All Posts

How Key Management Systems Protect Against Insider Threats

How Key Management Systems Protect Against Insider Threats intrusion detection security devices

Network security has been a prime focus for manufacturers and attendees alike at this year’s security conferences and trade shows. And the trend shows no signs of abating. Encrypted physical security devices, intrusion detection systems and infrastructure management services are just a few of the solutions presented as ways to help block an external party from accessing an organization’s internal systems.

Many of these solutions can only do so much because, unfortunately, the network openings that allow hackers to gain entry and infect the system overwhelmingly originate from trusted insiders. Regardless of whether the vulnerability was caused by rogue/former employees, unscrupulous contractors who have authorized access or even unintentional security breaches by well-meaning or careless staff, they are often the most costly and dangerous. 

An insider threat deemed accidental is no less damaging however than a malicious (a motive to harm) or negligent (failure to abide by rules) violation. The Information Security Forum (ISF) reports that the vast majority of network openings were created innocently through accidental or inadvertent behavior by insiders without any intention of harming their employer. In fact, Verizon’s Data Breaches Incident Report states that accidental or inadvertent behavior accounted for almost 30 percent of the information security incidents in 2015. This reported statistic is similar to one from Forrester Research that shows the greatest volume of security breaches – 36 percent – come from ignorant or careless user actions that inadvertently cause security breaches.

While there are several options for addressing insider threats, many aspects of the problem can be mitigated with investment in tools such as key management systems that monitor and control the use of facility keys. Keys are held in a tamper-proof cabinet and access to the cabinets and to individual keys is controlled at all times, with every key being accounted for. All access activity is automatically recorded and email or text messages are sent to alert management of irregularities such as overdue keys or when a high security key is accessed.

These and other reporting features of the key inventory system help management in identifying unusual activities that may indicate an insider threat. For instance, the system records when an employee attempts to access a key they are not authorized to use or when a key is returned by an employee other than the employee who took it out. These activities are risk indicators that a key management system can identify and, when combined with data from the various other security and surveillance systems, the information can be analyzed and conclusions drawn so that necessary actions can be taken to prevent future occurrences.

Today’s key control and management systems have also been engineered with advanced technology to help prevent attacks on the system. Open protocols and partner certifications allow integration into broader security systems, including identity management, access control, and visitor control. Managed separately, they create unnecessary extra work for staff and leave open the potential for security vulnerabilities.

Advanced key inventory systems are also engineered with new security features that can protect the system from cyber breaches via the network. With the firewall enabled, all incoming traffic is ignored unless it is on the specific ports the system requires for network and server communication. Further, systems such as Morse Watchman’s key control and management systems are designed so that the data between the KeyWatcher® Touch and the KeyWatcher Touch Server can be encrypted with AES256 technology with a pre-shared key that is definable on a site by site basis. When networked, a firewall and AES256 encryption technology for data exchanged between the cabinet and the server help protect the system and the organization’s assets.

Key control for the enterprise is now safer, easier and better positioned to address insider threats with these advances.

Morse Watchmans Subscribe to our Blog
Tim Purpura
Tim Purpura
VP Global Sales & Marketing

Related Posts

5 Benefits of Key Control For Small Municipalities and Medium Size Cities

Securing smart cities with smart locks might be the next big thing – but what about securing small and mid-sized municipalities and cities that still rely on traditional locks and keys? With so much talk about the use of keyless entry, it seems as though the reliance on physical keys that persists throughout all municipalities has been largely overlooked.

Enforcing Zero Trust Security at Hotels Using Key Control

Hotels play host to priceless experiences: family vacations, million-dollar views, and once-in-a-lifetime adventures. But as every hotel executive knows, it is the assets inside that are even more valuable: people, property, and sense of safety. Protecting hotel assets therefore requires an iron-clad approach to security, also known as zero trust. With the help of key control solutions, hotels can easily begin implementing zero trust security policies that start working on day one.

Filling the Security Gap in Proptech for Property Management

Proptech is one of the biggest trends for security in 2022, according to the Security Industry Association’s 2022 Megatrends Report1. Proptech, or property technology – also known as real estate technology – is technology, software platforms or applications designed for the management, sale and rental of buildings. Within proptech, security technology is a fast-growing segment as building owners and managers seek the best ways to keep tenants, employees and visitors safe and secure.