Deriving strategic value from access control

February 2011 Access Control & Identity Management

John Loftus discusses the value of access control.

Most South African businesses understand the face value of secure access control, however, what is often missed is the intrinsic value and strategic importance this vital security offering can bring to a business. In the South African climate, crime continues to plague South Africans both personally and in a business context, so securing your people and assets is critical to business survival as well as good corporate governance.

Tough economic conditions over the past couple of years have put business budgets under pressure. Few companies today will embark on company-wide technology upgrades unless deemed critical to the business’s survival. Access control should be considered of crucial strategic importance. Effective access control is the foundation upon which businesses can improve its control over finances, resources and the seemingly constant threat of crime, especially white-collar fraud.

Effective access control devices properly identify people and verify their identity through an authentication process. By definition, access control is the process by which users are identified and granted certain privileges. Good access control systems record and timestamp all communications and transactions so that access to systems and information can be audited at later dates.

Properly planned access control systems can provide information on hourly-paid or temporary workers directly to the payroll system to simplify the process of paying wages; and it can grant or deny access to areas depending on the identity of the individual requesting access. The problem with traditional access systems is that the identification component is inherently insecure.

Who are you paying for what?

Many companies are still using traditional punch card or card-based access control systems because they are cheap, convenient and easy to use. Far too many end up paying workers who often take unauthorised and undetected time off by having a colleague punch or swipe their card for them – a scam known as buddy clocking. At the end of the week or month, these workers receive their full pay as the system records them as being at work, perhaps even working overtime, but the business has not received the productivity it is paying for.

In companies and government departments without any means of access control, the problem of ghost workers is also a constant drain on finances. These workers appear on the payroll, but they do not exist and their wages are paid into someone else’s bank account.

Without the means to positively identify who is where, when, access control systems will cost businesses money. By identification, we mean being sure that the person requesting entrance to a building or clocking in is who they claim to be and not a friend doing them a favour.

Using access control systems that include an effective identity management component allows the company to know who was where and for how long. More importantly, this information can’t be easily tampered with and will therefore result in wages being paid to workers who actually fulfilled their part of the contract.

Health and safety

In South Africa, developments in legislation make it a necessity for all executives to know exactly how many people they have on their premises and exactly where they are. The legislation in the new Health and Safety Act puts the onus on the employer to implement whatever systems are necessary to ensure workers, visitors and passersby are not exposed to danger. This also applies to any contractors one has on site.

What this means that if someone wanders onto a shop floor and is injured by a machine or forklift, for example, even if the injury is due to their own carelessness, the company is responsible and can be taken to court. Every company therefore needs to ensure their access control processes are properly designed and implemented. The alternative is to have someone watching every person on site to ensure they do not damage themselves, which is unrealistic.

Modern access control technologies can take much of this responsibility away from companies, integrating where needed into the corporate network and relevant applications, such as payroll and HR. In high-accident areas, for example, employees can be denied access if they have not attended the latest safety training session or had a scheduled health check. HR simply needs to set the parameters and the systems will do the rest without requiring someone to act as a police officer.

Local access trends

Locally the main type of access control is a role-based access control that allows users to access systems and information based on their role within the business. Role-based access can be applied to groups of people or individuals. For example, you can allow everyone to enter the canteen, but only a limited number of people to gain access to the accounting department. This increases security and reduces the opportunity for crime by ensuring that only those people with a reason to be somewhere can be there.

Another system that is applied is a rule-based access control system that allows users access based on pre-configured rules. Rules can be established that allow access at predefined periods to specific people, again based on their identities and their roles within the organisation. A simple rule might, for example, allow access to a building for all employees during working hours, but only to senior management over weekends.

Using rules in conjunction with roles adds greater flexibility because rules can be applied to people, as well as devices.

Access control technologies

There are various types of access control technologies that can be used to solve enterprise access problems. Tokens, smartcards, biometrics and PIN/passwords are some of the more popular ones.

Biometric devices are growing in popularity. They authenticate users to through some sort of personal identifier such as a fingerprint, voiceprint, iris scan, retinal scan, facial scan or signature dynamics. The benefit of using biometrics is that end-users do not lose or misplace their personal identifier. It is hard to leave your fingers at home.

Initially, biometric applications did not catch on as fast as anticipated due to the number of false positives (incorrect readings). As technology advanced, however, this changed and biometrics is used with confidence in a number of industries today, from mining through to banking. Of course, as with any technology, opting for cheap no-name brand biometric systems is not advised, as the quality can be suspect.

Currently, card-based access solutions are most widely used, but cards can be lost or stolen. Fortunately, the technology embedded within smartcards allows for two-factor authentication. This is commonly described as gaining access due to something you have (the card) and something you know (a password or PIN).

Something you have is the card with your details on it; something you know is a PIN or password, or even a biometric token that ensures you are the person who is supposed to have the card. Two-factor authentication is not used for physical access as much as it is for logical access right now, but it is becoming a preferred integrated solution for allowing people to access buildings and computer systems. The potential for integrated physical and logical access control solutions is another area in which we expect to see tremendous growth in coming years.

As with any technology, it is important to remember that technology is only as good as its acceptance by users and the ease with which they can use it. To ensure you business has an effective access control system in place, you need to start by developing the appropriate access policies and procedures based on the requirements of the company and the capabilities of users. Once you know what you want and how it should perform, selecting the technology to meet your needs becomes easier. All you need then is to find the right partner who understands your business and has the knowledge, skills and experience to ensure your system delivers.

For more information contact Norbain SA, +27 (0)11 887 1546, kershia@Norbain.co.za, www.norbain.co.za


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access authentication with a wave
May 2019, IDEMIA , Editor's Choice, Access Control & Identity Management, Integrated Solutions, Financial (Industry), Commercial (Industry)
Financial organisations are making the move to contactless fingerprint biometrics in order to meet the increasing burden of regulatory and compliance demands.

Read more...
Face to face with Suprema FaceLite
May 2019, Suprema , Editor's Choice, Access Control & Identity Management, News, Products
Suprema has announced the launch of FaceLite, the new generation compact face recognition terminal designed for enterprise access control as well as time and attendance applications.

Read more...
ASSA ABLOY showcases latest digital access solutions
May 2019, ASSA ABLOY South Africa , Editor's Choice, Access Control & Identity Management, News
ASSA ABLOY hosted a breakfast at the Country Club Johannesburg in Woodmead on 2 April, to showcase the company’s latest and greatest digital access solutions.

Read more...
Keyless access control launched in Africa
May 2019, FS-Systems , News, Access Control & Identity Management, Agriculture (Industry)
FS-Systems launches a cutting-edge keyless access control solution for the critical infrastructure environment across the African market.

Read more...
Know your customer/criminal
May 2019, ZKTeco , Financial (Industry), Access Control & Identity Management
Biometric facial recognition is becoming the most powerful way to prevent bank robberies and fraud.

Read more...
New Paxton audio monitor
May 2019, Paxton Access , Products, Access Control & Identity Management
Paxton has launched the Net2 Entry audio monitor, bringing a simple, cost-effective option to the Net2 Entry range.

Read more...
Paxton’s global training reaches more installers than ever
May 2019, Paxton Access , News, Access Control & Identity Management
Paxton has trained more than 2000 installers across the world already this year, meaning a record first quarter, and enabling more people than ever to use Paxton products.

Read more...
Streamline lunchtime queues
May 2019, Secutel Technologies , Products, Access Control & Identity Management
Secutel, in partnership with Matrix Cosec, offers a one-stop-solution for the management of cafeterias and transactions.

Read more...
IP video intercom system
May 2019, Hikvision South Africa , Products, Access Control & Identity Management
Hikvision has released its second-generation IP video intercom system designed for door entry communication including video and security access.

Read more...
Identity and access management in the cloud
May 2019 , Access Control & Identity Management
HID Global announced the availability of the new HID Authentication Service, which is part of its cloud identity platform, designed to deliver a suite of trusted identity solutions.

Read more...