience will be more widely normalized in 2023, especially through 3D facial authentication. Apparently, progress in this direction has been accelerated by the pandemic and the need for touch-free technologies.

Yet, frictionless access control systems are not simply about convenience. They help to reduce the amount of time spent manually verifying credentials and increase the efficiency of access control processes and overall security operations.

4. Document Security Protocols

Documenting physical security operations as a facility manager is an essential part of making sure all safety protocols and regulations are being followed. It is essential to keep detailed records of all security operations and to ensure that all personnel involved are aware of their responsibilities.

All employees should be given a copy of the facility’s security policy and must be trained on its contents. Make sure to document any incidents that occur and keep track of any changes that are made to the security system or policy.

In addition, regular security audits can help to identify any weaknesses or areas that need improvement. More so, it is important to review the security policy regularly and make sure that all personnel are up to date on the latest safety protocols.

5. AI Video Surveillance

Everything seems to be about AI these days, and yet, as the months and years are increasingly being dominated by AI, it becomes even more important to utilize technologies that are future-proof, e.g., AI-enabled.

In physical security, this is manifested in video surveillance. According to a report on 2023 Trends in Video Surveillance, businesses no longer just want a surveillance system that scans the environment.

Instead, powered by AI, surveillance systems must be able to automatically detect threats and threatening behavior, send real-time alerts to human security officers, and provide data insights that would be useful in understanding a facility’s security risks, needs, and required strategy. If criminals know how to harness AI for malicious purposes, then organizations must act to protect themselves using the same technology, only more effectively.

6. Multi-modal Authentication

Biometric authentication was groundbreaking when it was introduced. However, many stakeholders are starting to acknowledge how weak it is, especially in the age of AI, where malicious actors armed with intelligent spoofing technologies can easily compromise biometric-protected systems.

The weakness of traditional biometrics systems lies in their single modality, in which only biometrics are examined.  As such, security leaders are turning towards multi-modal authentication. Multi-modal biometric authentication systems can analyze and validate multiple physiological traits, such as fingerprints and retinas, simultaneously.

According to software CEO, Vamsi Kotte, “the combination of criteria also gives the system flexibility and avoids noisy data from having a significant impact on the outcome.” This is achieved without compromising security functionality.

Conclusion

Malicious actors never cease in their efforts to compromise important infrastructures. Instead, they reinvent their approaches to keep up with the defenses that their targets put up. However, in your duty as a facility manager, you must always seek to remain one step ahead, strengthening the layers of your security systems with innovative solutions to ensure up-to-date protection.

*******

Expert Insights

Paul Kirvan comments, “Perhaps a major challenge is when to initiate the use of AI-based technologies for access verification.  The speed of evolution in AI implies that the time to start using AI is now, rather than later, waiting to see what happens next.  The “next” is likely to happen quickly, so the use of AI is expected to be an ongoing process.  Users must accept that they will need to regularly review the AI technology in use to make sure updates haven’t occurred that make it even better.”

Paul Kirvan is an independent resilience consultant and member of the Resilience Association.   www.resilienceassociation.org