Access control: Meeting new security challenges

New trends are emerging in the access control market and the challenge is to offer seamless user experiences without affecting corporate security levels, writes Vincent Dupart, CEO, STid.

Strategy Analytics predicts the global workforce will have 1.87 billion mobile employees, 42.5% of the total workforce. More mobility brings an increase in physical and digital threats to the IT infrastructure of organisations. Nefarious individuals with physical access to the corporate server room or a workstation connected to the network may infiltrate critical IT systems with disastrous consequences. The entire infrastructure may be taken hostage or made inaccessible, which will impact all business processes and endanger the continuity of the organisation.

The loss or theft of sensitive and confidential data may have serious financial implications and result in damage to company reputation. 90% of companies believe their data is at risk. Securing corporate IT infrastructure and systems should not only be about information security – the physical security of IT facilities and access points to the network should be an integral part of planning.

Obsolete technologies

Many organisations are still using outdated technology. Yesterday’s access control solutions lead to higher maintenance costs and difficulties finding replacements. A bigger concern is that physical badges can easily be copied using equipment readily available online. These flaws impact the integrity and security of data.

With figures suggesting that 72% of the installed base is obsolete – and that 53% will migrate to trusted technologies by 2026 – faced with a growth in attacks and flaws in outdated systems, organisations must increase their level of security quickly.

The importance of an end-to-end security system

All components can be a vulnerability and, therefore, the badge, reader, server and the communications between units must be secure. Industry standards are absolute necessities today to help clients compose their best-of-breed security solutions. Security departments are aware of the importance of choosing trusted technologies that guarantee certified and interoperable security, such as those based on OSDP™ and SSCP® protocols.

Indeed, the Security Industry Association’s (SIA) Open Supervised Device Protocol (OSDP™) standard for access control security has been key to providing a first level of uniform security worldwide.

The SSCP® communication protocol goes even further by guaranteeing the protection and confidentiality of data and allowing a bi-directional exchange between the reader and the security system (allowing, for example, to automate the update of readers from the system or to trigger a precise configuration of the readers following a given event).

Increasing security does not necessarily mean adding operational constraints

The management of physical access cards can be a daily headache. Hand delivering access badges to users, the hassle and security risk of lost badges and the timely revocation of access rights are just a few of the activities taking up a manager’s time. 98% of employees consider access control to be obstructive at times. Considering that we pass through an average of 11 accesses per day, there are many opportunities to reduce friction. Instead of presenting a physical badge to the access control system, users can now present their mobile credentials to the reader just by bringing their phone.

By transferring the access badge to a smartphone for visitors, subcontractors and employees, your organisation will instantly simplify card management. The creation, distribution and revocation of virtual access badges can be executed immediately, at any time, from anywhere. Digital access cards are more effective and flexible for users and managers. New apps allow users to store multiple digital ID cards so they’re always accessible.

The cost of a virtual badge is two to five times less than that of a physical badge. A recent study found that over 50% of the operational costs of physical card management are related to the printing, customization and distribution of cards. With virtual badges, there are no such costs, no more consumables. Instead, your company will benefit from economies of scale and greater operational efficiency, in an “eco-friendly” fashion.

With mobile solutions, the possibilities are endless

New technology adoption can bring fear of operational complexity and more work for an already burdened IT department. While the need for a high security system is obvious, the implementation may seem overwhelming. The modularity of an access control system helps address these concerns.

A modular reader can be adapted to meet future needs: The system can evolve towards the use of QR-codes to facilitate visitor access, use of a smartphone as an access key or an addition of another layer of security by integrating biometrics. Mobile access brings benefits like combining identity management and access to printing solutions, leisure and event subscription solutions.

Vehicle identification is another area that can be expedited with mobile access. Vehicles can be automatically identified by UHF tags and drivers via Bluetooth, allowing vehicle access control to be as seamless and instinctive as the high security identification of individuals. With the smartphone, access can be controlled in real time, ensuring that the vehicle can enter the parking lot and that the driver is fully authorised to do so. However, a need for intuitiveness must not be at the expense of security.

The importance of teamwork

A successful access control project must match your company’s needs and requirements,  from development to implementation. How can this be achieved? It starts with a thorough analysis of access points, the technologies in use, the required security levels and the practical use cases. Only after the needs are clearly defined and a roadmap is created should the project begin.

Then, your organisation can move towards a high security access control system that will successfully mitigate security risks while improving adoption, ease-of-use and overall operational efficiency.

This article was originally published in the November edition of International Security Journal. To read your FREE digital edition, click here.