Controlling Physical Security via the Cloud

Written by Mike Ranellone on April 8, 2020

Share This Article

When we talk about security here at JumpCloud, we usually talk about the actions IT admins take to protect proprietary data and guard network infrastructure from attacks. Measures like multi-factor authentication (MFA), full disk encryption (FDE), and network segmentation, when enacted consistently across an entire environment, go a long way toward providing this type of security. But another important form of protection is less often integrated with the rest of the IT stack: physical access control for offices, data centers, and production facilities. 

Most of us take standard keycard access for granted. We swipe a badge at the right door at the right time of day, an electronic lock lets us in, and we head for our desks. But if you’re an admin in charge of updating, maintaining, and monitoring the system behind that experience, you know it can be a hassle. And even though employees don’t enter a username and password to get into the office, this system creates another siloed user identity you have to manage in addition to accounts for HR and IT resources. 

As with other areas of office infrastructure, a new, cloud-based approach is changing how we think about physical security. Modern solutions like the Kisi system eliminate the need for an on-premises server, and with granular control from any location via a secure web console, they actually increase security while reducing administrative friction. Cloud-based physical access platforms can even integrate with your core directory service, consolidating user management and access control across your entire organization.    

What is Cloud-Based Physical Access Control? 

If you’re already familiar with cloud-based identity and access management (IAM), it makes sense to extend the concept to physical access management as well. Like the credentials that let employees access their laptops and networks, door access credentials have traditionally been stored in an on-prem server. That server must be purchased, configured, and consistently updated in order to maintain security baselines. A modern approach stores and verifies identities in the cloud instead, with redundancy, high availability, and dedicated security attention built in. 

Any physical access control system will of course require on-prem hardware: readers mounted on the wall next to each door and hardwired to power or power over ethernet (PoE), and a central control unit wired to the locks they trigger. But after initial installation, a cloud-based system requires little or no physical interaction. Many systems even let employees swipe their smartphones or tap-and-go credit cards for access, so there’s no need to program and distribute separate RFID cards or fobs. This kind of convenience is just one of the benefits of a modern physical security system. 

Benefits of Cloud-Based Physical Access Control 

Regardless of your industry, strong physical security gives employees peace of mind and protects your hardware and proprietary data. Here are some of the specific ways a cloud-based door system maximizes security and simplifies administration. 

Flexible User Management for Increased Security 

Admins can revoke access at any time, from any location, providing peace of mind in the event a badge is lost or stolen or on the rare occasion that an employee goes rogue. Likewise, admins can temporarily grant access to secure areas as needed, streamlining vendor and contractor visits. Many systems also feature group-based access control, with the ability to designate permissions by department or floor, or set up a hierarchy that allows certain users into restricted areas. 

One Console to Manage Multiple Sites  

Similar to the way a cloud directory service provides centralized IAM regardless of users’ locations, a cloud-based physical access platform lets you control the doors at multiple facilities anywhere in the world from one pane of glass. 

Event Logging for Auditing and Compliance 

Compliance frameworks like HIPAA and PCI require organizations to demonstrate adequate physical security in order to protect sensitive patient and customer data. A cloud-based physical security system logs each door interaction and gives admins the ability to pull compliance reports as needed. 

User Convenience

As mentioned above, admins can set users up with the verification method that makes the most sense for them and their organization. Using the same technology that supports contactless payments, smartphones and tap-to-pay credit cards can stand in for traditional RFID badges and fobs. 

Integrating Physical Security With a Cloud Directory Service 

Even with all of the above benefits, it’s still common to provision users with separate identities for the door lock system from the ones they use to log into their laptops, apps, and networks. That means when an employee leaves the company, building access still gets its own line on your deprovisioning checklist. Instead, you can merge user identities between your physical and digital environments by integrating your cloud-based physical access control system with your central directory. 

The Kisi system, for example, uses a SAML-based integration to authenticate users against a core identity provider like JumpCloud. Physical door access gets added to your list of SSO applications, and you can provision door access by JumpCloud user group. When it comes time to remove a user, terminating their account in JumpCloud automatically revokes access in Kisi. Learn more about Kisi’s JumpCloud integration

Mike Ranellone

Mike is a writer at JumpCloud who's especially interested in the changing role of tech in society. He cut his teeth in the ad agency world and holds an M.F.A. in creative writing from the University of Colorado-Boulder and a B.A. in English and music from St. Lawrence University in Canton, NY. Outside of JumpCloud, he's an avid skier, cellist, and poet.

Continue Learning with our Newsletter