When is it ever a good time to upgrade your access control solution? Many organisations follow the policy of ‘if it isn’t broken, don’t fix it’, but this can be a risky situation in a world where technology and threats are changing so rapidly. The use of older, access control systems exposes an organisation, a building, a server room, a computer to the possibility of unauthorised access and the consequences of this. But why should users upgrade?
One of the biggest drivers for updating access control systems is the need for enhanced levels of data privacy. This could come about through the on-boarding of a client that requires high levels of security, new legislation being brought in for specific industries, or even new building tenants. The driver remains the same: data or the building itself is in some way exposed to or at risk and needs added protection. Yesterday’s technology is no longer sufficient for today’s access control and identity management challenges.
In The Access Control Report 2016: Legacy Infrastructure and Motivations for Upgrading, 44% of respondents stated they were planning on upgrading their access control solution. This is a strong indicator that end-users are acknowledging that the risk to organisations is evolving, and the need to protect their physical assets and consequently data assets is important. It would take a security breach that exposed a flaw in the current system for 92% of respondents to consider changing their current access control system, but not beforehand.
On any site at any one time, in addition to regular employees, there are also individuals and groups that have access to various parts of a site for short periods of time. These could be visitors, maintenance teams or contractors. In the report, 75% of respondents have third-party members on site on a regular basis. Integrated visitor management solutions in modern access control systems significantly improve the distribution and use of temporary credentials but also safeguard various parts of the site to unwarranted access. Access control solutions, such as mobile access, make it easier for facilities and securities managers to track who is accessing what parts of the site to ensure nobody is in an area they shouldn’t be.
The continual development in consumer technology has spilled over into the business world with devices now being used for work and in our personal lives. Bring Your Own Device, mobiles and wearables are all common features of today’s office environment. Organisations can utilise this growing level of secure technologies that employees are carrying around with them on a daily basis. Instead of having several key cards or fobs that have a high chance of being left behind, users can now utilise smartphones or smart devices, their closest pieces of technology for secure access control as well. Mobile access control is increasingly coming into the market and the benefits this brings are numerous.
Having mobile credentials that allows for multiple access levels, for instance, saves the users from having multiple access control devices that could lead to confusion or possibly misplacement. The survey also noted that 29% of respondents would like future-proof technology. This can easily be provided through mobile access solutions which grant users modern techniques for access control, but also a single credential for multiple access devices. Utilising smartphones are a very straightforward solution that solves three of the top concerns of employees looking for updated access control.
A new access control solution must be flexible so users don’t just see it as an ‘expensive way of opening doors’. Open Supervised Device Protocol (OSDP) for secure communication between field devices in a physical access control system, has gained increased importance allowing for standardisation, more flexibility and freedom of choice for security managers.
Flexibility also supports multiple applications for managing not only physical access but also logical access applications, like computers and software logins. Additional access control systems, such as secure print management, require an associated card issued to users. This represents a prime opportunity for organisations to consolidate to a single access control device, such as a contactless wearable or smartphone that combines access control with other functions.
By exploiting modern technology, such as mobile devices and wearables, users are afforded the opportunity to simplify their access control devices: one device, with one credential providing access to multiple areas and requirements. It was found that nearly a quarter of respondents wanted to manage multiple credentials across a single device. With mobile access solutions, multiple credentials are rolled into one and stored on one device. The facilities or security manager is capable of controlling access and distributing credentials to those with the right security clearance. Technology such as the latest high frequency access control systems ensure security is independent of hardware and media. This makes it easier for an organisation to support functionality and higher levels of data privacy.
Although, there are clearly several barriers to the adoption of more sophisticated access control systems, organisations are placing increasing importance to safeguard their physical assets as it supports in providing protection to their IT infrastructure as well. This is mainly due to the belief that current systems in place are adequate enough until they are proven to have failed and the fact that a replacement system is perceived to be an unnecessary expense.
Despite the technological advancements, users are still content with cards and fobs, regardless of the lack of sophisticated security and encryption contained in these when compared with mobile access control solutions. The change to a more sophisticated system is likely to come from employees themselves, rather than decision makers.
Existing access control solutions are also easy to upgrade which provide minimal disruption and cost-efficient site retrofits. Facilities and security managers need to question whether it is more expensive to replace an outdated system, or recover from a site or data breach.
By Jaroslav Barton, product marketing director, physical access control, EMEA, HID Global.