Report flags risks in physical access systems

Physical access is emerging as one of the most overlooked identity risks in enterprise security, with many organizations treating building entry systems as separate from IT environments, according to Forbes. A new analysis warns that this false divide leaves major blind spots: ex-employees retaining badge access, staff with outdated or inherited permissions, and facilities running on siloed, unvalidated systems. "Governance without validation is just guesswork," the report notes, stressing that most leaders cannot confidently verify whether every badge or access level is correct. The risk scales quickly across large workforces and multiple secure sites, where one misconfigured profile can expose critical areas such as data centers, airports or energy plants. The paper calls for CISOs to treat physical access like operational technology, integrating it into identity governance through unified data collection, correlation with HR and directories, digital twin modeling, and actionable local reports. Without this rigor, experts caution, organizations are effectively leaving physical security to chance.