classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018

The expanding role of IT in access control
November 2018, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure

It is a fact that IT is becoming more involved in the physical security world. In a small minority of companies, these two departments are actually merging, although this is a mammoth task fraught with problems, not only in terms of technology, but primarily in terms of culture.

In the access control world, one could say it’s normal for IT to be involved in networking (assuming the access systems make use of the corporate network and/or the IP protocol), but the scope of IT has slowly been creeping into more of the access control functions. In smaller companies, for example, it’s not unusual for the service provider responsible for the company’s IT to also take the responsibilities of physical security.

So how far has IT made inroads into the access control world in general? HID Global broadcast a webinar in October 2018 in which it revealed some new research into the increasing role IT departments and personnel are playing in the physical access control world. The webinar was hosted by HID Global’s Brandon Arcement and Matt Winn. After discussing the findings of the research, they went on to advise physical security operators as to how they can embrace their IT colleagues further, with the goal of improving the holistic security posture of their organisations.

The survey was conducted by The 05 Group, sponsored by HID and was completed in March 2018. As the title of this article notes, the research found that IT departments are now more involved than ever in organisations’ physical access control decisions and implementation, and that trend is set to increase.

The 05 Group surveyed 1 576 individuals from more than a dozen industries, including education (19%), information (16%), government (11%), manufacturing (8%), health services (8%), and security, professional and business services (8%). Of the respondents, 35% were IT managers, 26% were IT directors, 13% were IT staff, 8% were CIO/CTO, and 3% were VPs of technology. The survey also spanned companies of different sizes, with 24% having less than 100 employees, 22% 101-500 employees, 11% have 501-1000 employees, 17% have 1001-5000, 6% have 5001-9999, and 6% have 10 000-24 999 employees. The results therefore cover a broad spectrum of companies and industries.

The numbers tell a story

The research offers a significant amount of data about the role of IT in access control, however the webinar brought out a few pertinent facts (a link to the white paper written by HID from the research is at the end of this article). When asking the organisations being surveyed “Who is primarily responsible for physical access control in your organisation”, the responses were as follows:

• 29% said both IT and physical security.

• 26% said IT only.

• 25% said facility management handles the job.

• 12% said physical security only.

• 8% said the property management company was tasked with access control.

With a quarter of the respondents already saying IT is responsible for access control, and a further 29% saying it is shared between the two departments, it’s clear that the divide between IT and physical security is rapidly vanishing – and in some cases, altogether gone. And this is a trend that will continue; in organisations where IT is not involved in access control, 36% of the respondents said it will be within the next five years.

For those organisations where access control responsibilities are shared, 47% of the respondents report it had been shared within the past five years. Similarly, where IT owns the responsibility, 42% of the companies say they were given this task within the last five years. Once again we see that IT/physical security convergence in the access world is an expanding reality.

We mentioned IT’s influence in access control above in terms of the networking of access systems, however, this is an old function. The webinar showed that both IT professionals as well as physical security professionals see IT being involved in all areas of access control. When it comes to physical security professionals:

• 66% of physical security professionals see IT involved in influencing the decision-making process.

• 48% see IT’s involvement in integrating access and other systems.

• 37% see IT involved in implementation.

• 22% see IT involved in managing the systems.

From the other side of the table, IT professionals have a similar view:

• 76% expect to influence decision making.

• 72% will be involved in integration.

• 59% will be involved in implementation.

• 39% expect to be involved in managing systems.

Not all wine and roses

Of course, as these different cultures work together, there are bound to be some issues. It is in the field of integration where IT sees problems. Half of the IT people surveyed have issues with the lack of integration of access systems with other IT systems. This is an area in which the access control industry could make significant changes in the short-term to ensure their software and hardware can be more easily integrated with existing business management and security systems.

When it comes to new access control systems, the IT school has a few things it wants to see on the vendors’ to-do list. They want improved ease of use (71%), the ability to support or add new technologies (68%), mobile access (59%), and integration with existing security platforms (54%).

It’s also clear from the survey that IT is not all that comfortable with access control technology. Areas such as credential management, decision making with respect to access control systems, how system components work and also individual features within access systems can cause a bit of nervousness among the IT folk. These are areas in which physical security professionals can make their mark, as they are more skilled in dealing with these issues as well as others unique to their industry.

Helping IT in access

The driver behind this convergence is not a technical issue, but is itself a convergence of a number of separate drivers. HID notes the primary drivers are:

• Converged threats that impact both physical and logical infrastructure. If you have a physical vulnerability it puts your logical systems at risk, and vice versa.

• Proliferation of networked devices in the age of IoT (the Internet of Things) which all require both physical and logical security. Interestingly, the webinar held its own real-time survey of the attendees and this topic was selected as having the biggest impact on access control’s shift to IT with half of the audience selecting it.

• Compliance to new regulations, which again rely on both sides of the table.

• Budget consolidation, which we are all suffering through.

• A shift in reporting structures as executives try to get a handle on the seemingly endless threats companies face on all fronts.

When it comes to the role of physical security professionals and how they can assist in the convergence between the two sides and help improve organisational security, 80% of the respondents said they play a role in establishing best practices, while 50% see physical security having a role in preventing unauthorised access in general, and 49% say they can help in achieving compliance. In order to streamline collaboration, the HID webinar suggests, among other issues, that both sides need to work on aligning project priorities and determining responsibilities, and balancing the technical acumen of IT when it comes to access products and management.

A converged example

The webinar went on to provide an example of how the two divisions could work together in an access control installation. When it comes to the physical access control host, HID advises organisations to integrate physical access control systems (PACS) with an IT source of identity such as LDAP. Furthermore, administrators should ensure there is a set policy around regular software updates and patches, while they should also take advantage of IT’s experience (and equipment) to ensure high availability.

When it comes to the controller, HID advises organisations to settle some of the issues raised above by requiring an open controller platform that can be integrated with other technologies and other vendors’ products. Preventing vendor lock-in is a costly lesson IT departments have learned. It also suggests considering an ‘IP-at-the-door’ topology, keeping controller firmware updated to the latest versions, using strong passwords and encrypting communication between controllers and hosts (and using OSDP – Open Supervised Device Protocol – for encrypted reader communications). Find out more about OSDP in the article ‘The advantages of OSDP’ at

Another strong warning was to take care when selecting access credentials as many of the card and fob technologies available are easy to replicate, making it simple for the wrong people to easily gain access. There are secure card technologies out there and these should be used as a standard. A business benefit of these more advanced credentials is that they can also be used for additional business functions, such as secure printing, vending machines and network logon.

The webinar presenters also touched on the benefits of using users’ mobile devices as credential holders. These can offer higher levels of authentication, easier administration and more user convenience that does not come at the expense of the company’s security.

Whether you are on the IT or physical security side, the most important part of the research (depending on your biases) can be seen in the answer to the question “Do you believe that increased collaboration between physical security and IT can improve the overall security of your organisation?” An overwhelming 95% of all the respondents said “yes”.

While the full convergence of physical and logical security is still some way off, people in the access control sector obviously understand that IT and physical security working together is critical to develop a successful security defence strategy for their organisations. In the access control industry this may be easier to achieve, but as noted in the introduction, it is often a question of culture (or ego, to be blunt) that prevents collaboration and results in organisations being vulnerable to the ever-increasing threats they face from well-organised criminal syndicates, as well as unhappy teenagers with too much time on their hands.

The full paper from the research can be found at

For more information contact HID Global, +27 60 988 2282,,

  Share via Twitter   Share via LinkedIn      

Further reading:

  • From the editor’s desk: Dark times
    April 2019, Technews Publishing, News
    Although the timing is more coincidence than anything else, this issue includes a feature on power management. Given the latest news we’re hearing and experiencing from Eskom and the length and breadth ...
  • ASIS Security Technology Concepts day
    April 2019, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
    ASIS SA kicked the tyres of a few technologies at its first Security Technology Concepts day in February.
  • Watching the game
    April 2019, Technews Publishing, Pelco by Schneider Electric, Dallmeier Electronic Southern Africa , Entertainment and Hospitality (Industry), CCTV, Surveillance & Remote Monitoring
    Video surveillance plays a larger role in the casino market than simply watching people gambling and trying to catch pickpockets.
  • More than locking the door
    April 2019, Technews Publishing, Salto Systems Africa, ZKTeco, Entertainment and Hospitality (Industry), Access Control & Identity Management, Asset Management, EAS, RFID
    Electronic locks offer hotels far more than simply a more convenient way to manage doors, they can be integrated into a host of other systems and services.
  • Securing farms takes a multi-­layered approach
    April 2019, Technews Publishing, Nemtek Electric Fencing Products, Perimeter Security, Alarms & Intruder Detection
    While perimeter fencing is a must-have, the agriculture sector is increasingly turning to modern high-tech electronic technologies, particularly in light of the violent farm attacks seen in South Africa over the last few years.
  • Wide-area surveillance on estates, farms and other large properties
    April 2019, Protoclea Advanced Image Engineering, Access Control & Identity Management, Integrated Solutions
    Using the right solution to protect large, open areas can be accomplished with the right technology and planning.
  • Visible light facial recognition
    April 2019, ZKTeco, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    ZKTeco recently expanded its reach in the facial recognition market with the launch of its new series of visible light facial recognition (VLFR) products.
  • 2019 Internet of Things (IoT) Barometer
    March 2019, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
    A majority of businesses that use IoT technology agree that it has either disrupted their industry or will do so in the next five years.
  • Split design hotel door
    April 2019, ZKTeco, Products, Access Control & Identity Management
    LH7500 hotel door locks are the latest models from ZKTeco’s Smart Lock series with elegant designs and support for Mifare cards and the EU standard mortise.
  • Slim hotel door lock
    April 2019, ZKTeco, Products, Access Control & Identity Management
    The LH7000 hotel door lock is the latest from the ZKTeco Smart lock series, supporting Mifare cards and the EU standard mortise.
  • When cybercrime affects health and safety
    April 2019, This Week's Editor's Pick, Cyber Security
    The threat of a category-one cyber-attack is that everything could seem right – the readings on the meter could be fine, checklists would be followed, and equipment would work – yet danger could still unfold.
  • Alastair McPhail joins Jarrison
    April 2019, Jarrison Systems, News, Access Control & Identity Management
    Alastair McPhail has taken the position of national marketing manager at time and attendance manufacturers, Jarrison Systems.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.