Single sign-on specialist Imprivata has added distributed management features and the ability to link network security to physical security systems.
The company claimed this as well as allowing users to log-on in other offices, this will allow network managers to control access according to the user's location.
"Every organisation has two trusted authentication systems – a door badge and a network user name; both are trusted but they don't talk to each other," said Omar Hussein, Imprivata's CEO.
"So we extended the network access system to the physical access system. It can now check if you're badged in as you log in, so if one trusted system denies you, the others will too."
So as well as letting you log on with all your permissions intact while visiting the Manchester office, the system could also stop a hacker logging on with your ID in London because it knows you – or your access card, at least – are actually in Manchester. If each area has its own badge readers, it could even control network access within the building, allowing access to certain systems only in certain rooms for example.
Hussein admitted that it doesn't solve all the problems associated with network access – you will still need to secure your remote access ports with their own security policies, say. But he said that for in-office access control, it is a lot cheaper and simpler to use than alternatives such as deploying converged building and network access systems.
"People's fear of the outside hack is now shifting to fear of the internal risks," he said. "The problem with using the building smartcard [for network access] is the credentials are card-based, so you have to add smartcard readers and a PKI to manage it.
"The thing is to make it affordable and non-intrusive, so people don't have to change what's already working fine. I've heard horror stories of people forcing hospital technicians to use smartcards to log in, for instance, so the technicians cut the card off and leave it in the slot. Security and usability have to go hand in hand - people need to get their jobs done."
Mark Diodati, a senior analyst covering identity and privacy strategies at Burton Group, said that knowing a network user's physical location is important for other reasons too, especially with regulatory compliance and auditing in mind.
"Organisations, particularly those that are large and geographically-dispersed, want to make important security decisions based upon the user's physical location at the time of access, and correlate user activity for intrusion prevention and forensic purposes," he added.
There should be no chance of the network and building security systems affecting each other as there is no direct link between them, Hussien claimed.
"It is only a bridge between systems, and each is as secure or vulnerable as it was before - however, nine times in ten we find building security is much tighter than network security," he said.
Find your next job with computerworld UK jobs