From a disgruntled former employee in Multnomah County, Oregon exploiting a county-issued laptop to expose the sensitive data of over 1,100 health centre customers, to social engineering tactics used to bypass building security — hybrid attacks that move between the physical and cyber domains are a growing reality for public agencies. Incremental improvements to legacy systems are no longer enough.
In Part Two of his series for GovLoop, our Director of Product, Pete Akeley, outlines how a Visitor Management 2.0 framework helps public agencies close the gaps that invite these blended threats. Akeley details how consolidating visitor identity, access control, compliance checks, and data protection within a single integrated system can dramatically reduce vulnerabilities — replacing manual logs, siloed processes, and fragmented policies with a unified platform that manages the entire visitor lifecycle.
Key to this approach is moving identity verification upstream — starting background checks and pre-clearance at the first point of contact rather than at the front door — alongside pinpoint access control that unifies physical and digital identity systems. The result is not only stronger security and continuous compliance, but a smoother, frictionless visitor experience that reflects positively on the agency.
- Unified Security & Compliance Foundation: Centralise policies, procedures, and technology across physical and cyber domains into one digital system, eliminating the gaps and loopholes that invite hybrid attacks.
-
- A Single Source of Truth: Replace manual logs and siloed systems with a single data reservoir that gives security and compliance teams instant access to digital records across the entire visitor lifecycle.
-
- Intelligent Identity Verification, In Advance: Move screening upstream to the first point of contact — scanning IDs, cross-referencing watchlists, and collecting declarations before visitors ever arrive on site.
-
- Pinpoint Access Control: Unify physical access (PACS) and digital access (IAM) with real-time anomaly detection that flags and responds to unauthorised activity throughout a visitor's stay.
-
- Securing Sensitive Data: Protect PII with end-to-end encryption, meet GDPR and CCPA requirements, and support Self-Sovereign Identity (SSI) to minimise data liability.
Originally published in GovLoop. This is part two of a two-part series.