Access control has changed markedly in recent years. No longer is it just a way to prevent entry to a building by unauthorised people. As the technology has evolved, it’s playing a far greater role to enhance the operational functioning of buildings so that they’re smarter, greener and more efficient.

A key enabler is the option to transition away from using physical plastic access cards – which utilise RFID technology – to smartphone-based solutions, along with wearables like smart watches. These then leverage virtual credential technology connecting to mobile-enabled door readers to allow people to enter.

All iOS or Android devices are supported, with cloud-based software used to manage the licensing, virtual credentials, access rights, validating or revoking of IDs and dealing with visitors or contractors.

Products that are interoperable and support industry standards are available so commercial real estate (CRE) owners can create an ecosystem of solutions, whilst avoiding vendor lock-in. Deploying mobile access is easy and security maximised as the latest encryption, communications and authentication standards are used.

Mobile has other advantages. People look after their expensive smartphones compared with plastic access cards; research shows a whopping 17% are lost or mislaid every year, creating a huge security risk. If a device is lost, the digital credential can be wirelessly and quickly disabled. Mobile is obviously better for the planet as digital credentials mean PVC cards don’t have to be made, avoiding creation of waste and carbon emissions. This enhances a building owner’s sustainability initiatives and Environmental, Social and Governance (ESG) Index scores.

Many CRE owners today include workplace experience apps as part of services offered. When mobile access is integrated, it makes access control an essential component, driving up app traffic and helping CRE owners boost their net operating income. Happier tenants mean less churn, resulting in greater longer-term revenue generation.

An exciting development with mobile access control is the forthcoming availability of solutions with built-in ‘identity positioning’. This provides real-time information about how people are using the building – based on data about where they are provided by their phones. No personal and private data is collected. Rather, information is anonymised and grouped to provide an overall picture about trends like space utilisation, occupancy and so on.

It moves access control from just being a security solution to one that’s far more important. For example, by providing real-time data to an appropriate heating, ventilation or air-conditioning (HVAC) system, the temperature could be reduced automatically if a group of 20 people gather in a meeting room. Similarly, workplace app developers could take ‘staff location’ to augment the solutions they provide.

Mobile access solutions are evolving to help CRE owners differentiate their buildings, add tenant value and make their operations ever more efficient. Not only that, but they’re cost- effective and quick to install.

www.hidglobal.com

The post Access Control goes mobile and smarter appeared first on City Security Magazine.

A team of global sales leaders had a round table about the latest trends in access control and the accompanying best practice. Their discussion is summarised here:

Pat Alvaro (Canada), Bill Barbagiannakos (Australia), Jacky Chow (Asia), Shaun Gardner (New Zealand), Jon Jorundsson (EMEA), and John King (USA) from manufacturer ICT came together to share ideas and discuss the direction that security and access control is heading.

Despite their geographical differences, the conversation highlighted many similarities, including the three main trends we’ll explore in this article: open integration, device security and smart credentials.

Open integration

Interoperability is on people’s minds when they’re choosing an access control system. By making integration simple and seamless, installers and end-users alike can get a complete picture of their site security.

While uptake on integrations has been slower across Asia, Jon Jorundsson says, “Being able to integrate access control solutions is quickly becoming best practice in Europe.”

That may be why integrations are also gaining traction in New Zealand and Australia. Bill Barbagiannakos comments that, “The move to a one-card solution with DESFire (the global open standard for securing credentials on contactless cards) has been a game changer. It creates a simple solution for shared buildings or takeovers. People can now have one card that is able to be read by multiple readers – including hardwired, wireless, third-party, and legacy models. There’s no need to carry multiple cards, which means less friction for users.”

In tandem with a move to wireless locks, Shaun Gardner says that he’s also seeing interest in a shift to other wireless devices and alarm systems.

Securing devices

More attention is being paid to the integrity of the security systems. What level of encryption do the devices use, if they have any at all? Wiegand technology (a standard technology protocol used in wiring for card readers and sensors) may have been state of the art in the 1980s but it’s unable to meet modern security demands due to its particularly vulnerable nature. As more people become aware of the flaws, best practice for what protocols readers use has changed.

One solution to improve security is the encryption and interoperability provided by the Open Supervised Device Protocol (OSDP). While regions like Europe and Australia now see OSDP becoming commonplace, John King explains why it’s a different situation in America. “It’s a slow progression,” he says. “Many people will use the existing wiring when taking over projects, which can leave sites open to security risks.”

Pat Alvaro recommends that sites “Move away from Wiegand and onto encrypted RS-485 connections: both OSDP and RS-485 protocols use the highest encryption standards. These methods provide the best level of security, as well as better programming flexibility when utilising ICT multi-technology readers, as parameters can be set for the reader, such as having the LED lights flash yellow when the site is in lockdown.”

Smarter Credentials

More people are thinking about how secure their access credentials are. Easily hacked and cloned, proximity cards are no longer the credential of choice as the benefits of MIFARE DESFire technology become clearer. While across the world, mobile credentials are quickly catching on due to ease of use and inherent risk mitigation. A lost phone is noticed more quickly than a lost card.

Pat Alvaro says, “Previously, the biggest barrier was price and performance, but as technology has matured and refined, prox cards and mechanical lock and keys are going out the window.” He says this is especially true for residential buildings across Canada.

 “Property managers see the benefits of not having to manage several different keys or needing to rekey the entire building every time a tenant fails to bring theirs back. Smart credentials like DESFire or mobile can save property managers time and money, while also ensuring only authorised tenants and visitors have access to the building.”

Shaun Gardner commented on multi-factor authentication (MFA) and how this can be built in to mobile credentials. “Not only do most smartphones require a biometric or passcode to open them, the best access control apps are additionally secured using MFA, with a PIN needed to enter the app and shake to unlock or pattern drawing to send the credential to the reader.”

Across Asia, Jacky Chow says, “Biometric and face recognition systems continue to be best practice for high-security sites. While biometric credential use has waned recently due to COVID-19, for high-security areas they’re still the credential of choice as they can’t be lost or cloned.”

These trends have come from thinking about customer needs and their future requirements. While we can’t predict exactly where security is headed, by understanding trends and having discussions such as this, we can ensure we keep working to future-proof security solutions for all users. And by educating them on best practices, we can help customers move towards a more robust, integrated security solution.

ICT

www.ict.co

See more articles on Access Control Technology in our Security Technology category.

The post Access control technology experts share the latest global trends appeared first on City Security Magazine.

For physical security, technology has played a key role in industry advances – from keys through to electronic access control. Today, technology continues to make us safer with the increasing accessibility of video surveillance, and continuing growth of building and home automation thanks to connected smart devices.

One example of technology in security is a technique called door interlocking. At face value, it may not seem as impressive as more visible types of security, but for me, it is a perfect example of using technology to make separate parts more valuable by using them together in a unified manner.

Door interlocks are also known as mantraps or sally ports, and have traditionally been used to help secure premises like prisons or zoos. They keep people or animals inside, while still providing safe access for authorised people. It ensures that only one door in the group can be opened at any one time, preventing a completely free path between the hazardous and safe sides.

Using technology, you can extend the usefulness and functionality of door interlocking. No longer do you need separate systems to control interlocks and building access control. With a unified platform, access control, intruder detection, and building automation can all be integrated so you only need one system for programming and reporting.

Cleanrooms benefit from unified tech

An increasingly popular use for door interlocking is in cleanrooms, where the likes of pharmaceutical and electronics manufacturing require a controlled environment and an elevated level of cleanliness. With the help of security tech which stops two doors being open simultaneously, it moves the deployment from simple containment to a multi-functional system that is increasingly safe, automated, and accountable.

Cleanrooms use either negative or positive air pressure to keep hazards in or external pollutants out. Traditionally the HVAC which controls these facilities would be a separate system to the access control platform. But, by integrating door interlock features with building automation, you can trigger the necessary decontamination protocol before releasing the interlock.

Your system makes sure that the pressure and temperature levels are correct, then automatically triggers an air-shower and checks the environment is suitable before unlocking a door or pass-through cabinet.

Control chain of command with dual custody

Door interlocking doesn’t just have to be about controlling the movement of people. Using dual custody, it’s also possible to control and monitor the flow of objects through a building, adding extra levels of security, whilst reducing the risks associated with sensitive environments.

We’re all used to people being users in a security sense – each with their own credential to identify and authenticate them. With dual custody, an inanimate object, such as materials required for production, can be treated in the same way. After a person badges to identify themselves, a credential travelling with the goods is also badged so a log is created of who and what went into the interlock and reporting can show a chain of custody of the materials, and the environmental elements that were present at the time.

Tick all the boxes with compliance types

In addition to integrated interlocks and dual custody technology, technology can help provide an additional level of support with compliance types. Not only can you control access based on access levels, but you can also use compliance types to ensure the person trying to enter a restricted area has the appropriate current training and certification.

As well as restricting access to those that are certified, you also gain an extra layer of reporting to show that the cleanroom was always in compliance. The system can also trigger on-screen events as reminders of certifications that will be expiring soon. And of course, if a certification or training lapses, then the user will be denied access.

In addition to compliance types, there are many other examples of how technology can also add additional features to a security solution. These include anti-passback to prevent tailgating, area counting to limit the number of people in an area, and loiter areas, which allow users to transit through an area but prevents them from remaining too long. You could also deploy dual authentication where two authorised users must supply credentials to gain access, or two-factor-authentication so a user must use a combination of physical and biometric credentials, or a PIN.

Integrated technology supporting security

As you can see, by using currently available technology in a smart manner, and harnessing the power of a fully unified platform, you can bring together many elements of security. Integrating access control and building automation to provide solutions like door interlocking mean you can continue to protect people and keep businesses safe day after day.

Jon Jorundsson

Director of Sales (EMEA)

ICT

www.ict.co

Read more articles on Security Technology

Read more articles on Access Control

The post Door interlocking – how to extend the usefulness of security measures appeared first on City Security Magazine.

Andrew Bull from HID Global explores the implications of GDPR on physical access control systems and how advanced physical identity and access management (PIAM) solutions can help.

GDPR now harmonises data privacy

Beginning 25 May, companies doing business in the European Union are required to comply with the new General Data Protection Regulation (GDPR) standards. This initiative will standardise and harmonise the fragmented data privacy across the European Economic Area to ensure that individuals’ rights are protected in today’s digital world.

GDPR’s primary purpose is to ensure that all organisations operating in Europe obtain consent from individuals to capture and store identity information and remove that information from servers if it is no longer needed. The regulation also sets higher standards for consent, which must be freely given based on clear, easily available information about what an individual is agreeing to. Organisations must also make it as easy for someone to withdraw consent, as it is to provide it.

Implications for physical access control systems

For security teams, this means they must ensure that consent is recorded for all individuals whose information they are storing and managing across all physical access control systems (PACS) and that any personal information is centrally tracked and controlled on all servers for all EU citizens, no matter where in the world that server resides. All information must be auditable and individuals’ personal information must be removed from the relevant PACS servers if they no longer require access or if their authorisation and/or privileges are no longer valid. This means that an EU citizen added to a PACS must be tracked and removed once that entry is no longer relevant, or upon the citizen’s request.

The good news is that organisations will now have a single regulation rather than multiple standards in different regions to comply with, which should significantly decrease compliance costs while improving public perception of data privacy and individual rights.

The bad news is that for many organisations, compliance with GDPR will be challenging, and the complicated and inefficient manual administrative processes often employed to transform policies into practice do nothing to ease the burden. In fact, they are actually more likely to hinder these efforts, which rely heavily on gathering information from a variety of stakeholders – a far less than ideal combination.

Bridging the gap with physical identity and access management (PIAM)

However, there is help available for security departments. Advanced physical identity and access management (PIAM) solutions bridge the gap between policy and process by employing policy-based automation, deep systems integration and strong auditing capabilities to help organisations comply with the main requirements of GDPR more effectively and efficiently, enabling them to do business without fear of incurring fines or other penalties.

Automation to streamline processes

As previously mentioned, the process of implementing GDPR requirements across PACS often relies on the human element in the form of incredibly time-consuming and error-prone manual processes. PIAM solutions remove these impediments by applying policy- and rules-based automation to streamline all processes, from identity enrollment through to the auditing necessary to demonstrate compliance.

PIAM tracks all of the places information has been propagated, making audit and deletion a straightforward process.

Pseudonymisation to protect personal data

One of the benefits of PIAM embraced by GDPR (recital 28) is the ability to use pseudonyms to easily obscure individuals’ personal data, which can go a long way toward easing compliance. With PIAM solutions, organisations can replace first and last names with a unique ID within identity records. Rather than transmit personal data to PACS systems, this anonymous information is then sent from the PIAM solution rather than individual names and other details. This tactic is not only mentioned in the GDPR regulations but is encouraged – and it is something that would be difficult, if not impossible, to do using the PACS alone.

Why is this important? Because organisations are required to report any breach of personal data to individuals within 72 hours of the incident or face fines. However, this requirement only applies to personal information and is waived if the breached data has been anonymised. Therefore, employing pseudonymisation can substantially limit not only risk, but also liability.

Given its power to aid in meeting the requirements of GDPR, the importance of automation cannot be understated, as it serves as the foundation upon which the vast majority of PIAM’s other capabilities are built.

Self-Service enrollment in a physical access control system

In addition to improving security, properly enrolling employees, contractors, visitors and others in a PACS also plays a key role in GDPR compliance. However, there are often delays throughout the process between the initial request and final approval of access privileges – delays that cost productivity and money, while also compromising security. PIAM solutions allow an organisation to create a self-service enrollment process that streamlines the onboarding process.

The self-service function can also be used to meet the consent and purpose mandates of GDPR. During the enrollment process, employees, contractors, visitors and other third parties can be given access to their own profiles where they can view what personal information is being collected for what reason and how that information will be used, and then record each individual’s consent. Capturing this important data at the time of registration or request for access privileges eliminates multiple potentially costly and time-consuming tasks from the GDPR compliance process.

Additionally, a self-service portal can also be used to permit individuals to review data collection and usage policies, and give them a portal to revoke consent to have their information stored and used for access control and other purposes, at which time the system will automatically erase any and all data related to an individual – addressing another important GDPR requirement.

Systems Integration with other security systems

One of the biggest strengths of PIAM solutions is the ability to tie multiple disparate systems together easily to allow information to be aggregated. This encompasses access control, visitor management and other security systems as well as non-security systems like human resources, time and attendance and others. The PIAM solution can serve as the hub for all of these systems, giving organisations a single source for management.

From a security standpoint, the ability to aggregate, sort and analyse data from these disparate systems can prove beneficial in identifying potential behavioural and other patterns that may indicate a potential threat.

There are also numerous operational benefits, including efficiency and cost savings. If manually entering data into a single system is time-consuming and error-prone, imagine the potential headaches of having to do it for multiple systems. By eliminating this need, PIAM enables greater efficiency and decreases or eliminates the potential for human error. Because the same challenges also apply to tracking and removing data, this capability makes it easier for an organisation to ensure GDPR compliance.

Today, an individual’s data is typically stored across multiple systems within the security and/or operational ecosystem. This can become problematic when it is necessary to delete an individual’s information, since simply removing it from a single system does not meet the standard established under GDPR. With PIAM, an organisation can simply remove the data in question from a single solution and know that it will automatically be removed from all integrated systems simultaneously, satisfying requirements for compliance.

Auditing is easier

As with any regulation, demonstrating compliance with GDPR is vital and must be done regularly to avoid penalties. This can be a daunting task that requires demanding and thorough auditing and reporting. Unfortunately, these critical tasks are often performed using costly, time-consuming and error-prone manual processes. However, non-compliance is not an option, as the potential cost and penalties are even more daunting.

PIAM reduces this strain on an organisation’s resources by employing automation that enables efficient auditing of systems and locations, along with the robust reporting capabilities needed to demonstrate compliance. For example, when user consent is recorded or when individual data is automatically deleted from PACS and all other integrated systems when requested in accordance with GDPR, that action is stored within the system. Rather than rely on people to collect and report this information, PIAM allows organisations to generate compliance reports with the click of a button – significantly reducing regulatory reporting costs. This function can also be programmed to be performed at regular intervals to ensure timely reporting and compliance.

In our connected world, privacy has taken on increased significance for everyone, and as a result, governments are enacting regulations and policies to protect individuals’ most valuable commodity – their identity. As GDPR takes effect, organisations wishing to do business in Europe must be actively working to put the policies and practices in place to ensure compliance with this new regulation. This will no doubt be challenging, but advanced PIAM solutions replace the manual processes often used to perform the tasks required under GDPR with automation, strong integration and thorough auditing capabilities.

Organisations can deploy PIAM to effectively and efficiently ensure compliance with the main requirements of GDPR and avoid staggering and potentially catastrophic penalties.

Andrew Bull

Regional Sales Director – UK, HID Global, IAM Solutions

www.hidglobal.com

The post How PIAM can reduce GDPR compliance complexity appeared first on City Security Magazine.

Identity and Access Management enables the right individuals to access the right resources at the right times and for the right reasons across a company’s IT infrastructure.

Why it is really new

This technology pulls together, for example, the IT security and Access Control credentials, by ensuring the appropriate access to resources across an increasingly assorted number of technology environments that also meet the increasingly rigorous compliance requirements.

What benefits it brings

Essentially, this is about access management allowing employers to link, for example, an employee’s access card (other credentials) and their computer terminal. An employer cannot log into their terminal unless they have used their credentials to enter the room. Likewise, once the “IT System” realises that the employee has left a room, then the terminal they were logged into will automatically log out (if not already done).

Identity and Access Management also introduces a much more efficient use of the credentials across an IT system where the creation, deletion or modification of a user’s identity can be administered centrally, influencing each component of a federated system. As an example, when a new employee joins a company, identity and access management will enable the administrator to add their credentials only once instead of on each individual system, bringing greater efficiency and accuracy.

Peter Ainsworth, Director, EMEA Marketing, Tyco Security Products

The post Identity and Access Management (IAM) brings greater efficiency appeared first on City Security Magazine.

Access control is the way in which we allow (or prevent) access to a place or other resource. Just as human beings have always had a fundamental need for shelter and to protect their physical environment, organisations have always needed a way to mitigate risk, keep their assets safe and control who can enter their property.

Of course, access control (or AC as it’s known) has come a long way from prehistoric man lighting fires at the front of a cave to keep out those trying to steal his flints. Today, we talk about two main types of AC – physical and electronic.

Physical access control uses locks, doors, barriers and other equipment to facilitate or deny entry. Electronic access control allows or prevents access to a building or other private area by using IT to facilitate selective access. We usually talk about access control as a system or solution, because today’s electronic AC does more than just guard an entry point  – it commonly also allows for ongoing monitoring of personnel and their movements, and can be integrated with other third party security and building management systems.

Users of electronic access control include offices, residential units, and retailers, as well as schools, universities, hospitals, local authorities and even museums and libraries. Electronic access control systems range from a simple card reader to extremely complex software that can control multi-tenanted buildings, or protect an international estate.

Benefits

Access control has very real benefits for most businesses across the globe; and it is a cost-effective solution to security issues for most. Cost savings range from having to employ fewer security staff, through to smart energy saving systems that, for example, turn off lighting and heating once all personnel have left an area of the building.

Specialist security companies are continually investing in making AC even more sophisticated – leading systems can also act as virtual human resources departments, and can even enforce Health & Safety policy or input into corporate social responsibility programmes.

Security providers have also taken on board the increasingly global nature of commercial and service business – by designing systems that can seamlessly integrate across different territories. Innovations include browser/cloud-based solutions which administrators can control and access from anywhere around the world, without needing to involve organisations’ IT departments. Leading AC systems are also multilingual and can dynamically switch to each individual user’s first language – and the most sophisticated can also be programmed to work across different time zones.

The ability to switch between time zones has benefitted Cambridge Consultants, who needed to control access to two high security research labs – one in Cambridge, UK and the other in Boston, Massachusetts. The browser- based system they purchased is sophisticated enough to be controlled remotely from either office, and the comprehensive reporting tools ensure that access authorisation and monitoring can take place in real time on both sides of the Atlantic.

Access control systems can also integrate smoothly with third party databases. This allows global businesses with centralised HR departments to co-ordinate training and health and safety across their estate. For example, a UK-based business may have an outsourced HR team in Hong Kong, and a distribution centre in Timbuktu, Mali. When a forklift truck driver in Timbuktu swipes his card at the start of his shift, it alerts the HR team in Hong Kong to the fact that in Mali statutory training is needed every three years to renew a forklift licence and that the driver’s next training session is due imminently. The access control system automatically alerts Human Resources that training for that driver should be booked immediately, and informs the driver that his training session has been processed – with no loss of business continuity.

Choosing a provider

While most businesses and employers are convinced of the benefits of electronic security, the process of choosing a provider and a suitable access control solution can be daunting. Smaller businesses need to be certain that electronic AC can offer more benefits than employing a security guard, while larger businesses need to think carefully about choosing their security partner – to ensure that they work with someone who really understands their particular security issues and can develop a bespoke system that best meets their needs now and in the future.

Items to discuss with potential providers include:

• Future proofing – how will the system evolve as needs develop in the future?
• Ease of installation – will an IT department / consultant need to be involved? Will AC integrate with fire and other security systems? Can existing cabling/Ethernet be used to reduce installation time and costs?
• Ease of use – can it be accessed/managed remotely? Is it intuitive to use? Will it take up valuable personnel time?
• Reassurance – Does the provider hold any external verification, such as NSI [National Security Inspectorate] or SSAIB [Security Systems & Alarms Inspection Board]? Is comprehensive after-sales support available?

Reputable and innovative electronic security companies can ultimately find a solution to any access control need. AC can benefit most businesses; from a new business start-up in China with just two members of staff, to a multi-national retailer who needs to control both shop floor and back office staff via one easy to use browser-based system. When it comes to protecting an organisation’s premises – the sky’s the limit.

Andy Rainforth Sales & Marketing Director

Grosvenor Technology

www.grosvenortechnology.com

The post Access Control brings global benefits appeared first on City Security Magazine.