3 Reasons to Adopt Mobile Credentials

By J. Matthew Ladd, The Protection Bureau

Over the past four years, the adoption of mobile credentials for access control has increased significantly, and is expected to account for 20% of all credentials by 2020. While it will be some time before mobile credentials replace the tried and true plastic card completely, the industry is beginning to embrace this new technology and implement it in a way that provides more secure data exchanges in the long run. In an industry where old habits die hard, it is important to examine the advantages of all possible solutions and decide what is best for you.

  • 1) Mobile credentials are less likely to get lost
    The largest security risk, as it relates to access control, is if a credential gets into the wrong hands. There is no easy way to identify when this happens, or even to track where the credential ends up. By the time a user realizes their credential is missing and reports it, it could have already been used to access secure areas. If this card is replaced with a mobile credential, the likelihood of it going missing decreases significantly. There are few daily tasks that can be completed without a cell phone. From tracking calendars, taking conference calls and checking emails on the go, a busy professional is never without their mobile device, and if they are, they typically know where they left it. The same cannot be said for a credential card. People could leave it on their desk, in their car or at home without a second thought. Try hiding someone’s cell phone versus their credential card and see which one they notice is missing first.
  • 2) Mobile credentials offer more than traditional credentials – and are more convenient
    While mobile credentials get you in the door, they have the power to accomplish so much more. Already, mobile devices have multifactor authentication built into them, with fingerprints, pins and facial recognition technology. If an access control system utilizes these built-in features, users can gain the heightened security of multifactor authentication without the need for new hardware, which can be costly and time consuming. In addition, mobile devices also have location services built into them, alleviating the need to scan an actual badge by using proximity servers to identify when a person is near a door they need access to. When juggling coffee, laptops and breakfast in the morning, the last thing an employee wants to worry about is digging around for a credential card.
  • 3) Mobile credentials can save money
    Mobile credentials already seem like the easiest choice, but the real selling point is that they can be far more cost effective than the traditional access control badge. They are easily upgradable and eliminate the cost associated with issuing a physical badge or access control card to every employee. Because employees are already using their cell phones, it makes sense to leverage the technology everyone already carries in their pockets. This is especially useful on college campuses or hotels, where key cards are replaced frequently.

Overall, mobile credentials are making a good case for themselves. From convenience, to increased security, to long-term cost savings, it simply seems like the logical direction for the industry to go. As implementation has picked up in past years, time will tell if the industry adopts mobile credentials exclusively.

Looking to the Future of Access Control

By Eva Mach

When we think of access control, the first thing that comes to mind for most is a badge that gives entry to authorized individuals. There is, of course, technology behind it, but compared to the rest of the industry it may seem that access control is lacking as far as innovation and new solutions go. However, what many do not realize are the growing number of solutions now available to end users, and wireless access and mobile credentials are part of this evolution.

The widespread development and increasing adoption of wireless access and mobile credentials have opened the door to future development. Looking more deeply, there is far more innovation happening that goes beyond a door simply opening. For example, Apple is running a prototype using Apple Pay and iPhones on college campuses. By connecting user’s phones to access control portals, there is a possibility to integrate the access control system with other systems. In this case, your wallet.

Access control options that are being adopted more widely on campuses include wireless locks. Wireless locks are replacing legacy locks, in turn allowing multiple wireless enabled devices and locks to communicate between each other. Criteria and conditions can be set, such as doors only being accessible to certain students on a college campus during certain times of day (i.e. class times). With editable criteria like this, security professionals on a campus or any other sector can ensure only the right people will have access to areas at the right time, including vendors making a delivery to an office or second shift employees for a warehouse.

While wireless connections make things easier and more controllable, there is concern involving the cyber security of these systems. Many end users in high security areas opt for multi-factor authentication rather than just knowledge of a pin or presenting a badge to enter a premise. A pin might be the first level of security, but a more advanced access control system could also require users to present an access control credential, including biometrics. The beauty of the innovation in access control is that it can be as simple or as complex as the user requires.

Overall, by opting for a wireless access control system, end users are given more flexibility, data backup and risk mitigation. There has not been a lot of new areas in access control for many years, but that has begun to change with the introduction of managed services with a cyber security emphasis along with blue tooth enabled devices that provide a better user experience more secure environment and ease of use for the security personnel.

This, along with increasing adoption of wireless and mobile credentials, is giving the industry an opportunity to bring access control to the forefront when talking about risk management. In addition, the deployment of sensors and analytics will allow the end users to gather information about comfort level within a building resulting in better customer experience and cost savings through adjusting the use of power.

Defining Cloud-based Solutions

By Bill Hogan

Cloud-based security solutions have been all the buzz in the industry for the past year, with many video surveillance and access control manufacturers jumping on the bandwagon to introduce their latest cloud-based offering to the market.

As the number of products called cloud-based increases, as a security professional have you ever wondered what defines a true cloud solution and how does one determine the difference between a solution that claims to be cloud based from one that really is?

While many security manufacturers state they offer a cloud-based solution, the reality is that very few, an estimated four percent, are a true cloud-based solution. A true cloud-based solution is defined as one that offers a fully scalable architecture that not only lives in the cloud but was also born in the cloud. It can be accessed from anywhere, any device and on any modern web browser.

For example, social media platforms such as Twitter, LinkedIn and Facebook, are cloud-based solutions. So too is Netflix, even though it requires an app to provide intellectual property protection on mobile devices. A majority of true cloud based solutions require that little to no software be installed on client devices.

It’s time for security professionals to start to pay attention to cloud-base solutions because the benefits far outweigh the downsides. For example, both small and large companies have the ability to seamlessly scale up their systems with a cloud-based solution. It can be timely, costly and a painful experience to take down every server, upgrade servers, update field panels and put them back online every time a new software version is released. A well-designed cloud-based solution using AI (Artificial Intelligence) can initiate an update once every two weeks, eliminating downtime and the expensive cost often associated with system upgrades.

Cloud-based architecture should enable a single database to span across the entire product for every client, which ensures product version control. Every client is then on the same version and has access to the same firmware / software version.

Cloud-based video storage also provides added protection, ensuring that video evidence cannot be destroyed by tampering with an NVR. Once the video is pushed to the cloud, regardless of what happens to the NVR, that video has been captured and saved.

The technology market is going through a tremendous evolution, as more of the everyday solutions and devices we use in both the home and business become IT and network centric. The security industry is no different, with cloud-based solutions paving the way for more streamlined, secure, resilient and redundant systems.

Buyer Beware: Why DIY Camera Systems Are Not Designed for Commercial Applications

By David Alessandrini

 

The “Do it Yourself” video security systems are all the rage in the residential market, enabling home owners to easily monitor who is coming to the front door, watch when children come home after school or to track package deliveries.

While these easy-to-deploy and use surveillance systems have introduced surveillance technology to the residential market, it’s important to remember that these systems are not suitable for enterprise and corporate level surveillance needs.

First, DIY camera systems do not allow you to switch out the camera that comes as part of the DIY surveillance kit. All components in the kit have to be by the same brand in order to work together.  This means that if you need a camera to provide clearer images at night and the cameras in your system do not do that, you are stuck with using the camera included in the box.

Second, these kit-based surveillance systems do not offer scalability. It’s important to ensure that any surveillance system installed can grow as security needs evolve and grow. Should a location need an additional camera to provide increased coverage in a parking lot, for example, many of these systems cannot accommodate even one additional camera.

Another area not typically taken into consideration is storage needs. The DIY surveillance kits often have limited storage capabilities, especially when trying to ensure that the system records usable, quality video. Many of these systems also do not provide enough storage needs to follow best practices for archiving surveillance.

Many people think that the DIY surveillance kits offer more features, but business and commercial users of these systems actually lose capabilities. Often it will also cost them more money by investing in a surveillance system that doesn’t fully meet the needs of their business.

While it may be tempting to install a DIY surveillance system, it’s best to work with a professional security systems integrator to design and install a commercial grade surveillance system customized for specific businesses’ needs.  Commercial clients have greater requirements than residential surveillance system users, where the lack of video to show a staged slip and fall incident in a parking lot can mean the difference between winning or losing a lawsuit.

Securing the IT Closet

By Craig Jarrett

Silicon Valley was ahead of the curve 15 to 20 years ago when it recognized the importance of securing the IT closet. Today, the rest of the business world is finally catching up, understanding that it is critical to ensure the servers that run a business are just as secure as the front door or business itself.

Securing the IT room has become top-of-mind for companies both large and small. It’s important to only grant access to those who are to permitted to enter into these areas as they contain sensitive information on customers, employees and the business itself.

Only a few years ago it was not uncommon for a company to locate servers out in the open, sometimes in a mailroom or another common area that could be frequented by employees or delivery people. This all began to change with the introduction of government compliance requirements such as Sarbanes-Oxley and HIPPA, which were implemented to protect privacy and data.

Now, publically traded companies need to show compliance with securing their data. This includes providing an audit on who has access to the IT room, even a technician who may be accessing the IT room to set up a system.

The systems now in place to protect the IT room can vary dependent upon the business and their specific security needs. Some implement a simple card reader or keypad on the door, both of which can easily manage and monitor who gains access to the room and at which specific time. Others, such as financial institutions and online retailers, have invested in two-factor authentication or require two people to enter and leave the room at any given time.

Beyond access control, some businesses have even taken securing their IT closet to another level by also installing surveillance cameras to visually monitor the area or vibration and sound sensors to detect an attempt to drill into the room from an adjoining location.

As part of the checks and balance process, it is also a good practice to have a reapproval process every six months, thereby ensuring that if a person no longer requires access to the IT closet it is removed from their credential.

At a bank, a person cannot get into the bank vault unless there is a real need. The IT closet is much the same, containing valuable information, and as such are now protected in a very similar manner.