As someone with a strong network security background, the idea of combining physical and network-based access control is as natural to me as putting cameras on the network.
The benefits are fairly obvious:
- A single system to handle both leads to less overhead for managing credentials.
- Having logical and physical datapoints lends to a 4th factor of authentication - where you are.
- Using the same card and pin for physical access and logical access leads to less forgotten passwords - and less insecure behaviors (sticky notes under the keyboard, anyone?).
- Reduces cross-section exposure for external attacks; if an employee is in tbe office, their VPN access should be disabled.
- Increases effectiveness of network-based IDP; the more information a system has about the environment, the easier it is to detect anomalous behavior.
- Effectively eliminates tailgating for anyone who needs computer access; if you're not recognized as inside the building, you can't access the network.
Needing to deal with both facilities and networking teams is an issue for integrators, but certainly not an intractable one.
So, tell me: Is anyone doing this now? If not, why? Do any integrators specialize in both network and physical security? Do any manufacturers sell this kind of integrated solution?