- Zero Trust Architecture (ZTA) is reshaping both physical and cyber security, treating every access point — including doors, turnstiles, and gates — as an active verification checkpoint rather than relying on assumed trust.
- Biometric authentication, encompassing fingerprint, iris, facial recognition, vein, and behavioural scanning, has evolved significantly from its 19th-century origins and is now central to modern layered security strategies.
- Layered security combines multiple overlapping safeguards that escalate in sophistication — from speed gates in high-traffic areas through to high-security mantrap portals with dual biometric authentication — to protect facilities such as data centres, telecommunications hubs, and IP repositories.
- Integrating biometric systems within physical security entrances, particularly high-security portals, ensures that only one authorised individual gains entry at a time, preventing tailgating and credential sharing.
- Automated biometric security systems offer cost-efficient, scalable, and continuously updatable 24/7 protection, freeing manned security personnel to be deployed where they are most needed whilst helping organisations meet their legal duty of care obligations.
In today’s highly connected environment, security is evolving beyond a one-time check. Across both cyber and physical domains, organisations are rapidly aligning with Zero Trust Architecture (ZTA) – a model built on continuous verification of identity, credentials, and context, rather than implicit trust at the door.
In this model, doors, turnstiles, and gates become active decision points in a wider security ecosystem – where every movement must be authenticated, not assumed.
Ever since police began using fingerprints to identify individuals more than a 100 years ago, biometrics has played an increasingly important role in establishing identity with certainty.
History has it that Francisca Rojas was the first criminal in the world to be caught and convicted using fingerprint evidence. In June 1892, she murdered her two children in Necochea, Argentina.
After attempting to blame an innocent neighbour, police matched her bloody thumbprint to an impression left at the crime scene, forcing her to confess. She was sentenced to life imprisonment for the crime, committed to improve her chance of marrying her boyfriend, who was known to dislike children.
Fast forward to the future, and biometric tracking – of which fingerprints are just one element – gained major momentum this century, with Australia being an early adopter when we rolled out biometric passports in 2005. These feature an embedded microchip that securely stores a range of each individual’s unique physical and biographical data to verify their identity.
Moving closer to today, consumer tech saw biometrics enter many people’s everyday lives with the introduction of fingerprint scanners on smartphones, followed rapidly by facial recognition on these same devices. (Read Boon Edam’s white paper on facial recognition in access control.)
The security community – of which our global entrance security authority company Boon Edam is part – was quick to extend the value of biometrics far beyond simple fingerprinting and into the realm of what might have been considered science fiction a generation ago.
This evolution is closely aligned with ZTA principles, where identity is no longer verified once and then assumed, but continuously validated as users move through physical and digital environments.
Today, advanced systems can use behavioural traits (such as how we type or walk), while Artificial Intelligence can efficiently bundle together unique biometric sets to confound would-be lawbreakers, saboteurs and thieves of our IP, data, public records and other valuable, personal and private property.
This is where the technology becomes valuable to those charged with the design, building, managing, owning and protecting facilities extending from data centres (ranging from small in-house facilities to hyperscale cloud campuses), telecommunications centres, public records repositories, IP centres and the myriad of places where we store our valuables, digital and physical.
Who needs to know this?
We know we are preaching to the converted when we discuss the following points with people at the forefront of entrance technology and layered security. This savvy group typically includes architects, builders, developers, system designers, security and facility managers, data centre managers, OH&S managers – plus the CEOs, MDs and the Risk Managers of major public and private enterprises who have Statutory Duties of Care to observe, particularly concerning infrastructure and data of national importance, such as the personal, financial and IP data held in dedicated data centres and corporate in-house facilities, both of all sizes.
But such is the pace of emerging risks (affirmed by agencies as diverse as ASIO through to Data Centres Australia) that entrance security protections should be understood by all parties involved in the safety of employees, data centres, digital resources IP, and financial and telecommunications information, as well as physical, logistical and warehousing operations.
After all, there is no point in having the best digital security in the world, if malcontents can walk in, or exploit their position within a company to destroy or take what they need. Data and physical security are the complementary sides of the same coin, after all.
This convergence of cyber and physical risk is exactly why Zero Trust Architecture has become such an important framework: it assumes that no access – digital or physical – should be inherently trusted, even inside the perimeter.
So the information that follows is intended to be relevant to everyone who needs to understand further and how to apply some of the principles of layered security that we practice as a supplier to some of the world’s very biggest technology companies.
Layered security is a strategy we employ globally that uses multiple, overlapping safeguards to protect assets. It graduates protections, starting with higher-traffic areas, where large volumes of people must be monitored and assessed and recorded for access through entrances such as speed gates, which are already deployed throughout Australian business and government agencies.
The degree of protection rises with the exclusivity and information criticality of the asset area being protected, rising from biometrically security-enabled revolving doors through to single-entry “mantrap” portals with multiple physical and biometric safeguards to prevent unauthorised access (including by individuals tailgating authorised individuals and piggybacking on the credentials of people who allow sharing of their individual authorisation).
This layered approach is the physical manifestation of ZTA in the built environment – where each transition point requires renewed verification rather than relying on a single authentication event.
By assuming that any single security control can be bypassed, layered security creates a series of obstacles designed to prevent attacks, detect early activity, and minimise damage.
This progressive layering recognises that conventional access methods can have weaknesses – cards can be stolen, pins or keys can be forgotten.
So, this is where we see integrated biometric authentication systems, which use your biological traits, such as:
- Eyes – retina and iris scanners (which are different technologies, but highly effective)
- Fingerprint readers
- Hand geometry readers
- Vein recognition scanners
- Facial recognition scanners
In the best systems all this scanning and access control needs to be integrated into an overarching highly visible control system. This enables us to use manned security where it is most needed, while cost-efficiently employing access technology to give comprehensive 24/7 coverage. It also enables us to record and extrapolate trends, identifying potential weaknesses before they become a breach.
So how does biometric authentication work in practice?
The system behind the biometric authentication device stores data from all authorised users. In this case, a signature containing your identity, job role, and unique biometrics. Once you have registered, the physical security entrance will read your biometric signature, compare it to the stored version and grant you access. Based upon your job role, the system can grant or deny access to certain areas of a building.
But our worldwide experience – deployed here in Australia – tells us a biometric authentication system alone is not enough. Installed at a swing door, for example, the system does not prevent multiple users going through on one credential.
The biometric authentication system should instead be installed in a suitable physical security entrance, particularly revolving doors, to prevent unauthorised entry effectively. When integrated in our most sophisticated entry system – the high security portal – biometric authentication systems ensure not only that one person gets through at a time, but that it is the right person.
Usually, high security portals have a card/token scanner at the entrance. When the token has been scanned by the access control system, a door will open, allowing you inside the portal. Inside the portal, there will be a biometric reader. This system will individually scan your biometrics, comparing your data to what has been logged on the token read at the first point of access. (Our Circlelock and Circlelock Combi high security portals come with an internal biometric post, which allows mounting of biometric devices).
Advanced security by pairing biometric authentication systems and security
StereoVision is a highly sophisticated overhead piggybacking detection system that uses a combination of optical and near-infrared sensors to recognise shapes, size, and volume in three dimensions without impact from lighting or reflections
A biometric device provides the biggest benefit when it is integrated with a security portal. This unique security entrance has been trusted to protect data centres and other sensitive locations across the globe. Here is how a high security portal works with biometrics:
- A user presents a credential outside the portal. This could be an access card or biological trait.
- Once inside the portal, an overhead sensor system verifies that the person inside is alone.
- After the first door closes, an internal biometric device verifies that the person who presented their credential outside the portal is the same person inside the portal now.
- Once confirmation is granted, the second set of doors open to allow the user into the secure area.
Why is this method of dual authentication so effective?
Our US Boon Edam biometrics authority colleague Kurt Measom, Vice President of Technology and Product Support, asks us to imagine this in-service scenario, relating to workplace safety in this instance:
An employee’s husband decides to drive to your facility where he is determined to confront one of his wife’s colleagues. With his wife’s access badge in hand, he steps up to the portal, presents her credentials, and enters the door.
The portal verifies that he is alone. But an interior biometric device here is the difference between this unauthorised person getting to his wife’s colleague, and not. How does it work?
The biometric device is capable of detecting two things in this scenario: (1) the husband is not enrolled in the biometric system and (2) even if he was enrolled, his biometrics do not match the on-file biometrics of the badge owner.
In short, it is much harder for the husband to borrow his wife’s eyes, fingerprint, face, etc. to gain access to the building. The same holds true across the spectrum of people wanting to gain access for inappropriate and nefarious reasons.
Broader medium-security uses of biometric entrance solutions
Biometric authentication is not only reserved for the highest levels of security. Using biometrics in access control also has advantages in medium-security areas, such as speed gate authorisation areas. Users may accidentally forget their password or card, but they will never forget their fingerprints.
Biometrics cannot easily be recreated or compromised, and biometric devices often offer fast operation that do not hinder throughput levels. That makes them an ideal identifier to use in speed gates, which can be placed in the reception area, for example, offering fast, convenient and secure access to the rest of the building where layered security permits them to go.
Conveniently there are various ways to integrate biometric authentication systems with speed gates. They include custom pedestals, top-mounted and interior-mounted.
Conveniently, there are various ways to integrate biometric authentication systems with speed gates. They include custom pedestals, top-mounted and interior-mounted.
The bottom line
Advanced biometrics are increasingly essential in access control applications.
These versatile products should be designed to integrate with a broad range of third-party biometric technology, rather than one-type-fits-all, because installation needs vary immensely across application types.
These touchless, frictionless, advanced biometrics must be supported long-term by the organisation supplying them, as we do, because the ideal system is scaleable and updateable, responding to changing needs. Such qualities are integral to the automated, integrated and layered security approach required by organisations with significant assets to protect.
And the systems must be cost-efficient. It would take armies of manned security positions, and limitless budgets, to even try to provide 24/7 security, failsafe monitoring and traffic flow accuracy such systems can offer. A beauty of the automated element of a security system is that it cost-efficiently frees up the valuable manned security element to be used when and where it is most effective.
So meeting our legal Duty of Care for security and employee safety must be met in a cost-efficient and highly effective way, both in new builds and in retrofits. And the profound issues of financial loss and reputational risk occurring through potential breaches can be more fully and properly satisfied.
About the Author
*Mike Fisher is Managing Director of Boon Edam Australia, which is part of the privately owned international Royal Boon Edam group, which provides architectural revolving door and layered security solutions to some of the world’s largest companies, Fortune 500 companies, and companies in Australia, New Zealand, and Papua New Guinea including financial, data and telecommunications, Federal and State Government, hospitality, health and age care, logistics, retail, and distribution facilities. Boon Edam Australia operates under Master security licence number: 000104487.
About us:
About Royal Boon Edam
With work environments becoming increasingly global and dynamic, smart, safe entry has become the centre of activity in and around many buildings. Royal Boon Edam is a global market leader in reliable entry solutions. Headquartered in the Netherlands, with 150 years of experience in engineering quality, we have gained extensive expertise in managing the transit of people through office buildings, airports, healthcare facilities, hotels, and many other types of buildings. We are focussed on providing an optimal, sustainable experience for our clients and their clients. By working together with you, our client, we help determine the exact requirements for the entry point in and around your building.
Contact details:
Jack Mallen-Cooper
Managing Director
Mallen-Cooper Whyte
(02) 9901 4306
[email protected]
