"While companies have generally treated physical security as part of the facilities department and computer security as part of the information-technology group, employee information has increasingly become integrated, allowing businesses to link the two systems."
So says Steve Hunt, an analyst with Forrester Research, according to a News.com report by Robert Lemos.
The report reminds me of an interview I did of Glenn Argenbright, CEO of Saflink Corporation, during Fall Comdex in November 2003. Thanks to the holidays, that interview like many others done at Fall Comdexes, unfortunately fell on the cutting room floor and never saw the light of day. Now, it will. Saflink makes biometric security solutions that can be applied to both a company's digital and physical infrastructure. Back then, Argenbright called it the doorway to desktop solution and he told me that, at the time, the company had been working on it with the U.S. Department of Defense for a little over a year.
According to Argenbright, Saflink saw its customers taking the same approach to the same problem, but in different places with different implementations. "You can use the same measures -- fingerprint, iris, voice, face, tokens, smartcards, and proximity badges -- to secure a desktop system as you can the physical entrance to your premises." said Argenbright. "And people are doing that, but they're using one device at the doorway and a different one at the desktop with different management frameworks."
For organizations really looking to button up their security, this approach leaves a few holes, Argenbright told me. For example, should your computer let you log in if you haven't already come through the door? Or, what if you leave the premises and you mistakenly left your computer logged in?> Thus, Saflink's doorway-to-desktop solution which integrates the two systems into one. "Like the computer, the door is just another node on the network." said Argenbright. "Through one managment system, and one set of policies, you cover a company's physical and digital assets. You don't have to go to two separate systems to deny a person access to the building or the computers."
One other worthy point about Saflink's solutions is that they're agnostic to type of token used for authentication. One company could be into iris recognition and another could be into fingerprints. Agnosticism was important because the same solution that works for an office where fingerprints are the preferred biometric approach may not work for a hospital where the preference is for iris recognition because of the way healthcare workers routinely wear gloves.