There's a great new white paper detailing how Microsoft Manage Physical Security across our enourmous estate.
Our enterprise comprises 670 sites with 150,000 active holders of access cards and 20 million physical security events each month. Our physical security arrangements enable our people to work flexibly and efficiently whilst reducing the risk of exposure to an acceptable level.
I remember a really handly trick I learnt during my induction training in Redmond shortly after joining the company back in 2002. Even back then we had wireless networking deployed at many of our facilities around the World. I wanted to access a building that I did not have access to by default. I shocked a colleague by firing up my laptop and granting myself access to the door in a matter of moments. The security theory made perfect sense. I had authenticated to my laptop (to unlock the session) and it in turn had established an authenticated session with the domain and used this to perform the secure key exchange with a nearby wireless access point. My machine was therefore trusted and I had proved my identity to the network. I was in possession of a proximity card and therefore could open doors for areas granted to all full time employees. I connected to an internal website to request access to the additional area and business logic determined that I was authorised for the extra area.