IT Warning: No Badge, No Access

Computerworld - Imagine this scenario: You leave your computer unattended while you're in a meeting, and someone uses it to send e-mail with sexual innuendos to a co-worker. Next thing you know, an HR representative is asking you to do some explaining.
Or what about shared computers in hospitals, call centers or financial services firms with open floor plans? Chances are, users are expected to log off the network every time they walk away from the terminal. That's supposed to thwart unauthorized access to personal or sensitive information.
But that rarely happens.
Instead, users depend on you to baby-sit their security needs. They want you to build and install systems to guard against their own lapses, which, as you know, are the biggest threat to fundamental security policies and procedures. People just don't make the effort, and until something awful happens, you can't even get them to rid their monitors of yellow sticky notes with scribbled passwords. That's why IT security has to include physical systems woven into the daily routine of each employee.
A new and potentially ubiquitous option involves RF-based smart cards linked to fingerprint readers that connect via the USB port. The smart card allows for a security net of your choosing -- from 1 to 10 meters. If you travel outside of that range, the computer locks up. Come back within range, and the screen reverts to the last image. This wireless system relies on a unique personal identifier encrypted into an RF badge.
Coupled with the fingerprint reader -- another IT security watchdog -- this device enables you to determine who has used any computer at any given time. In addition, if more than one person has access to a particular PC, the screen will revert to the image appropriate for each user.
Manufactured by a small St. Louis-based company, Access Denied Systems Inc., these systems are being used at Washington University, also in St. Louis. They are one type of what I predict will be myriad vendor offerings that link physical security and access to IT systems.
It's a good way to take aim at unauthorized access from within an enterprise. That type of system could be especially important in health care and financial services companies, where new government regulations are designed to protect patient and customer confidentiality.
There's no panacea for security threats. Firewalls, software protection and password management schemes are for naught if you've already got a Trojan horse who parks in the company lot.
Pimm Fox is a freelance writer in Santa Barbara, Calif. Contact him at pimmfox@pacbell.net.