telling employees "Don't do this" and having the technology deployed in such a way that it allows
them to "Do that" very easily isn't going to work. Especially if "doing that" involves helping people.
Let's go through a sample analysis assuming that employees have identification badges that have
security technology for card access control:
Identify every exit where employees are solely responsible for making decisions that could
allow for tailgating. These will be our initial area of focus
The initial sliding door or revolving door is badge controlled but can allow for more than one
person to enter.
Once inside the main door, install two employee badge controlled turnstiles, one five yards in
front of the other one. They are not side by side, but instead form a line for a single line of
employees to use.
When the first one is activated by a badge, the turnstile allows for one person to enter. The
first turnstile then flashes "wait" until the second turnstile is activated by the same employee
badge that activated the first one. At that point, the second turnstile allows for one person to
exit. Once a given employee's badge has operated the second turnstile, it will be 15 minutes
before it can operate the first turnstile again.
Once the person has exited the second turnstile, the first turnstile will allow another employee
badge immediately, as long as it wasn't the same badge that operated the second one.
Turnstiles are monitored by a security camera
There is a security button by the first turnstile that can be pressed to indicate a security
violation has occurred (e.g., an employee just saw someone hope over both turnstiles).
What have we done in our hypothetical analysis? Well, we've added some inconvenience to
employees with badges, but not really a lot. It may take them a few seconds longer to enter the
building. We haven't achieved the security of Fort Knox – I mean someone can just hop over the
turnstiles, but we weren't trying to deploy the technology of Fort Knox. What we are trying to do is
allow people to be people but use technology in such a way that it helps them make good security
decisions. Given an employee has been educated on the dangers of tailgating, think about what
they would have to do to help someone get in the building without the card access control of an
employee badge working:
"Oh,your badge isn't working? Well I guess you can hop over the turnstiles. I won't tell".
This response is not too plausible a response for someone educated in the dangers of
"Here, let me get you through the first turnstile, then I'll throw you my employee identification
and so you can get through the second turnstile and then I'll wait 15 minutes so I can get in".
This response is not too plausible for any employee.
"Jump on my back and we'll go through together". This response is not likely but it could
depend on who is asking. Luckily there is a security button for other employees to press
when they witness such a violation.
Better yet, let's review what our helpful employee might say to our Headless Horseman coming in
from the rain loaded with cookie trays on Halloween:
"Here, let me take half of these cookies so you can use your badge to get through the
turnstiles. I'll carry the other half and meet you on the other side", says the gelpful employee.
"My badge doesn't work. It got caught it in the car door just this morning. I guess I'll need
to go to the main lobby. Thanks anyway!", says our frustrated headless horseman.
Our hypothetical solution is just that – hypothetical. But, it shows the kind of thought process that
allows technology to be deployed in such a way that helps your security and allows people to be