Deriving strategic value from access control

February 2011 Access Control & Identity Management

John Loftus discusses the value of access control.

Most South African businesses understand the face value of secure access control, however, what is often missed is the intrinsic value and strategic importance this vital security offering can bring to a business. In the South African climate, crime continues to plague South Africans both personally and in a business context, so securing your people and assets is critical to business survival as well as good corporate governance.

Tough economic conditions over the past couple of years have put business budgets under pressure. Few companies today will embark on company-wide technology upgrades unless deemed critical to the business’s survival. Access control should be considered of crucial strategic importance. Effective access control is the foundation upon which businesses can improve its control over finances, resources and the seemingly constant threat of crime, especially white-collar fraud.

Effective access control devices properly identify people and verify their identity through an authentication process. By definition, access control is the process by which users are identified and granted certain privileges. Good access control systems record and timestamp all communications and transactions so that access to systems and information can be audited at later dates.

Properly planned access control systems can provide information on hourly-paid or temporary workers directly to the payroll system to simplify the process of paying wages; and it can grant or deny access to areas depending on the identity of the individual requesting access. The problem with traditional access systems is that the identification component is inherently insecure.

Who are you paying for what?

Many companies are still using traditional punch card or card-based access control systems because they are cheap, convenient and easy to use. Far too many end up paying workers who often take unauthorised and undetected time off by having a colleague punch or swipe their card for them – a scam known as buddy clocking. At the end of the week or month, these workers receive their full pay as the system records them as being at work, perhaps even working overtime, but the business has not received the productivity it is paying for.

In companies and government departments without any means of access control, the problem of ghost workers is also a constant drain on finances. These workers appear on the payroll, but they do not exist and their wages are paid into someone else’s bank account.

Without the means to positively identify who is where, when, access control systems will cost businesses money. By identification, we mean being sure that the person requesting entrance to a building or clocking in is who they claim to be and not a friend doing them a favour.

Using access control systems that include an effective identity management component allows the company to know who was where and for how long. More importantly, this information can’t be easily tampered with and will therefore result in wages being paid to workers who actually fulfilled their part of the contract.

Health and safety

In South Africa, developments in legislation make it a necessity for all executives to know exactly how many people they have on their premises and exactly where they are. The legislation in the new Health and Safety Act puts the onus on the employer to implement whatever systems are necessary to ensure workers, visitors and passersby are not exposed to danger. This also applies to any contractors one has on site.

What this means that if someone wanders onto a shop floor and is injured by a machine or forklift, for example, even if the injury is due to their own carelessness, the company is responsible and can be taken to court. Every company therefore needs to ensure their access control processes are properly designed and implemented. The alternative is to have someone watching every person on site to ensure they do not damage themselves, which is unrealistic.

Modern access control technologies can take much of this responsibility away from companies, integrating where needed into the corporate network and relevant applications, such as payroll and HR. In high-accident areas, for example, employees can be denied access if they have not attended the latest safety training session or had a scheduled health check. HR simply needs to set the parameters and the systems will do the rest without requiring someone to act as a police officer.

Local access trends

Locally the main type of access control is a role-based access control that allows users to access systems and information based on their role within the business. Role-based access can be applied to groups of people or individuals. For example, you can allow everyone to enter the canteen, but only a limited number of people to gain access to the accounting department. This increases security and reduces the opportunity for crime by ensuring that only those people with a reason to be somewhere can be there.

Another system that is applied is a rule-based access control system that allows users access based on pre-configured rules. Rules can be established that allow access at predefined periods to specific people, again based on their identities and their roles within the organisation. A simple rule might, for example, allow access to a building for all employees during working hours, but only to senior management over weekends.

Using rules in conjunction with roles adds greater flexibility because rules can be applied to people, as well as devices.

Access control technologies

There are various types of access control technologies that can be used to solve enterprise access problems. Tokens, smartcards, biometrics and PIN/passwords are some of the more popular ones.

Biometric devices are growing in popularity. They authenticate users to through some sort of personal identifier such as a fingerprint, voiceprint, iris scan, retinal scan, facial scan or signature dynamics. The benefit of using biometrics is that end-users do not lose or misplace their personal identifier. It is hard to leave your fingers at home.

Initially, biometric applications did not catch on as fast as anticipated due to the number of false positives (incorrect readings). As technology advanced, however, this changed and biometrics is used with confidence in a number of industries today, from mining through to banking. Of course, as with any technology, opting for cheap no-name brand biometric systems is not advised, as the quality can be suspect.

Currently, card-based access solutions are most widely used, but cards can be lost or stolen. Fortunately, the technology embedded within smartcards allows for two-factor authentication. This is commonly described as gaining access due to something you have (the card) and something you know (a password or PIN).

Something you have is the card with your details on it; something you know is a PIN or password, or even a biometric token that ensures you are the person who is supposed to have the card. Two-factor authentication is not used for physical access as much as it is for logical access right now, but it is becoming a preferred integrated solution for allowing people to access buildings and computer systems. The potential for integrated physical and logical access control solutions is another area in which we expect to see tremendous growth in coming years.

As with any technology, it is important to remember that technology is only as good as its acceptance by users and the ease with which they can use it. To ensure you business has an effective access control system in place, you need to start by developing the appropriate access policies and procedures based on the requirements of the company and the capabilities of users. Once you know what you want and how it should perform, selecting the technology to meet your needs becomes easier. All you need then is to find the right partner who understands your business and has the knowledge, skills and experience to ensure your system delivers.

For more information contact Norbain SA, +27 (0)11 887 1546,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Biometrics: the game changer in access control
November 2019, IDEMIA , Access Control & Identity Management
For security managers, the question is no longer, should I use biometrics, but rather, which biometrics should I use.

ViRDI UBio Tab 5
November 2019 , Access Control & Identity Management
ViRDI Distribution SA (ViRDI Africa) has announced the release of its long-awaited UBio Tablet to the South African market.

Cloud-based access control
November 2019, Elvey Security Technologies , Access Control & Identity Management
Hattrix is a flexible and scalable security platform that marks a shift toward outsourcing security, similar to other services such as IT, HR, and legal services.

Transforming secure access for SMEs
November 2019, dormakaba South Africa , Access Control & Identity Management
The dormakaba Matrix One access solution is an off-the-shelf access offering that is easy to use, completely secure and browser-based, making it accessible from anywhere in the world.

Manage remote transmitters via GSM
November 2019, ET Nice , Access Control & Identity Management
ET Nice has released a new solution to set up and manage remote transmitters online and monitor access equipment via GSM.

Secure hands-free access
November 2019, Suprema , Access Control & Identity Management
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

There’s an app for gate configuration
November 2019, CAME BPT South Africa , Access Control & Identity Management
CAME KEY is a new generation of working tool for gate automation, allowing setup and configuration from a mobile app.

Enhanced biometric technology for mines
September 2019, ZKTeco , Mining (Industry), Access Control & Identity Management
Biometric identification and authentication are currently used at various mines in South Africa and in the SADC region.

Improving access in mines
October 2019, Astra Fasteners , Mining (Industry), Access Control & Identity Management, Products
The VP1 controller provides full access control and remote monitoring of intelligent locks without having to wire into a network or install, manage and maintain software.

Invixium and Pyro-Tech partner in South Africa
October 2019 , News, Access Control & Identity Management
Invixium, a manufacturer of IP-based biometric solutions and Pyro-Tech Security Suppliers have announced a new distribution partnership.