By Colin Bartram, Director of Technology, Vector Networks (Page 5 of 6)

RFID and the Security Challenge

Immediately we must recognise that locator technology is not a panacea, not a new lock that's going to close the lid on Pandora's box. But it is a significant addition to an arsenal that today includes lockdown technologies, data encryption, port monitoring that detects, validates, and blocks the transfer of data to devices such as USB drives and memory, network perimeter management, content analysis and others. But, frankly, these sophisticated techniques are all fairly useless when someone can walk out with a laptop under their arm.

So, while a determined and savvy internal thief with access to data will be hard to thwart, a key point to take on board is that the current spate of data loss disasters has stemmed not from industrial espionage, but from simple human and organizational errors. This is where a locator technology such as RFID can come to something of a rescue by providing information on the location and movement of tagged assets. RFID is probably the most appropriate technology today, as it provides the following unique mix of characteristics:

  • Intelligence: RFID tags can contain considerable quantities of data and can be re-written.
  • Real-time: Tag movement past a sensor station is captured in real-time.
  • Accuracy and Resilience: RFID tags are less susceptible to damage and corruption than most bar code implementations.
  • Ease of Installation: Sensor stations are very simple to install and connect, in particular for systems using powered – ‘Active’ tag technology.
  • System Integration: Location data can normally be exported from the RFID system.

In a recent report on RFID use in US Government by GCN Research, in cooperation with the Industry Advisory Council's RFID Committee, it was found that among respondents, 63% percent expected to see increased security, 50% to see increased asset visibility, 39% were looking for increased speed of operation, 37% for increased data integrity, 36% were expecting reduced costs of operations and 35% reduced cost of inventory. Clearly, multiple benefits were targeted.

The technology lends itself to obvious additions to just recording passage of an asset past a sensor. Firstly, directional information. As well as detecting that a ‘protected’ machine has been detected at an exit from a ‘protected’ zone, by using two suitably positioned sensor stations it is possible to record the direction of the transition. Second, associations of tagged items. For example, in organizations which have adopted tag-based access control for personnel (a rather particular ‘item’), it is not difficult to define associations of assets and either groups or individuals approved to be carrying that asset, so that alerts can be further refined to identify when a machine is being taken out by someone who does not have authority to do so – such as a visitor bearing a visitor status tag. (Examples of theft by phoney visitors are quoted at the end of these notes.)

RFID vendor Web sites provide many examples and case studies of applications, but before leaving this area, we should just clarify the difference between Active and Passive tag technologies.

Passive RFID systems use tags that are not powered, but have induction loops which generate power when passing close enough to a sensor point. That makes them suitable for protecting retail goods. The tags can be very small. Active tags have embedded batteries, and the tags can actively transmit either in a beacon mode or when triggered by passing a sensor point – typically a doorway. This combination enables location to be determined both by reference to the last detected transition from Zone X into Zone Y, but also by regular confirmation of presence in Zone Y.

Next page: Asset and Data Security: the Nightmare »

« Previous page: The Value of Location Information in IT Operations

« Return to the start

Old content, visit our new web site

You are viewing an old web page, please click here to view our new web site with our latest products and content. If you'd like to continue reading this content, please click here but be advised some details might be out of date.

Software Asset Management

IT Asset Management

IT Service Management

PC Remote Control