February 05, 2014
“What good does it do to build secure fences if we just let the bad guys in the front door?”
What is identity proofing and why do we need it in a security context? Have you ever been to a secure facility and noticed the efforts given to fencing in the entire facility? Perhaps it is a high fence of some sort with barb wire on top. Perhaps it is one of the high-tech fences that will alert the security team if the fence is breached in some fashion. There are all kinds of fencing and man-made impediments that are there primarily to keep people from just walking into the protected area.
Now consider for a moment what is done that allows people to enter the facility. Most facilities that are secure will issue a badge or visitor pass which in turn allows the people to enter. In order to get a badge or pass the prospective credential holder must provide a government issued photo ID attesting to their identity. This could be a driver license, a passport, or other form of picture ID.
The authority that issues badges and passes for the facility will likely ask other questions also. There may or may not be some type of background check as well as a check with somebody on the “inside” that approves the issuance of the badge or pass to the prospect.
With all of that accomplished the facility is certain that they are now “safe” letting the person into the facility…or are they? The first question is how well did they check out the prospect? The second question is this…is the person really who they say they are? Maybe the person that has been checked out is okay, but what if the person isn’t really who they say they are. How do we know?
This is becoming a serious problem in the healthcare industry, in the financial community, and in government and industry where keeping bad guys out has become increasingly important. One has to ask oneself, “What good does it do to build secure fences if we just let the bad guys in the front door?”
We at Hunt Engineering Systems, Inc. see ID Proofing as a two-step process.
Step 1 – Make sure that any credentials presented are actually genuine and are currently valid. All bets are off if the person has provided a fake credential.
Step 2 – Make sure that the person presenting the credentials is the same person shown on the credential. We need to make sure that we are vetting the person who will ultimately be given permission to enter the facility.