Key management in 2018

Access & Identity Management Handbook 2018 Access Control & Identity Management, Security Services & Risk Management

Key management ranges from sticking a few hooks on the wall to complex cabinets that track and manage the issuing and returning of keys. You wouldn’t think there were advanced technical solutions for keeping an eye on who has what key and when they took it, but in today’s high-crime society companies need to ensure they know who has access to corporate resources.

Hi-Tech Security Solutions asked three key management specialists for their insight into the key management market in South Africa and beyond, and asked what they will be coming up with in the near future. We approached:

• Lars Jensen from Morse Systems Africa.

• Steve Masingi from Zonke Monitoring Systems.

• Clint Willemse from Traka Africa.

Hi-Tech Security Solutions: What are the latest trends when it comes to using technology to manage keys in large organisations?

Willemse: Key and asset management control can and should also be applied to businesses of all sizes because of the measurable benefits of enhanced security, process control and convenience, as well as increased staff productivity, morale and accountability.

Intelligent systems allow administrators to manage users in real time with software that is accessible from almost any device that can run a browser, including phones, tablets and PCs.

Current trends in the market we see are:

• De-centralised ‘self serve’ key management cabinets to reduce downtime in the key vending/collection process, with centralised administration and reporting from a browser-based software application.

• Place keys local to where they are needed to increase efficiency and reduce risk of personnel carrying sensitive keys for longer than necessary. For example, for a corporate campus or university, smaller, distributed key cabinets in each facility building connected to the corporate network for centralised management.

• Curfew utilisation to ensure key sets are returned within a pre-determined period of time.

• Email notifications sent to holders and supervisors for keys not returned to the cabinet within the designated time-frame.

• Standard operating processes (SOP) in place for following up and holding individuals accountable. It is critical to have ‘teeth in your policies’ to hold users accountable for using the system properly. Policies must be defined upfront during the deployment planning process.

Jensen: Recent high profile and very damaging cyber attacks have once again focused attention on security infrastructure vulnerabilities. As part of the trend in addressing these issues, many organisations are also identifying possible exposure in the management of facility keys and are taking preventive measures against potential future issues. These may include a policy review to help ensure that keys are better managed and controlled, and implementing an electronic key control system to ensure compliance.

Key control and management systems are designed to secure keys in a tamper-proof cabinet and access to the cabinets and to individual keys are controlled at all times, with every key accounted for. Additional safety measures may include requiring multiple user authorisations at the removal and return of the most important keys, email or SMS alerts if valuable keys are not returned as scheduled, and integration with broader security systems to streamline processes and reduce the potential for human error.

Masingi: The key management system is cost-effective and easy-to-use and the software licence is, in most cases, included in the package. Most companies can easily integrate their existing access control software with the key management software and it provides reports that are easy to use. Large businesses with massive offices can control the access period and also track other valuable assets.

Hi-Tech Security Solutions: Do key management systems have their own management software that allows organisations to limit who can take which keys, as well as to alert the appropriate people if keys are missing or not returned? What about integration to other platforms?

Willemse: In recent years, software applications have moved on from a thick client to a thin client (browser-based). This simplifies installation and maintenance and makes the application accessible from any modern browser. A specific focus on information security is critical to ensure the application is not vulnerable to cyber attacks. It’s a very real problem and can have a devastating impact on a business and its employees.

Integration means many things to many people. To some, it can simply mean using the same credential for the key management system as used for access control, however, true integration means being able to leverage an existing security platform to grant/revoke access to keys in the same way you administer access to online openings. In addition, key management events/alarms are monitored from a common user interface at the SOC (security operations centre). Policy and procedure can be driven by denying exit from a sensitive facility (e.g. a data centre) if a key is not returned to the system, for example.

It’s also critical that integration must not be for integration sake (‘bells and whistles’), it must solve a real world problem, delivering efficiency, increasing safety while providing a measurable impact to the bottom line (a return on investment). Ultimately, the solution ties back to the overarching risk strategy for the business.

Jensen: Dedicated PC-based key management software allows management of all programming, authorisations, remote functions and reports for the key control system. Notifications and events can be automatically sent to authorised personnel and built-in schedulers can be programmed to automatically download all data.

Key control systems can usually be integrated with the existing networked physical security systems without costly upgrades or overhauls. Employees can be entered into the access control system, for example, with their credentials profile information, access group, etc. instantly transferred to other systems. The system can also pass data about transactions and alarms back to the access control system for greater integration.

Masingi: Yes, these systems can be integrated into general management platforms, such as access control or intrusion etc.

Hi-Tech Security Solutions: As electronic locks that don’t require keys become more popular, do key management vendors see this as a threat? Can key management be extended to other areas of security?

Willemse: The mechanical lock industry is reducing about 5% year-on-year. However, security managers are tasked with delivering a solution for many different types of openings. Most organisations either put online access control on an opening or do nothing at all and leave it to chance.

This is a major risk when typically only 10% of openings have online access control in a corporate facility. Key and asset management systems extend the reach of your current security platform to all other offline openings and assets, while ensuring they can be administered in the same way as online access control openings.

It is also highly cost-effective over other potential solutions, for example as another layer of a PSIM solution. In addition, a key and asset management system can extend the value of the security function to many other areas of the business to better account for not only keys, but any piece of equipment that needs to be managed, with full reporting visibility and operational transparency making decisions and KPI (key performance indicator) adherence much easier to manage.

Jensen: Today’s automated key management systems bear little, if any resemblance to key control systems of the past. The technology has evolved and kept pace with industry trends to offer unique time-saving and integration capabilities that help ensure increased security and operational efficiencies.

Recorded data from a key management system provides a wide range of business intelligence that can be analysed for identifying security vulnerabilities. Trends that could take weeks or months to detect manually can be seen almost instantly when relevant queries are programmed into the reporting software. This highly specific intelligence allows root causes of problems to be identified rather than symptoms, and enables management to enact countermeasures that will help prevent incidents before they occur.

Masingi: Yes. Electronic locks will always pose a threat as it eats into the existing and saturated key management market. Hence there is a need to improve the technology, but still maintain competitive prices.

Hi-Tech Security Solutions: What are the latest advances in key management that your company has made in terms of technology, integration and so forth?

Willemse: Traka continually invests in R&D to ensure the solutions provided are of real tangible value and address the needs of every customer regardless of the market sector they operate in. Every solution designed and developed provides value, useful presented data on which to make operational decisions, seamlessly integrated to third-party systems for added value. Ease-of-use and scalability from 1 to over 2000 systems are reasons why Traka solutions are in over 26 000 systems worldwide.

Other successful advances for Traka include:

• Integration with the leading access control OEMs like Lenel.

• Web services API/SDK to allow OEMs, system integrators and professional end-users to build custom integrations to the Traka Web platform.

• Enterprise scalability to accommodate thousands of key cabinets and/or asset lockers managed throughout large enterprises.

• Information security focus – penetration testing (to OWASP standard).

• Advanced data capture features through the touch screen at the point of key/asset remove and return – for improved compliance and auditing.

• Advanced RFID monitoring and charging of physical assets in intelligent asset lockers.

Jensen: Morse Watchmans has developed a range of key control and asset management products that continue to evolve along with our customers’ needs. Most recently, we introduced an RFID-based AssetWatcher System that uses non-contact wireless radio links to recognise and track tagged assets placed in or removed from lockers. It is compatible with multiple types of RFID tags and different types of assets, including electronics and metal objects, and offers three different modes of operation.

The latest version of our KeyWatcher Touch system allows multiple systems to be synced at once for faster and more efficient management. We’ve also added a desktop fingerprint reader and updated the database design to boost speed for storing and retrieving data. Our open architecture platform makes a variety of innovative integration solutions possible to meet demanding security needs.

Masingi: Zonke Monitoring Systems has introduced the tracking of movable assets (such as trucks). We have also introduced card systems which are also used in the mining industries.

For more information, contact:

Morse Systems Africa, +27 (0)11 326 1450, [email protected], www.keywatcher.co.za

Traka Africa, +27 (0)11 761 5000, [email protected], www.traka.co.za

Zonke Monitoring Systems, +27 (0)11 880 1000, [email protected], www.zonkems.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Boost revenue streams for MNOS
News & Events Security Services & Risk Management Financial (Industry)
ReveNet has introduced its new solution, designed to safeguard and potentially boost revenue streams in an increasingly challenging landscape for MNOS. The new platform combines advanced analytics and is built on trust, transparency, and sustainability principles.

Read more...
Unlock data insights and integration
Gallagher Access Control & Identity Management Products & Solutions
Gallagher Security announced the release of its security site management software, Command Centre v9.20, which enables integration with Microsoft Entra ID, a cloud-based identity and access management system that provides seamless synchronisation of cardholders across systems.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Gallagher Security opens Cape Town office
Gallagher News & Events Access Control & Identity Management
Acknowledging a significant period of growth for the company in South Africa, opening a second office will enable Gallagher to increase its presence across the region with staff based in Johannesburg and Cape Town.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...
Securing access against unwanted visitors
Intelliguard Access Control & Identity Management Residential Estate (Industry) Products & Solutions
In today's residential estates and complexes, one of the biggest concerns is preventing unauthorised access, while ensuring a smooth and convenient experience for residents and approved visitors.

Read more...
Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Suprema's BioEntry W3 integrates AI-powered facial authentication into a sleek design that prioritises security, privacy and user experience, and even allows users to store their facial templates on their mobiles instead of external devices.

Read more...