The right access decisions
November 2018, This Week's Editor's Pick, Access Control & Identity Management
We all want our access control to be the best and most secure, until we see the price tag. In the real world, companies all too often select their access control solutions based on what fits the budget rather than the requirements of the business.
This is understandable to a degree given the broad selection of different product available, as well as the different price points and quality of products out there. But what should companies be doing to ensure they have the right products, with the right performance in the right places? Moreover, what solutions are there to choose from and where would they fit in optimally? Hi-Tech Security Solutions asked Impro’s MD, Mike Shipton what he sees in the access control market today and for his advice to those looking for new or upgraded access solutions.
One general trend in access control is that of longevity. People are not inclined to renew their access installations every three to five years. There are many examples of companies using their access control systems successfully for a decade or two. While this makes for pleasant budgets, it does make integrating newer technologies harder – a fact some companies like Impro have focused on in expanding their businesses.
Shipton notes that there are still a large number of companies using legacy systems today. “This is partly attributed to the system still meeting their needs, but also due to the capital investment required to upgrade or replace. This is an area we [Impro] have specifically focused on, whereby legacy systems can be slowly migrated into new technologies without the traditional rip-and-replace. The benefit of this is a company is not impacted with a large investment, but rather smaller values over a longer period.”
He does, however, see a strong move to upgrading to new platforms, primarily because of the increased security and convenience now available. “If you think many systems are five to ten years old, technology has moved on dramatically – whether it’s our cellphones, computers, cars or TVs, the evolution has been rapid. Whilst access control has not been as disruptive, there are certainly industry-changing technologies which are becoming mainstream – things such as virtual credentials, where you’re able to use your cellphone to gain entry or to manage your system.”
And integration has become a critical issue in the access market. While he admits there are still many systems that operate in isolation, this is changing. Shipton says the need for integration is crucial – it saves time and reduces complexity. Furthermore, choosing solutions that can be combined with those from other vendors keeps your options open.
“While integrations have been available in the past, they were often custom projects, requiring an intensive time and resource investment. Today, we’ve built APIs that enable a variety of products and services to quickly and easily integrate into our systems – from diverse systems such as elevators, production management, canteen payments and payroll, to the traditional CCTV and intrusion systems.”
He adds that another driver for integration is the ability to manage everything from one console. “Customers want one place to monitor and manage their security.”
Overcoming the legacy of legacy
And while many people seem to focus on the latest and greatest in access and identity technologies, Shipton adds that legacy systems bring legacy credentials – the card, tag and fob.
“There are still millions of these being used around the world today,” he states, “but this too is changing, and certainly much faster internationally as the risk of cloning is a significant concern. While the form of the credential doesn’t have to change, people are certainly calling for secure credentials – we already offer anti-cloning credentials, including high encryption tags that have a unique institution code embedded at manufacture and cannot be ordered by a third party without the institutions authorisation.”
Impro has also taken these credentials into the mobile world because we all know where our phone is, so there is less risk of loss, and we don’t easily share our phone with others. It’s also very convenient to have everything within one device – phone, camera, email, and now access control. “Add in 256-bit AES encryption and the ability to revoke credentials over the air, and you have a win-win solution for both the organisation and the end user.”
“Biometrics are another popular choice and are certainly making strong ground as the cost for these devices continues to reduce,” he adds. “In the past, biometrics were viewed as a high-end, high-cost solution but this has changed dramatically over the past few years. However, accuracy and read time remains important, especially in high traffic areas such as front entrances, or turnstiles – the technology continues to evolve to ensure that every fingerprint can be read correctly, every time.
“What will be interesting is the integration of biometrics with mobile within an access control setting. We’ve seen how people have quickly adopted biometrics on their cellphones and this will drive greater acceptance in everyday situations. Imagine using your fingerprint or facial recognition on your mobile device to open your house, your car, your office door, to log into your computer and undertake online transactions. This is fast becoming reality as the IT world merges into the security sector.”
Where to deploy what?
With all these options, what does the security manager do in deciding the best fit for the various access-controlled areas in their organisation? As noted above, budget is too often a more important deciding factor than the applicability and reliability of technology.
The first step, according to Shipton, is to assess what your greatest risks are, and what are the areas that need the highest levels of security, if any. “Many companies simply want to prevent unauthorised users from accessing the premises. In this case, biometrics can be used at perimeter entrances for enhanced security, while throughout the interior areas traditional tags suffice. By focusing on the perimeter, you’re able to remove the risk and reduce cost as there are only a few entrances, as opposed to placing biometrics at every door.”
If higher security is needed internally, such as in the server room or vaults, these specific areas can have additional measures, such as two or more people tagging in before the door is opened; or again the use of biometrics. For example, he notes that some mines are now deploying facial recognition biometric readers for high-risk areas, coupled with integrated safety certificate validation at time of entry, breathalysers and tagging of equipment – all to be completed before access is granted. This isn’t for security purposes only, but rather also for health and safety due to the legal ramifications of non-compliance.
“The options really are extensive as we have solutions to meet every budget, both from a hardware and software perspective,” Shipton says. “Whether it’s one door or a thousand doors, our solutions can grow with your needs and, more importantly, we offer off-the-shelf systems. Companies don’t want extensive custom-built solutions that lock them into one supplier.
“The first step though, is to identify those risks and then work with an accredited and credible installer, who will guide you on the best solution for your needs.”
Is access getting cloudy?
Nothing can escape the influence and impact of cloud and remote services today and this applies to access control as well in the form of cloud and/or hosted access solutions, as well as Access Control as a Service (ACaaS). But are these solutions as simple and secure as traditional options?
“Absolutely,” states Shipton. “In fact, depending on the skills or experience of the personnel managing the on-site system, it can be a great improvement. For example, many small to medium sized businesses don’t have an in-house IT department managing firewalls, virus protection, server uptimes, fail-overs and disaster recovery programmes. In a cloud environment, this is all taken care of by highly qualified individuals, with guaranteed contractual uptimes and protection.
“This means the customer can focus on their core business, knowing specialists in both cloud and access control are taking care of their system. The customer also only pays for what they use. For example, in an on-site situation, they may buy larger servers to accommodate for future growth, but in a cloud scenario this falls away. Only when you need the extra capacity will you pay for it; and this makes for easy scalability and growth.”
Another cloud benefit is that new feature enhancements or updates to products can be automatically deployed, so you’ve always got the latest, greatest functionality and security, built within your operational costs. There would be no additional licensing or upgrade fees, no additional personnel on site to deploy. All this, says Shipton, adds up to a simpler, quicker and better service.
Top issues to consider
As a final question, Hi-Tech Security Solutions asked Shipton for his take on what the top issues would be when planning a new access control installation.
“Two main things are crucial,” says Shipton, “the expected life of the system, as this is a significant investment; as well as the after-sales support and warranty. We all know there’s nothing worse than buying something, having a problem and not getting assistance, or finding out those parts were imported or no longer available in South Africa.
“Further to that, I’d also like to see South Africans supporting South Africans. As our President recently stated, we need to be buying local, creating those local jobs and building our economy. South Africa has high security solutions, we have the technologies, and in many cases, we have better solutions than many international offerings – it is time we get behind our local businesses.
“To illustrate this, Impro has been specialising in access control for over 30 years and we were one of the first companies in the world to develop RFID solutions. In addition to our strong market share in South Africa, we export to over 60 countries, spanning four continents. International companies are choosing South African solutions for their robustness, their security, technological advancements and convenience.”
For more information contact Impro Technologies, +27 31 717 0700, email@example.com, www.impro.net