Designing for Converged Access
The importance of unifying identity data across physical and digital landscapes
Organizations today manage access in two very different domains: physical spaces (buildings, offices, secure areas) and digital environments (applications, systems, data). Historically, these have evolved separately, using different technologies, teams, and policies.
That separation is increasingly becoming a problem.
The Challenge of Fragmented Access
When physical and digital access are handled in silos, organizations struggle with:
Inconsistent policies across systems
Gaps in security, especially during onboarding and offboarding
Limited visibility into who has access to what
Operational inefficiencies from duplicated processes
For example, an employee may lose system access immediately after leaving—but still retain access to a building. These disconnects introduce risk and complexity.
A Shift Toward Unified Access
To address this, organizations are moving toward a unified design model, where identity becomes the central control point for all types of access.
In this approach:
A single identity governs access to both physical and digital resources
Policies are applied consistently across environments
Access decisions are centralized and context-aware
This represents a shift from system-centric security to identity-centric security.
As organizations continue to digitize and expand, managing access in silos is no longer sustainable. A unified, identity-centric approach provides stronger security, better efficiency, and a more seamless user experience—bringing together the physical and digital worlds under a single access strategy.
I wrote about this concept in more detail in a recent analyst opinion piece written for HID.
About The Author
Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut — a specialist research and advisory firm based out of the UK. He is author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.