Physical Entry
Description
Secure areas shall be protected by appropriate entry controls and access points.
⚠️ Risk Impact
Physical access defeats most logical controls. Unauthorised persons in secure areas can extract credentials, plant persistent access, or directly access data — invisible to every IAM and EDR control.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as medium-severity findings with remediation guidance.
🔧 Remediation
Badge access to secure areas. Visitor management with sign-in + escort. CCTV monitoring. Tailgating awareness in security training. Secure-area access logged.
💀 Real-World Attack Scenario
A contractor tailgated into a secure data-handling area, plugged in a USB Rubber Ducky on an unlocked workstation, and extracted cached cloud credentials. The credentials were used for cryptocurrency mining for 2 weeks. Physical access bypassed every digital control.
💰 Cost of Non-Compliance
Physical-access breaches: avg $4.2M (IBM 2024). Lower frequency than network attacks but higher per-incident cost.
📋 Audit Questions
- 1.What badge controls protect secure areas?
- 2.Visitor management procedure?
- 3.CCTV coverage?
- 4.Are secure-area accesses logged?
🎯 MITRE ATT&CK Mapping
⚡ Common Pitfalls
- ⛔Tailgating culture defeats badge controls
- ⛔Visitor sign-in but no escort policy
- ⛔CCTV cameras present but footage not retained or reviewed
📈 Business Value
Physical controls close attack vectors invisible to digital defenses.
⏱️ Effort Estimate
8-16 hours facility walkthrough + policy
EchelonGraph monitors badge-access logs (via integration with physical access systems)
🔗 Cross-Framework References
Automate ISO 27001 A.7.2 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →