by Philip Jang, VMware Sr. Manager Physical Security Systems and Technology and Craig Savage, Senior Security Architect
In the early days of the Internet, the easiest way for a bad actor to gain access to an enterprise network was by physically infiltrating an office location. Today, advanced internet security controls and Zero Trust protocols make it harder to move laterally on a corporate network. This forces hackers to once again focus on physical infiltration, exploiting the trusted nature of an office internal network.
Let’s get physical
This challenge stems from the physical security industry’s inability to be fully digitized. It causes enterprises to be more complacent around this issue, especially since existing systems are somewhat effective despite varying little from their counterparts of decades ago.
That is changing with the advent of such technologies as deep learning artificial intelligence (AI). This advanced AI enables all data—including visual information from cameras—to be contextualized and made actionable, like cyber security. The physical and cyber can now be seamlessly linked, enabling companies to fully comprehend their security ecosystems.
Tailgating: great for sporting events, bad for corporate offices
Tailgating—the act of holding an office entrance door for someone else without that person being verified—is one of the easiest ways for a threat actor to gain access to an office network, especially on a large campus where not everyone knows each other. And while the pandemic dramatically reduced the number of personnel on any given site, research demonstrated incidents of tailgating actually increased as people were leery of touching door handles.
Making good use of our (new) brains
By employing deep learning AI, the VMware security team can correlate video contextual data with our Physical Access Control System (PACS). This smart software examines how many people come into a building versus how many people have been granted access, a powerful data point that represents a major step forward in preventing tailgating and unauthorized access. Now, for the first ever, teams can accurately measure the size of any given tailgating issue.
In the first week of deployment at the VMware main campus, our security team identified more than 2,000 tailgates in a single week. Once we took a proactive approach, we were able to reduce incidents to 200 per week within a six-month period. Still not satisfied, the team implemented education and an immediate physical response (by security personnel) initiatives, whittling down infractions to an average of about 10 per week.
What a way to behave
Changing people’s behavior, especially when it involves something that can seem rude or discourteous, can be an uphill battle. Realizing this, we built comprehensive yet minimally invasive processes with extended stakeholders (security guards, etc.) to ensure the shift in culture would be natural and less jarring. We didn’t want to create an airport security check atmosphere.
Deep learning AI is a key part of the overall solution, as it allows for real-time detection to be easily combined with direct human intervention—with nearly zero false alarms. Eliminating false alarms is important since colleagues could easily slip back into old patterns if they don’t trust the new protocols.
Ironically, pandemic protocols worked in our favor as colleagues became more keenly aware that tailgating could cause security and health risks. This new mindset enabled our Chief Security Officer (CSO) to push for a zero-tolerance policy that was ultimately acceptable by everyone affected.
Our mission is by no means done, and we are looking at ways to incorporate drones, robots, even more AI, and a security management application into our operations. These would be in addition to management, supervision, automation and orchestration of Internet of Things (IoT) devices.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or email@example.com to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.