Research Paper: Physical and Access Control for Startup IT Company AbstractAccess control is an interaction between subject and object that happens in IT industry with a form of the different principal of components which includes Polices, Subject, objects. Generally, any startup IT company plans mostly to secure their operations because they have sensitive and confidential information of their employees and company records on projects they are working. So, we decided to give a brief paper on Physical and Electronic access control for a startup IT company work environment. Physical access control is the key element for securing critical infrastructures in the companies. A company has a multiple building with multiple security characteristics. the area of the facilities and the vast amount of buildings and connectivity between them for manual administrator it is very hard to secure and surveillance the whole center.Electronic access control is not a new technology that was going around the world, but I can say it is highly secured technology in terms of protecting information. Electronic access is providing restricted access to any area or building or organization through electronic remote or door lock containing processor chips these kinds of security will help to stop unknown persons to enter in premises. There are some electronic measures like Biometric access control, cloud-based access control, mobile-based access control all are necessary for Authorized, unauthorized, unknown users. Access controlAccess control is an interaction between subject and object that happens in IT industry with a form of the different principal of components which includes Polices, Subject, objects. Generally, any startup IT company plans mostly to secure their operations because they have sensitive and confidential information of their employees and company records on projects they are working. So, we decided to give a brief paper on Physical and Electronic access control for a startup IT company work environment.There are two types of access controlsPhysical Access Control.Electronic Access Control.Physical access controlPhysical access control is the key element for securing critical infrastructures in the companies. A company has a multiple building with multiple security characteristics. the area of the facilities and the vast amount of buildings and connectivity between them for manual administrator it is very hard to secure and surveillance the whole center. This is not the only factor will affect the manual administrator for access control but the nature of the organization.in the organization there are a lot of employers will work but not every employee works to a particular company for life long he will change from one company to another company and in the organization, some will work as a contractor and some other will share the spaces and resources, this is also very hard to access control.in these process, it requires a dynamic process for access to change frequently. For example power, ventilation, air conditioner, and heating management systems will have to access the space which is highly secured.Types of physical securityAdministrative Access Controlsphysical Access ControlsAdministrative access controlsSite and facility considerationsAll the facilities should have control to protect the physical environment. The main type of defense is to be administrative, technical and physical controls. The less type of defense compared to the main type is employees. The main thing to be considered is to limit the human interaction so that we can avoid from attackers. While considering the site and facility considerations we should jointly to take the suggestions from security and safety personnel. Geographic locations are also the main important part of the facility while considering the site he should take into account like the services near to him train, freeways, airports. we should see the weather conditions near the facility like storms, tornadoes and natural disasters.Securing dataData centers and server rooms that have communication should be away from unauthorized persons. these rooms have to secure by locking rooms from preventing the attacks. All the rooms should be well protected and should have to control to enter into the facility with proper access cards to perform the job duties. If the rooms are maintained like incompatible to the human environment. Then it is hard to attack and even to enter and survive in the room like less lighting, high cold temperatures and with no oxygen in the room and less space to enter into the facility will be hard to proceed for an attacker to perform the tasks. The main part of the data in the data centers should be store in the middle of the center not on the top floor and basement floors it is hard for an intruder to proceed.Physical Access ControlsFacilities should need physical access controls to control, manage and access the controls. categorize of the building should be restricted based on the public and private.in the building there should be different levels for each employee and for each level, the only level of that employee should allow, and all employees shouldn’t allow to all the levels.in these way, we restrict the intruders.Perimeter securityMantraps, gates, fences are the primary source for creating the extra length of security for the facility before accessing the building. Fencing keeps them away and differentiates from the public to private buildings. Gates are used for entry and exit points through a fence they should offer the same amount of security as the fence.so we can protect from unwanted persons to enter. Even the persons who ever entering the facility should have the proper id cards to enter.Motion DetectorsThey are utilized as interruption identification gadgets and work in the mix with caution frameworks. Infrared movement indicators watch changes in infrared light examples. Warmth based movement indicators sense changes in warmth levels. Wave design movement finders utilize ultrasonic or microwave frequencies that screen changes in reflected examples. Capacitance movement finders screen for changes in electrical fields. Photoelectric movement identifiers search for changes in light and are utilized in rooms that have next to zero light.Intrusion alarms These gadgets are entryway and window contacts, glass break identifiers, movement indicators, water sensors. Status changes in the gadgets trigger the caution. In hardwired frameworks, cautions see the adjustments in status by gadget by making a wiring short. Kinds of alerts are obstruction, repellant, and notice. Obstacle alerts endeavor to make it more troublesome for assailants to get the opportunity to significant assets by shutting entryways and enacting locks. Repellant cautions use alarms and brilliant lights in the endeavor to drive assailants off the site. Warning alerts send caution motions through dial-up modems, web access or GSM implies.Weather safetyAn Uninterruptible power supply (UPS) system is used to manage these issues. UPS structures take control in and store it using batteries. The system by then yields immaculate and coordinated power that is major for electronic rigging. Water flooding and spillage can make liberal damage contraptions and anything utilizing power, especially if being utilized. The use of water sensors should be associated with basic equipment zones so water is distinguished. Smoke, end, warmth, and acknowledgment structures ought to be set up to shield specialists from harm.Electronic Access ControlsIn a modern EAC is went far advanced to provide such services like Electronic access control point, Access keys and key fobs, Keypads, card readers and Biometric access controls let us investigate Electronic access control point.Electronic access control point is anything that is secured with electronic programmed it can be seen in places like Main gates, parking areas, Restricted places or at federal areas all can be treated as an Access point.Access keys and key fobs are designed in a way that used mostly in high-risk areas where a person must face security checks like video surveillance with entering keypad number or using the fob. It completely works newly designed RFID Radio Frequency Identification.Keypads, card readers and Biometric access control. Keypads are used inside the building areas particularly access office faculties. Card Readers are not the same as keypads because these were manufactured to store the credentials of an authorized person which is different from one person to another. Biometric is a physical presentation of the person on his eye or palm scanning is needed these are used in entering secured buildings.An IT company must set Electronic access controls to Remote users to log in their office official workstation sites using securely designed personal credentials which will be changed every time the person logins and records location, time of employee according to their country time zones. The company had two types of Access controls NETWORK and STANDALONE ACCESS CONTROLS the Network access control is maintained in a way it holds access of all the doors in office building which is connected to one main computer it is monitored by professional security assistance and the most important feature of this network access control is it can control remote location access too. Standalone access is like working on individual accessing the building areas.Types of Electronic Access ControlBiometric access controlCloud-based access controlMobile access controlLot based access controlCloud-based controlBio-Metric Access Control  In any organization data security or your information must be secure. Because of that, we need to install some access control system. Installing an access control system will help you to maintain security for your organization.  Access controls are different types, physical and electronic. In electronic access control systems, the biometric system is highly secured. Because the designing of a biometric system depending on human body characteristics.            The science of measurement and analysis of biological data is known as biometrics. In this world, we can find anything, except our fingerprints, eye retinas, facial patterns, voice patterns, hand measurements etc. So that we can implement a security system with these, is a high security. Mostly all organizations are using fingerprint security systems. The biometric software converts scanned biological data into digital format. By the scientific definition fingerprints are unique. Fingerprints are varying not only person to person; the same person also has different from finger to finger. Biometric scanning security system is the easiest and fastest way to access and it is very difficult to break.     If any employees join in our organization, it is easy to take his biometric characteristics to give some access to entering some areas or some restricted places and it is easy to give permissions to access data. After setting the feature with gathered data first we can detect and compared with the information stored into the system and then check is it working or not, if it’s working fine, but having any problems need to ask an employee to resubmit the details. If an employee leaves the company it is easy to delete or erase his information on our biometric system. So we are decided to use this biometric system in my organization instead of using a card system for attendance and some door openings and access to use some data for my employees. It is profitability for any organization.                                                                                        The most comfortable way to approach these advanced types of access control is to compare with Google Mail, where your email is put away on the cloud instead of on your PC. The cloud is another approach to state a remote server facilitated by a specialist organization. This gives you the understanding of getting to your messages from any program if you have the right login details.In the access control, the access permissions are not put away on a nearby server, but rather in the cloud. This implies the person can deals the leaves from home, or while during some recreation anyplace, primarily by utilizing a program. This interests to security chiefs accused of directing multi-area offices.Mobile access controlPortable or cell phone get to control takes a shot at same guideline from adaptable email, once an application has been downloaded, clients can access and react to their mail if they enter the right sign-in qualifications. The equivalent is valid for cell phone-based access control.When approved, and the user has downloaded the entrance control application to their cell phones, they’re ready to do a similar thing; to be specific, sign in with their client account, and when their approved keys show up, select which way to open. The distinction with Kisi, for example, is that they hold their telephone to a Bluetooth or Near Field Communications (NFC) per user, and the entryway will open, but the permissions (sign in qualifications) are checked out of sight, much the same as sending an email.IoT based access controlFor this, we turn to the cell phone’s innovation, for instance, to clarify Internet of Things-based (IoT) get to control. If you can picture the pixel telephone as being a standout amongst the greatest sensors with auto-refreshing firmware, Bluetooth energy, NFC, web availability, and so forth., it clarifies what an IoT entryway per user can do. Utilizing Kisi’s IoT way to deal with access control, all the entryway per user are associated with the web and have firmware that can be refreshed whether for security reasons or to include new usefulness.Network Admission Control (NAC)Network admission control, also known as Network Access Control (NAC) granting access to the compliant authorized user to company resources. Physical network admission control specifies the probable placement for wireless access points maintaining maximum signal strength for users inside and minimum signal strength for outside unauthorized user. PNAC is achieved by placing the multiple access points towards the center of the site maintaining least required so that there should minimal signal crossover.Two major elements802.1X protocol – Port-based network access control (PNAC) implementation provides basic access control function on wired and wireless APs. 802.1x access control protocol defines standard authentication control for any user, compliant or non-compliant, trying to access the company’s network or WLAN.NAC – security solution concept that identifies users and devices by controlling access to the network. It includes starting from the placement/location of the APs inside an enterprise and defining policies and authorization for each user.RequirementsThe user should be authenticated authorized user to have access to the enterprise network. Authorization can be checked by the network login and email address comparison with the company’s active directory. The active directory is managed by IT helpdesk and IT operations department. IT operations must provide limited devices access to the network for a single user. It can be a company laptop and a home iPad. A remote user using a home laptop and iPads must go through another security clearance to access company data.The second level of security can be added using RSA SecurID which will ask for password and real-time PIN which can be generated by hard token and software tokens. The user activity monitor can be done using AirWatch application. It will monitor the user device activity in case employee misplace his company’s device. Device login could be restricted if operated outside ours. Complete wipe of data can be implemented in case if device security is breached.AP Placement    FigureSignal distribution from the wireless AP to other segments of the site.AP placement depending on the site is shown in the figure. The intensity of the signal is varied from blue to red; blue being the lowest and yellow being the highest. Signal strength outside the enterprise has blue heat signatures which will restrict unauthorized users outside the premisesSignal strengthFigureDifferent signal strength over different spot location in a single infrastructure.AP Separation and OverlapSignal strength and overlap zone Multiple APs should be positioned such that there should be a minimal crossover signal intersection. The zone x will have fluctuating signal coverage. The APs must be kept distant apart still keeping those towards the center to have maximum coverage with minimal intersection zone.Testing toolsOkla. Speed test – Most popular wireless speed testing tool to check the internet connection and comparing signal strength for the two APs.Heat mapper – Signal strength analysis and mapping using heat signatures.iPerf – Transport layer protocols performance factors, packet loss, throughput, and bandwidth analysis.ConclusionThis research discussed the types of access controls which are used in starting a newly established IT company. The access controls are physical and electronic controls. physical security requires planning to protect the organization assets. These assets are used for collecting data and business administration which performs physical security as a key factor. Administrative, physical and electronic controls properly implemented the company to manage and protect resources. Security measures help to deter, deny, detect and then delay attackers from obtaining resources. Physical controls include perimeter security, motion detectors, and intrusion alarms. Electronic controls include smart cards used for access control and physical security and CC tv systems.Physical security has the responsibility of safeguarding employees in most of the assets to accomplish basic needs like food, water, electricity, and climatic conditions should be available at all times. Employee safety is the priority for physical security in most of the conditions.ReferencesMartin, J. (2018). What is access control? Retrieved from https://www.csoonline.com/article/3251714/authentication/what-is-access-control-5-enforcement-challenges-security-professionals-need-to-know.htmlAgarwal, T. (2014). Access Control and Their Types with Features. Retrieved from https://www.elprocus.com/understanding-about-types-of-access-control-systems/Deutsch, W. (2018, August 04). Introduction to Electronic Access Control. Retrieved from https://www.thebalancesmb.com/introduction-to-electronic-access-control-394578Hutter, D. (2016). Physical Security and Why It Is Important. Retrieved from https://www.sans.org/reading-room/whitepapers/physical/physical-security-important-37120J.Bigelow, S. (2015). Implement access control systems successfully in your organization. Retrieved from Thakkar, D. (2017). Synopsis of a Biometric Access Control System. Retrieved from https://www.bayometric.com/synopsis-of-a-biometric-access-control-system/Thakkar, D. (2017). Synopsis of a Biometric Access Control System. Retrieved from https://www.bayometric.com/synopsis-of-a-biometric-access-control-system/What are electronic access control and its components (n.d.). Retrieved from https://www.getkisi.com/guides/electronic