Micro means “very small.” Micro-automation is the automating of small parts of an overall process and is extremely valuable when applied at large scales. It makes possible the otherwise impossible and can provide macro-scale results.
In this article, we will examine the concept of micro-automation as it applies to physical access control. This article, while it can stand alone, builds on the previous “Real Words or Buzzwords?” article Data Literacy. It shines a spotlight on a technology product that enables the effective utilization of data, in this case access-privilege data, where this has only been possible at small scales.
Physical Access Controls’ Dark Secret
The 50-year “dark secret” of facility access control is that electronic access control never truly solved the shortcomings of physical lock-and-key systems. Whether locks and keys are mechanically or electronically operated, access control privileges are still less and less manageable as two things grow in size: the number of controlled doors or gates, and the number of credential holders in the system.
Consider the following real-world example of one company’s story. They have 25,000 employees. Every year 2,000 individuals exit the company, 2,500 are hired to back-fill empty positions or fill new ones, 800 change roles or working locations, 1,000 are added due to acquisitions, and another 500 leave due to subsidiary sell-offs. On average, 25% of all people records change every year. That’s 6,250 personnel changes.
Over 1,000 access credential holders are contractors, for whom the status of their company’s insurance policies are make-or-break access privilege requirements. Some of the contractors work for multiple primary contractors, and the scopes of the primary contractor work determines what areas of the facility the subcontractor may have access to.
Additionally, several thousand employee and non-employee credential holders have safety training requirements that must be up to date for them to access specific areas or operate certain machinery.
This company believed it likely that at any point in time at least several hundred of their credential holders’ have inappropriate access privileges resulting from a variety of human mistakes. It has proven impossible – through manual processes – for them to keep all access privileges accurate across the entire company.
Furthermore, some percentage of the access privilege errors are cumulative, meaning that they are not solved by people leaving the company. For example, several access groups contain too many privileges, and now span protected areas they were not originally intended to span. Thus, the incorrect access privilege liability grows each year, and the organization is increasingly subject to the very threats the access control system was designed to prevent.
Many of their greatest risk exposures stem from highly complex privilege requirement situations that they just can’t get a handle on. For example, if a serious injury accident were to happen involving a contractor whose training has expired and whose employer’s insurance has lapsed, the company would have a multi million-dollar liability.
On top of the financial costs, there would be negative emotional impacts on other employees, contractors and investors as well as a diminishing of the company’s reputation.
Learn MoreCredits By: www.securityinfowatch.com
