Deriving strategic value from access control

February 2011 Access Control & Identity Management

John Loftus discusses the value of access control.

Most South African businesses understand the face value of secure access control, however, what is often missed is the intrinsic value and strategic importance this vital security offering can bring to a business. In the South African climate, crime continues to plague South Africans both personally and in a business context, so securing your people and assets is critical to business survival as well as good corporate governance.

Tough economic conditions over the past couple of years have put business budgets under pressure. Few companies today will embark on company-wide technology upgrades unless deemed critical to the business’s survival. Access control should be considered of crucial strategic importance. Effective access control is the foundation upon which businesses can improve its control over finances, resources and the seemingly constant threat of crime, especially white-collar fraud.

Effective access control devices properly identify people and verify their identity through an authentication process. By definition, access control is the process by which users are identified and granted certain privileges. Good access control systems record and timestamp all communications and transactions so that access to systems and information can be audited at later dates.

Properly planned access control systems can provide information on hourly-paid or temporary workers directly to the payroll system to simplify the process of paying wages; and it can grant or deny access to areas depending on the identity of the individual requesting access. The problem with traditional access systems is that the identification component is inherently insecure.

Who are you paying for what?

Many companies are still using traditional punch card or card-based access control systems because they are cheap, convenient and easy to use. Far too many end up paying workers who often take unauthorised and undetected time off by having a colleague punch or swipe their card for them – a scam known as buddy clocking. At the end of the week or month, these workers receive their full pay as the system records them as being at work, perhaps even working overtime, but the business has not received the productivity it is paying for.

In companies and government departments without any means of access control, the problem of ghost workers is also a constant drain on finances. These workers appear on the payroll, but they do not exist and their wages are paid into someone else’s bank account.

Without the means to positively identify who is where, when, access control systems will cost businesses money. By identification, we mean being sure that the person requesting entrance to a building or clocking in is who they claim to be and not a friend doing them a favour.

Using access control systems that include an effective identity management component allows the company to know who was where and for how long. More importantly, this information can’t be easily tampered with and will therefore result in wages being paid to workers who actually fulfilled their part of the contract.

Health and safety

In South Africa, developments in legislation make it a necessity for all executives to know exactly how many people they have on their premises and exactly where they are. The legislation in the new Health and Safety Act puts the onus on the employer to implement whatever systems are necessary to ensure workers, visitors and passersby are not exposed to danger. This also applies to any contractors one has on site.

What this means that if someone wanders onto a shop floor and is injured by a machine or forklift, for example, even if the injury is due to their own carelessness, the company is responsible and can be taken to court. Every company therefore needs to ensure their access control processes are properly designed and implemented. The alternative is to have someone watching every person on site to ensure they do not damage themselves, which is unrealistic.

Modern access control technologies can take much of this responsibility away from companies, integrating where needed into the corporate network and relevant applications, such as payroll and HR. In high-accident areas, for example, employees can be denied access if they have not attended the latest safety training session or had a scheduled health check. HR simply needs to set the parameters and the systems will do the rest without requiring someone to act as a police officer.

Local access trends

Locally the main type of access control is a role-based access control that allows users to access systems and information based on their role within the business. Role-based access can be applied to groups of people or individuals. For example, you can allow everyone to enter the canteen, but only a limited number of people to gain access to the accounting department. This increases security and reduces the opportunity for crime by ensuring that only those people with a reason to be somewhere can be there.

Another system that is applied is a rule-based access control system that allows users access based on pre-configured rules. Rules can be established that allow access at predefined periods to specific people, again based on their identities and their roles within the organisation. A simple rule might, for example, allow access to a building for all employees during working hours, but only to senior management over weekends.

Using rules in conjunction with roles adds greater flexibility because rules can be applied to people, as well as devices.

Access control technologies

There are various types of access control technologies that can be used to solve enterprise access problems. Tokens, smartcards, biometrics and PIN/passwords are some of the more popular ones.

Biometric devices are growing in popularity. They authenticate users to through some sort of personal identifier such as a fingerprint, voiceprint, iris scan, retinal scan, facial scan or signature dynamics. The benefit of using biometrics is that end-users do not lose or misplace their personal identifier. It is hard to leave your fingers at home.

Initially, biometric applications did not catch on as fast as anticipated due to the number of false positives (incorrect readings). As technology advanced, however, this changed and biometrics is used with confidence in a number of industries today, from mining through to banking. Of course, as with any technology, opting for cheap no-name brand biometric systems is not advised, as the quality can be suspect.

Currently, card-based access solutions are most widely used, but cards can be lost or stolen. Fortunately, the technology embedded within smartcards allows for two-factor authentication. This is commonly described as gaining access due to something you have (the card) and something you know (a password or PIN).

Something you have is the card with your details on it; something you know is a PIN or password, or even a biometric token that ensures you are the person who is supposed to have the card. Two-factor authentication is not used for physical access as much as it is for logical access right now, but it is becoming a preferred integrated solution for allowing people to access buildings and computer systems. The potential for integrated physical and logical access control solutions is another area in which we expect to see tremendous growth in coming years.

As with any technology, it is important to remember that technology is only as good as its acceptance by users and the ease with which they can use it. To ensure you business has an effective access control system in place, you need to start by developing the appropriate access policies and procedures based on the requirements of the company and the capabilities of users. Once you know what you want and how it should perform, selecting the technology to meet your needs becomes easier. All you need then is to find the right partner who understands your business and has the knowledge, skills and experience to ensure your system delivers.

For more information contact Norbain SA, +27 (0)11 887 1546, [email protected], www.norbain.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Gallagher Security releases OneLink
Gallagher Animal Management Products & Solutions Access Control & Identity Management
Gallagher Security has announced OneLink, a cloud-based solution that makes it faster, easier and more cost-effective to deploy security anywhere in the world, transforming how security can be delivered to remote sites and distributed infrastructure.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
The future of security: intelligent automation
Access Control & Identity Management AI & Data Analytics IoT & Automation
As the security landscape evolves, businesses are no longer looking for stand-alone solutions, they want connected, intelligent systems that automate, streamline, and protect.

Read more...
Smart automation is changing security
SA Technologies IntelliGuard Access Control & Identity Management
Security has come a long way from manual check-ins, logbooks, and standalone surveillance cameras. With the rise of intelligent automation, security is now faster, smarter, and more connected than ever.

Read more...
The future of security in South Africa
ATG Digital Access Control & Identity Management
Security technology is evolving rapidly, but is local innovation keeping pace? Some global players recognise the potential of South African products for international markets, but can our manufacturers and service providers thrive without external support?

Read more...
Integration enhances estate access control
Access Control & Identity Management
With one-third of residential burglaries starting at the front door, the continued seamless integration of Glovent’s estate management platform with Impro access control software is welcome news for estates.

Read more...
T&A in South Africa’s retail sector
ERS Biometrics Access Control & Identity Management
Using existing systems, ERSBio provides a practical and more cost-effective way for businesses to manage operations, reduce payroll mistakes, and enhance overall efficiency through innovative T&A processes.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Paxton opens second experience centre
Paxton News & Events Access Control & Identity Management
Security technology manufacturer, Paxton, has opened a new experience centre in Cape Town on 12 February in partnership with its exclusive distributors, Reditron and Regal Security.

Read more...