Morse Watchmans Blog

How to Identify Vulnerabilities in Your Key Management System

Fernando Pires August 24, 2017
Fernando Pires

AdobeStock_64117399-1.jpeg

Maintaining a secure environment is becoming more and more of a challenge as the internet and other technologies create the potential for threats at a rapid pace. As the complexity of security systems grows, it’s essential to make sure that oldest of security technologies—keys—is being properly managed, maintained, and secured. It’s a surprising fact that one of the most common ways that hackers get access to data is by breaking into a facility and stealing laptops or server hardware. Should any of your keys fall into the wrong hands, it could create a domino effect for your entire security system, as criminals gain entry to otherwise secure areas and make off with your intellectual property. It’s therefore essential to identify possible vulnerabilities in your key management system, and take preventative measures against future issues.

It’s first necessary to look at how your keys themselves are being physically secured. If your keys are in a shoebox in your desk drawer or hanging on a rack on the wall, they could easily be stolen or taken by individuals who do not have authority to use them. Even in a locked drawer, the keys may not be entirely secure. A desk drawer lock is fairly easy for a determined criminal to get around. And once the drawer itself is open, all the keys within it are completely unprotected. Even individuals who do have permission to use certain keys in the drawer have access to every key once the drawer is open. Make sure that you secure your keys in a location that is physically impenetrable.

User access is an essential component of key management, particularly for highly sensitive keys. Make sure that the system you choose allows the most important keys to be designated for dual or triple user access, requiring all users to be present at the removal and the returning of the key. Without dual access, a key could be retrieved by an authorized user and easily given to someone unauthorized. With dual or triple user access, there is a built-in caution preventing this possibility. Many organizations limit access even among their own personnel: at a healthcare facility, for example, maintenance or administration may not be designated entry to dispensaries or complex machinery. For an even higher level of security, a key control system with biometric access goes a step farther to ensure that only designated users are allowed to remove specific keys.

A key control system is only as good as the alerts the system can provide. If security personnel are not properly alerted to attempted intrusions, they cannot react quickly to help avert the issue. They can be notified in multiple ways—in the form of an alert and/or an audible alarm on the key cabinet, emailed to security personnel or sent as a text message. Prompt, noticeable alerts sent to the correct personnel are essential to the effectiveness of your security system: intrusion detection cannot function if no one is properly notified of the intrusion.

When protecting your keys from theft and misuse, the best practice is to secure them within a key management system. However, make sure you choose the right system to avoid any vulnerabilities. Ensure that your system properly alerts your security officers should an attempted breach or system issue present itself, and that these alerts cannot be tampered with or easily overlooked. Your key management system needs to be durable with a secured cabinet and electric lock.

Requiring multiple user authorization at the removal and return of the most important keys can ensure that their removal and use are both accounted for. Checking for these vulnerabilities and installing a system that provides protection against them are essential factors in creating a security system that truly protects your business, assets, and personnel.

New Call-to-action

 

Topics: Key control and management