Combating the cyber criminals

June 2004 Cyber Security

When access control systems were first introduced, they consisted of control panels, readers, electrically controlled door strikes, cards, and a personal computer. That part has not changed much. In the late '70s and early '80s semiconductor technology was in its infancy and still relatively expensive. As a result, the realm of access control was limited to governments and large businesses. It was not a practical or affordable security solution for mid-size to small companies. And it was still a relatively unknown commodity. Unlike today, controllers were slow with limited memory. The interval between a card swipe at a reader and the response to unlock the door could take as long as 30 seconds depending on how much activity was going on in the building. Compare that to response times of less than 1 second nowadays. Readers were pretty much limited to magnetic stripe and Wiegand swipe technology.

Integration, integration and more integration

Much has changed in the ensuing years. Although they still primarily consist of control panels, readers, electrically controlled door strikes, cards and personal computers, the dynamics of access control has undergone a radical transformation.

Access control systems have grown more sophisticated expanding well beyond their original intention of merely managing doors. Advancements in semiconductor technology have given rise to faster and more intelligent controllers and readers. And the evolution of personal computers with more powerful microprocessors and the advent of networks have spawned greater integration with other building systems and business systems. With a marked reduction in the costs of components, access control has become a much more affordable security application. And it is the end-user who has driven these changes and will continue to drive the changes as manufacturers are compelled to react to market demands. Access control systems, besides doors, now regulate elevators and parking garages, too, interface with building maintenance and alarm systems, connect with closed circuit television systems, integrate with photobadge ID card systems, have the ability to e-mail alarm messages to Internet connected wireless devices, and the access control software applications offer a full range of site management tools and report capabilities. Perhaps the greatest significant development in access control is the capability of interfacing with LAN/WAN technology allowing the interconnection of multiple buildings, regardless of their proximity to one another, and integrating those buildings into one system with multiple points of monitoring and control. The benefits of harnessing all these features into one integrated system has obvious benefits for the end-user, but manufacturers must constantly modify their products and it places greater and greater demands on dealers and installers. Dealers must be versatile and have an understanding of electrical and electronic concepts, understand access control systems, building maintenance systems, alarm systems, CCTV systems, as well as having computer skills and some knowledge of network technology. And if that is not enough, they must also know various manufacturers' products and those that are best suited to their clients' needs.

CCTV integration

Closed circuit television systems have been around for a long time. But CCTV systems were generally self-contained. With the development of video capture boards for PCs a decade ago and as PC processor speeds have increased exponentially over the past few years, it is now practical for access control systems to integrate with CCTV systems. The access control software can monitor live video feeds, initiate camera actions in response to an alarm condition while still controlling, monitoring and recording site activity. The integration of CCTV with access control provides end-users with a big economical advantage. Amalgamating the two platforms eliminates the cost of redundant equipment and gives security personnel efficient control of both systems from a single PC. And just to demonstrate that we are not resting on our laurels, access control systems are currently re-tooling to interface with digital video recorders and Web-based cameras as CCTV technology strides forward.

E-mailing alarms

In the past, to be apprised of an alarm condition, someone had to be at a fixed position at a PC or monitor. As the Internet has become a revolutionary communication tool, you can virtually go anywhere on the planet in seconds, access control has been given a new dynamic in security management. The access control software can be programmed to e-mail alarm conditions or critical building maintenance messages to any Internet e-mail address including wireless devices such as cellphones and PDAs. For the small business owner who does not have the luxury of security personnel, equipped with a cellphone or PDA, the access control system automatically e-mails a message so the recipient is quickly alerted and can respond accordingly to an emergency.


The advent of local area networks/wide area networks and modems have given access control systems the ability to regulate multiple buildings whether they are in proximity to one another or on the opposite sides of a continent. Property management companies, governments, major corporations or other organisations with multiple buildings can maintain total control of all buildings from one central office or give staff within each building full or partial control over their own building or the entire system, or, as may be the case with security guards, restrict usage to just monitoring the system for alarms. And with all buildings under one system, individuals can access any or all buildings with one access card. Imagine the benefits of an access control system integrated with a CCTV system that controls and monitors a building in Seoul from another building in Hong Kong or vice versa.

Access control software as a management tool

As access control systems have grown more sophisticated, the software, too, has grown not only in sophistication, but in functionality as a management tool, offering a wealth of report formats. With a self-contained database that records every system transaction, an access granted or access denied at a door, an alarm event, or a system administrator entry, management can tap into this vast pool of data collected by the database. Reports can range from cardholder information, site activity, time and attendance, site evacuation, alarms, and site structure with wide latitude in filtering the contents. Some access control software can import and export database contents in CSV file format. This saves on duplication of information common to other departments such as personnel records that can be converted to access control cardholder records. Many access control systems offer ancillary applications such as photobadge and guard monitoring software.

These software applications are designed to integrate with the access control software and share the database. Photobadging allows end-users to design templates and incorporate specific database fields in the template. When the ID card is printed it is personalised for the individual cardholder based on the parameters specified in the template. This could include the company logo, a photo, first and last name, and department of the cardholder. Cards can also be colour-coded to distinguish authorised access clearance for various areas in a building or imprinted with a bar code for other third-party applications.

For companies that employ security personnel or contract out to third-party security services, dedicated guard monitoring software is available. The advantage of a guard monitoring application is it provides management with a tool to direct and report on security personnel activity and excludes them from having direct contact with the access control software. The range of functionality with the guard monitoring application can be regulated at the discretion of management.

Guard monitoring software gives management the ability to format guard tours based on system controlled points and report the results of each tour, set alarm messages to specific readers or inputs. The monitoring application will also allow security personnel to monitor multiple site activity and with the ability to lock and unlock doors at any site under the jurisdiction of the software.

Price vs security

A common misperception is that all readers are the same, all access controllers are the same, and all cards are the same. To many end-users, and in some cases even dealers, the only perceptible difference, other than the names of manufacturers, is the price. The price is not necessarily indicative of the quality, reliability, and the level of security offered by the system. Not all access control components embrace proven technologies that provide adequate security and offer longevity of service. Does the access control system have an open architecture? If the system requires expansion, open architecture allows integration of other manufacturers' systems. Proprietary architecture does not. Can the cards be easily duplicated or compromised? Different card technologies do not all offer a high level of security.

Do the readers use proven technology and will they operate reliably in their environment. Are they susceptible to damage? Does the access control system use fully-intelligent distributed processing or is it host-dependent? With fully-distributed intelligent processing, each access control panel continues to operate without any degradation to performance or security. Is after-sales technical support available? With the complexity of today's systems, end-users are gratified to know they can make a phone call and receive help for any technical difficulties.

These are just some of the factors that buyers should be aware of when considering the selection of an access control system. Obviously different clients require different needs and do not necessarily require a premium system with all the incumbent ancillary devices, software applications, or the integration other systems. But if the access control system fails in offering a reliable and efficient security platform, then the end-user's investment is at risk.

Where is it all leading?

No one has a crystal ball to predict the future, but based on history, access control systems will continue to integrate with other business systems and with wireless communication technology. We are almost there now, and one can envision not only being informed of alarm or other critical messages but having complete control of the system with the use of a cellphone or PDA. With the digital transmission of images, someone with a cellphone that is connected to the access control system could from a remote location see who is at the door via a camera feed, converse with that individual, and use the keypad to unlock the door. Like we said, no one has a crystal ball but it is certainly foreseeable in the not too distant future.

Where do we go from here? As is the case for all businesses, access control manufacturers will continue to be confronted with assessing the market potential of new technologies and constantly adding product enhancements to their systems. But on the flip side of the coin, they must be sure that their products remain cost competitive in the market place. It is a fine balancing act to be sure.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber attackers used over 500 tools and tactics in 2022
Cyber Security News
The most common root causes of attacks were unpatched vulnerabilities and compromised credentials, while ransomware continues to be the most common ‘end game’ and attacker dwell time is shrinking – for better or worse.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Recession or stress?
Cyber Security News
The economic landscape has seen many technology companies lay off vast numbers of employees, but for cybersecurity, the picture looks very different – a dynamic mixture of excitement, challenges and toxicity.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

NEC XON appoints Armand Kruger as Head of Cybersecurity
News Cyber Security
NEC XON has announced the appointment of Armand Kruger as the Head of Cybersecurity. Kruger will oversee all cybersecurity offerings including cybersecurity strategy, programmes, and executive advisory.

Caesar Tonkin new head of cybersecurity business, Armata
News Cyber Security
Vivica Holdings has announced the appointment of cybersecurity expert Caesar Tonkin to head up its cybersecurity business Armata, which provides technology solutions and niche expertise needed to help businesses better protect themselves.

Surveillance-free surfing
News Cyber Security Products
Zoho has launched Ulaa, a privacy-centric browser built specifically to help users secure their personal data and activity by providing a browser solution that universally blocks tracking and website surveillance.

Troye and Arctic Wolf join forces
News Cyber Security Security Services & Risk Management
Troye has announced a strategic partnership with Arctic Wolf to enable Troye to provide customers with enhanced cybersecurity solutions and services that help protect their businesses from advanced cyber threats.

Relaxed home cybersecurity could render consumers accidental ‘inside actors’
Editor's Choice Cyber Security Smart Home Automation
Cisco security experts warn of snowball impact of relaxed approach to cybersecurity on personal devices, noting 60% of users primarily use their personal phone for work tasks and 76% have used unsecured public networks for work tasks.

VMware unveils new security capabilities
Cyber Security IT infrastructure Products
At the RSA Conference 2023, VMware unveiled enhanced features for its suite of security solutions to address the increasing sophistication and scale of cyberattacks and to deliver strong lateral security across multi-cloud environments.