Key management in 2018

Access & Identity Management Handbook 2018 Access Control & Identity Management, Security Services & Risk Management

Key management ranges from sticking a few hooks on the wall to complex cabinets that track and manage the issuing and returning of keys. You wouldn’t think there were advanced technical solutions for keeping an eye on who has what key and when they took it, but in today’s high-crime society companies need to ensure they know who has access to corporate resources.

Hi-Tech Security Solutions asked three key management specialists for their insight into the key management market in South Africa and beyond, and asked what they will be coming up with in the near future. We approached:

• Lars Jensen from Morse Systems Africa.

• Steve Masingi from Zonke Monitoring Systems.

• Clint Willemse from Traka Africa.

Hi-Tech Security Solutions: What are the latest trends when it comes to using technology to manage keys in large organisations?

Willemse: Key and asset management control can and should also be applied to businesses of all sizes because of the measurable benefits of enhanced security, process control and convenience, as well as increased staff productivity, morale and accountability.

Intelligent systems allow administrators to manage users in real time with software that is accessible from almost any device that can run a browser, including phones, tablets and PCs.

Current trends in the market we see are:

• De-centralised ‘self serve’ key management cabinets to reduce downtime in the key vending/collection process, with centralised administration and reporting from a browser-based software application.

• Place keys local to where they are needed to increase efficiency and reduce risk of personnel carrying sensitive keys for longer than necessary. For example, for a corporate campus or university, smaller, distributed key cabinets in each facility building connected to the corporate network for centralised management.

• Curfew utilisation to ensure key sets are returned within a pre-determined period of time.

• Email notifications sent to holders and supervisors for keys not returned to the cabinet within the designated time-frame.

• Standard operating processes (SOP) in place for following up and holding individuals accountable. It is critical to have ‘teeth in your policies’ to hold users accountable for using the system properly. Policies must be defined upfront during the deployment planning process.

Jensen: Recent high profile and very damaging cyber attacks have once again focused attention on security infrastructure vulnerabilities. As part of the trend in addressing these issues, many organisations are also identifying possible exposure in the management of facility keys and are taking preventive measures against potential future issues. These may include a policy review to help ensure that keys are better managed and controlled, and implementing an electronic key control system to ensure compliance.

Key control and management systems are designed to secure keys in a tamper-proof cabinet and access to the cabinets and to individual keys are controlled at all times, with every key accounted for. Additional safety measures may include requiring multiple user authorisations at the removal and return of the most important keys, email or SMS alerts if valuable keys are not returned as scheduled, and integration with broader security systems to streamline processes and reduce the potential for human error.

Masingi: The key management system is cost-effective and easy-to-use and the software licence is, in most cases, included in the package. Most companies can easily integrate their existing access control software with the key management software and it provides reports that are easy to use. Large businesses with massive offices can control the access period and also track other valuable assets.

Hi-Tech Security Solutions: Do key management systems have their own management software that allows organisations to limit who can take which keys, as well as to alert the appropriate people if keys are missing or not returned? What about integration to other platforms?

Willemse: In recent years, software applications have moved on from a thick client to a thin client (browser-based). This simplifies installation and maintenance and makes the application accessible from any modern browser. A specific focus on information security is critical to ensure the application is not vulnerable to cyber attacks. It’s a very real problem and can have a devastating impact on a business and its employees.

Integration means many things to many people. To some, it can simply mean using the same credential for the key management system as used for access control, however, true integration means being able to leverage an existing security platform to grant/revoke access to keys in the same way you administer access to online openings. In addition, key management events/alarms are monitored from a common user interface at the SOC (security operations centre). Policy and procedure can be driven by denying exit from a sensitive facility (e.g. a data centre) if a key is not returned to the system, for example.

It’s also critical that integration must not be for integration sake (‘bells and whistles’), it must solve a real world problem, delivering efficiency, increasing safety while providing a measurable impact to the bottom line (a return on investment). Ultimately, the solution ties back to the overarching risk strategy for the business.

Jensen: Dedicated PC-based key management software allows management of all programming, authorisations, remote functions and reports for the key control system. Notifications and events can be automatically sent to authorised personnel and built-in schedulers can be programmed to automatically download all data.

Key control systems can usually be integrated with the existing networked physical security systems without costly upgrades or overhauls. Employees can be entered into the access control system, for example, with their credentials profile information, access group, etc. instantly transferred to other systems. The system can also pass data about transactions and alarms back to the access control system for greater integration.

Masingi: Yes, these systems can be integrated into general management platforms, such as access control or intrusion etc.

Hi-Tech Security Solutions: As electronic locks that don’t require keys become more popular, do key management vendors see this as a threat? Can key management be extended to other areas of security?

Willemse: The mechanical lock industry is reducing about 5% year-on-year. However, security managers are tasked with delivering a solution for many different types of openings. Most organisations either put online access control on an opening or do nothing at all and leave it to chance.

This is a major risk when typically only 10% of openings have online access control in a corporate facility. Key and asset management systems extend the reach of your current security platform to all other offline openings and assets, while ensuring they can be administered in the same way as online access control openings.

It is also highly cost-effective over other potential solutions, for example as another layer of a PSIM solution. In addition, a key and asset management system can extend the value of the security function to many other areas of the business to better account for not only keys, but any piece of equipment that needs to be managed, with full reporting visibility and operational transparency making decisions and KPI (key performance indicator) adherence much easier to manage.

Jensen: Today’s automated key management systems bear little, if any resemblance to key control systems of the past. The technology has evolved and kept pace with industry trends to offer unique time-saving and integration capabilities that help ensure increased security and operational efficiencies.

Recorded data from a key management system provides a wide range of business intelligence that can be analysed for identifying security vulnerabilities. Trends that could take weeks or months to detect manually can be seen almost instantly when relevant queries are programmed into the reporting software. This highly specific intelligence allows root causes of problems to be identified rather than symptoms, and enables management to enact countermeasures that will help prevent incidents before they occur.

Masingi: Yes. Electronic locks will always pose a threat as it eats into the existing and saturated key management market. Hence there is a need to improve the technology, but still maintain competitive prices.

Hi-Tech Security Solutions: What are the latest advances in key management that your company has made in terms of technology, integration and so forth?

Willemse: Traka continually invests in R&D to ensure the solutions provided are of real tangible value and address the needs of every customer regardless of the market sector they operate in. Every solution designed and developed provides value, useful presented data on which to make operational decisions, seamlessly integrated to third-party systems for added value. Ease-of-use and scalability from 1 to over 2000 systems are reasons why Traka solutions are in over 26 000 systems worldwide.

Other successful advances for Traka include:

• Integration with the leading access control OEMs like Lenel.

• Web services API/SDK to allow OEMs, system integrators and professional end-users to build custom integrations to the Traka Web platform.

• Enterprise scalability to accommodate thousands of key cabinets and/or asset lockers managed throughout large enterprises.

• Information security focus – penetration testing (to OWASP standard).

• Advanced data capture features through the touch screen at the point of key/asset remove and return – for improved compliance and auditing.

• Advanced RFID monitoring and charging of physical assets in intelligent asset lockers.

Jensen: Morse Watchmans has developed a range of key control and asset management products that continue to evolve along with our customers’ needs. Most recently, we introduced an RFID-based AssetWatcher System that uses non-contact wireless radio links to recognise and track tagged assets placed in or removed from lockers. It is compatible with multiple types of RFID tags and different types of assets, including electronics and metal objects, and offers three different modes of operation.

The latest version of our KeyWatcher Touch system allows multiple systems to be synced at once for faster and more efficient management. We’ve also added a desktop fingerprint reader and updated the database design to boost speed for storing and retrieving data. Our open architecture platform makes a variety of innovative integration solutions possible to meet demanding security needs.

Masingi: Zonke Monitoring Systems has introduced the tracking of movable assets (such as trucks). We have also introduced card systems which are also used in the mining industries.

For more information, contact:

Morse Systems Africa, +27 (0)11 326 1450, [email protected], www.keywatcher.co.za

Traka Africa, +27 (0)11 761 5000, [email protected], www.traka.co.za

Zonke Monitoring Systems, +27 (0)11 880 1000, [email protected], www.zonkems.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
The future of security: intelligent automation
Access Control & Identity Management AI & Data Analytics IoT & Automation
As the security landscape evolves, businesses are no longer looking for stand-alone solutions, they want connected, intelligent systems that automate, streamline, and protect.

Read more...
Smart automation is changing security
SA Technologies IntelliGuard Access Control & Identity Management
Security has come a long way from manual check-ins, logbooks, and standalone surveillance cameras. With the rise of intelligent automation, security is now faster, smarter, and more connected than ever.

Read more...
The future of security in South Africa
ATG Digital Access Control & Identity Management
Security technology is evolving rapidly, but is local innovation keeping pace? Some global players recognise the potential of South African products for international markets, but can our manufacturers and service providers thrive without external support?

Read more...
Integration enhances estate access control
Access Control & Identity Management
With one-third of residential burglaries starting at the front door, the continued seamless integration of Glovent’s estate management platform with Impro access control software is welcome news for estates.

Read more...
T&A in South Africa’s retail sector
ERS Biometrics Access Control & Identity Management
Using existing systems, ERSBio provides a practical and more cost-effective way for businesses to manage operations, reduce payroll mistakes, and enhance overall efficiency through innovative T&A processes.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
How can South African organisations fast-track their AI initiatives?
AI & Data Analytics Security Services & Risk Management
While the AI market in South Africa is anticipated to grow by nearly 30% annually over the next five years, tapping into the promise and potential of AI is not easy.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...