Who’s in your installation?

IT_VOG-R10-Card_44X40Ensuring that employees and visitors to an oil, gas or petrochemical installation have ID information that cannot be compromised is more important than ever. But secure ID means a lot more than just showing a card or typing in a password, as Phil Desmond discovers.

Ensuring that sensitive information only goes to those who should be permitted to access it is a major modern concern. That's why today, secure identity is big business. And that, in turn, is why many of us working in the oil industry have become aware of the hardware, software and services provided by companies like access control and secure identity solutions company HID Global. As Ben Rabasse, Regional Sales Manager Middle East, HID Global, says, awareness of such issues has been driven by a combination of need, awareness and technology. Take computer use, for example. “For some time,” he says, “organisations have been aware of the weakness of a knowledge-based, single-factor log on.” Obviously ordinary user name and password-based ID can be lost, stolen or given away, so a need has grown for simple, effective and low-cost verification.

How to do this properly while keeping the process fast and simple, is the obvious challenge. Biometrics has been used in computing for a while, of course. “HID's approach is to utilise the existing access control credential when logging onto the computer,” says Rabasse. “This can be done using RFID contactless technology. HID also manufactures a range of USB readers called Omnikey. These come in different forms to suit various applications: there is a waterproof unit for use in clean rooms; another has Bluetooth connectivity. One of the desktop units also comes with a built-in biometric reader to offer triple factor ID, which is ideal for very high-security environments.“

The needs of the oil industry are often, not too surprisingly, those of any major corporation, especially where ID cards ― another HID speciality ― are concerned. In this case the main concerns are the high-risk nature of many of their facilities and the need to use ID cards to control access. This means that individual oil companies often demand special additional security features on cards. These may include embedded holograms, micro-fine printing, UV ink, metallic colours and guilloche printing. “This is basically to ensure that the 'visual ID' element of their card cannot easily be compromised,” says Rabasse. Then there is the multinational nature of the larger oil firms, which means that several access control vendors may need to be utilised. As Rabasse is keen to point out, “HID Global can handle the rapid mass deployment of cards that may need to be compatible with a wide variety of host systems, possibly across several continents.”

High volume and turnover of employees, meanwhile, demand that oil firms have fast and regular issuance of cards; these may need to include the client's logo and/or individual artwork as well as the aforementioned security features (a service HID Global offers under the title 'Identity on demand').

Oil firms and other large organisations also like using smart cards so that along with physical and logical access control, the same credential can be used in many other ways. For instance they can be 'read' by special hand-held readers, linked real-time by wi-fi to the central access control server. “This increases efficiency by, for example, allowing security personnel to remotely check staff credentials, before they disembark from a bus, before entering the secure area,” says Rabasse. “Such devices are also extremely helpful during the mustering process after a fire alarm evacuation.”

Any secure systems of course must be implemented in a way that best negates the risks faced by that organisation, in any of their sites, says Rabasse. “This should never be a one-size fits all approach,” he points out. “Depending on a host of factors surrounding the company's vulnerabilities, the threats it faces and the physical environment in which it finds itself, a system designer would need to specify appropriate products. For example in many upstream sites, there are environmental challenges such as heat and risk of explosions. In the office environment the risk of a physical attack or accident may be lower but the threat to information, is likely to be greater. Any products selected need to be appropriate based on the issues.”

However, it’s not just a question of information security. Sometimes improved ID systems can be money-saving systems too. As we have briefly indicated earlier, HID Global has developed an extra layer of security whereby the individual who needs to input a user name and password into a PC to log in, has to first offer a physical credential to a special reader that is simply attached to the PC's USB port. If the cardholder attempts to show their card to the reader, but is not authorised to use the PC in question, he or she is not offered the opportunity to input a user-name and password so can proceed no further. Many users feel this is a simple, low-cost but effective solution that negates many of the shortfalls found with systems that ask only for 'something you know', rather than 'something you know' verified beforehand, by 'something you are authorised to have in your possession.' And it saves money. Rabasse explains, “The cost saving can be significant as it is the same HID credential that the user already carries to access the building.”

Not only that but storage of biometric information on a smart chip helps to increase security while reducing loads on the client's IT infrastructure. Cashless vending, meanwhile not only reduces petty theft, but an e-cash system can also better manage staff benefits, loyalty schemes and greatly speed up the payment process in, for example, a staff canteen.

But cost savings, while useful, are not the main point of secure ID. The major concern remains keeping sensitive information out of the wrong hands. And that could be a lot of information. As Rabasse puts it, “Imagine the consequences, if unauthorised individuals had access to servers or files containing employees’ personal data, customer lists, projects or contracts, intellectual property, blueprints, financial details — and even future marketing strategies!”

Alain Charles Publishing, University House, 11-13 Lower Grosvenor Place, London, SW1W 0EX, UK
T: +44 20 7834 7676, F: +44 20 7973 0076, W: www.alaincharles.com

twn Are you sure that you want to switch to desktop version?