Like many areas of the security industry, enterprise access control saw many changes in 2020. Now in 2021, the needs and expectations of what access control systems can provide are continuing to evolve, says James Segil, vice president of access control at Motorola Solutions, Chicago.
“In previous years, many organizations were faced with choosing between safety or convenience,” Segil explains. “What we’re seeing now, in light of changes in recent years to the security landscape, is a new era in which businesses require safety and flexibility, and there isn’t room to compromise on either.”
The new normal requires adaptability as businesses adjust their office models to accommodate hybrid work, Segil says, adding that the pandemic has made organizations and end users adamant about protecting health and safety.
“Customers are demanding more from their access control system,” says Rick Focke, director of product management, enterprise access control, Johnson Controls, Milwaukee. “Whereas previously all a system had to do was manage access rights and provide alarm monitoring, now customers are asking system providers to expand to encompass visitor management, access rights policies, occupant health and safety, occupancy and usage reporting. And, they are requiring custom integrations into systems such as health and fitness tracking, service ticket systems, maintenance management, etc.”
So which trends do you need to pay attention to if you’re going to be working in enterprise access? Here are the top four, according to the experts.
1. The Transition to the Cloud
While a long time coming, the transition of enterprise access to the cloud is now speeding up thanks to IT initiatives and other factors.
“We foresee an increase in the uptake of ACaaS or a hybrid version of a cloud and enterprise solution,” says Despina Stamatelos, product marketing manager for Genetec, Montreal. “Many organizations have initiatives to bring much of their IT infrastructure to the cloud, and this includes their access control.”
There are many benefits to this, Stamatelos says, including scalability and having a system that easily evolves with a business’s changing needs; having an operational cost versus a capital cost; and enjoying flexibility. Plus, these systems can be managed from a distance and require fewer resources to maintain, since those responsibilities are left to the provider.
“The transition from on-premise application hosting to a hybrid or pure cloud model has been influencing security and IT decision making for several years,” says Ewa Pigna, chief technology officer, LenelS2, Pittsford, N.Y. “Given the continued growth in cloud infrastructure by the public cloud providers, it is becoming more cost-effective and technically feasible to deploy enterprise access control solutions in this way. As the space continues to mature, it is likely we will see more enterprise customers opt for a hybrid or cloud security setup.”
Beyond the technical benefits, Pigna says that the demand for a different business model is also a driving force in the transition to the cloud. “End users are looking for options that enable better budget planning and are considering a subscription-based model as a potential replacement to the traditional capital expenditure approach.”
Another driving force? Increased integration, Segil says.
“In recent years, there’s been a convergence of physical and digital security in order to have a central place of command and a unified security experience across an organization,” he explains. “Systems have to be able to connect and cooperate with other systems in order to provide maximum value for customers and to allow the data that customers are looking for to come together in one place. The adoption of cloud-based systems has accelerated in part due to the rich integrations and compatibility they offer, allowing businesses to connect and utilize different systems and services to fit their specific needs.”
Because this mass adoption of cloud access is new, though, there is a learning curve for security integrators.
“As with any disruptive technology, it requires a lot of education in order to overcome traditional ways of thinking and help customers in their journey to adopting cloud-based systems,” Segil says. “While the cloud is not a new technology, it is just starting to see mass adoption in the commercial real estate industry, so understanding what customers’ specific security needs are, and then educating them on how to meet those needs using cloud-based tools and services, requires patience and perspective.”
2. Mobile Access
Another long-time-coming trend that has recently seen accelerated adoption is mobile access control.
“We started to see this prior to the pandemic, but the pandemic has pushed the need even more for companies to start implementing mobile access control solutions,” says Jody Ross, vice president of sales at AMAG Technology, Hawthorne, Calif. “Centralized management allows companies to distribute and manage mobile credentials remotely, eliminating the need for employees to go to a badging office, and also supporting return-to-work guidelines.”
As Ross points out, mobile access solutions can include health forms that employees can fill out on their phones. If they complete it successfully, they can access the office building. If not, the credentials simply won’t work.
“Mobile access is quickly becoming the preferred method for many companies because they are more easily managed by the system admin, as well as more secure than traditional cards or fobs,” Segil says. “Security administrators can instantly add or revoke permissions, activate lockdowns and issue guest passes via user management software, without any face-to-face interaction.”
Aaron Simpson, president and chief technology officer of Stone Security, Salt Lake City, SDM’s 2020 Systems Integrator of the Year, says that mobile credentials are gaining more and more market share.
“With Apple announcing they are finally opening up their wallet to app developers, we will now have both of the major mobile OS’ supporting Bluetooth and NFC,” Simpson says. “We have used mobile credentials in our office for several years now and have been happy with the progress and dependability of the solution.”
Stamatelos predicts that mobile credentials will experience the fastest growth amongst all access control equipment. “There are several advantages in using mobile credentials, including convenience since people carry their smartphones on them all the time and are less likely to lose them. Improved security [is another advantage] as mobile credentials can be revoked, denying access to a stranger trying to use the mobile device for entry to a secured area. Greater flexibility [is also an advantage] as cardholders only need to carry their mobile device to enter several different facilities as opposed to carrying multiple credentials.”
Mobile access is not the only new authentication method that security professionals should keep an eye out for, though.
“The means of authenticating an identity is expanding — from traditional plastic cards, to mobile credentials, to facial recognition, to high assurance credentials with a biometric second factor, and any combination thereof,” Focke says. “The mobile device is also gaining importance as not just a keeper of a credential, but as a biometric factor as well. An enterprise-level access control system needs to be ready to deal with any and all types of authentication, especially when a company merges or is acquired by another company, and then has to merge their credentials and identity authentication techniques.”
3. Advancing Analytics
The adoption of artificial intelligence into the alarm management and response process is one of the biggest changes for the enterprise access control market, according to Focke.
“Enterprise access control systems generate tons of data, but much of it goes unnoticed,” he explains. “AI is allowing us to tease out the important pieces of information, put it into context and streamline the alarm management workflow and reduce response times. AI also allows us to add and analyze access patterns for anomalies, provide context around occupancy controls, enforce tailgating policies and social distancing guidelines, and it provides a tighter tie-in to video data for better situational awareness.”
Analytics can help organizations be more proactive, preventing crimes rather than responding to them, AMAG’s Ross explains.
“Analytics or business intelligence can be utilized to deliver critical information through data analytics, which help identify people who may pose a high risk to an organization,” Ross says. “Organizations are using access control data — and other data — and communicating with other departments to prevent risk. These solutions are a critical function of an incredibly important insider threat program.”
Pigna concludes that the use of analytics in system management and administration will change the way enterprise access control is done.
“A fusion of various modalities, such as access control, video surveillance and biometrics, allows administrators to be more efficient and accurate in managing the people flow throughout their facilities while providing a higher level of situational awareness and overall security.”
4. Cybersecurity Concerns
The COVID-19 pandemic and the increase in remote workers really exposed cyber risks — and access control systems were not immune, explains Genetec’s Stamatelos.
“We saw a high rise in cyberattacks over the last year and these are expected to continue,” she says. “Unfortunately, an unprotected access control system can be used as a point of entry to an organization’s network. This is very concerning and should not be taken lightly. Unfortunately, many organizations still use outdated technologies such as prox cards or the Wiegand protocol that exposes the access control system to potential cyberattacks.”
But as cyberattacks increased, so did awareness and the demand for sound cybersecurity practices and solutions, regardless of the deployment model, Pigna says.
“End users and integrators are challenged with securing their physical access control infrastructure in a very dynamic environment,” Pigna explains. “Stories of ransomware hackings on critical infrastructure and even smaller targets such as school districts are becoming more frequent. These stories have rightly caught the attention of many enterprise organizations.”
Today more than ever, it’s important that cybersecurity remain top-of-mind during every installation.
“Maintaining the cyber health of an enterprise system is paramount, and close cooperation with the customer’s IT department is a must-have,” Focke says. “Make sure your system provider has a proactive cyber response program and a good track record of mitigating vulnerabilities.