Like many areas of the security industry, enterprise access control saw many changes in 2020. Now in 2021, the needs and expectations of what access control systems can provide are continuing to evolve, says James Segil, vice president of access control at Motorola Solutions, Chicago.
“In previous years, many organizations were faced with choosing between safety or convenience,” Segil explains. “What we’re seeing now, in light of changes in recent years to the security landscape, is a new era in which businesses require safety and flexibility, and there isn’t room to compromise on either.”
The new normal requires adaptability as businesses adjust their office models to accommodate hybrid work, Segil says, adding that the pandemic has made organizations and end users adamant about protecting health and safety.
“Customers are demanding more from their access control system,” says Rick Focke, director of product management, enterprise access control, Johnson Controls, Milwaukee. “Whereas previously all a system had to do was manage access rights and provide alarm monitoring, now customers are asking system providers to expand to encompass visitor management, access rights policies, occupant health and safety, occupancy and usage reporting. And, they are requiring custom integrations into systems such as health and fitness tracking, service ticket systems, maintenance management, etc.”
So which trends do you need to pay attention to if you’re going to be working in enterprise access? Here are the top four, according to the experts.
1. The Transition to the Cloud
While a long time coming, the transition of enterprise access to the cloud is now speeding up thanks to IT initiatives and other factors.
“We foresee an increase in the uptake of ACaaS or a hybrid version of a cloud and enterprise solution,” says Despina Stamatelos, product marketing manager for Genetec, Montreal. “Many organizations have initiatives to bring much of their IT infrastructure to the cloud, and this includes their access control.”
There are many benefits to this, Stamatelos says, including scalability and having a system that easily evolves with a business’s changing needs; having an operational cost versus a capital cost; and enjoying flexibility. Plus, these systems can be managed from a distance and require fewer resources to maintain, since those responsibilities are left to the provider.
“The transition from on-premise application hosting to a hybrid or pure cloud model has been influencing security and IT decision making for several years,” says Ewa Pigna, chief technology officer, LenelS2, Pittsford, N.Y. “Given the continued growth in cloud infrastructure by the public cloud providers, it is becoming more cost-effective and technically feasible to deploy enterprise access control solutions in this way. As the space continues to mature, it is likely we will see more enterprise customers opt for a hybrid or cloud security setup.”
Beyond the technical benefits, Pigna says that the demand for a different business model is also a driving force in the transition to the cloud. “End users are looking for options that enable better budget planning and are considering a subscription-based model as a potential replacement to the traditional capital expenditure approach.”
Another driving force? Increased integration, Segil says.
“In recent years, there’s been a convergence of physical and digital security in order to have a central place of command and a unified security experience across an organization,” he explains. “Systems have to be able to connect and cooperate with other systems in order to provide maximum value for customers and to allow the data that customers are looking for to come together in one place. The adoption of cloud-based systems has accelerated in part due to the rich integrations and compatibility they offer, allowing businesses to connect and utilize different systems and services to fit their specific needs.”
Because this mass adoption of cloud access is new, though, there is a learning curve for security integrators.
“As with any disruptive technology, it requires a lot of education in order to overcome traditional ways of thinking and help customers in their journey to adopting cloud-based systems,” Segil says. “While the cloud is not a new technology, it is just starting to see mass adoption in the commercial real estate industry, so understanding what customers’ specific security needs are, and then educating them on how to meet those needs using cloud-based tools and services, requires patience and perspective.”
Enterprise Access Control in a Post-Pandemic Era
Even a global pandemic failed to stop criminals from attempting to exploit vulnerabilities as millions of employees and consultants worked from home, outside corporate firewalls, tapping into a medley of Wi-Fi connections. In our post-pandemic era, as more workplaces are balancing higher remote workforces on a permanent basis, more data than ever is being generated outside of the traditional, safer work environment.
It has never been more important to manage your enterprise access control system with strategies to safeguard physical and cyber assets. The pandemic accelerated our world’s digital transformations, including the move to the cloud, remote working and the extension of the enterprise network. The result has been the loss of infrastructure perimeters with multiple data vulnerabilities exposed across extended enterprise networks; a burst in data; and new challenges in managing data security across these networks.
From single-location access control systems to remote campus environments in enterprise applications, it is important to partner with the best technology manufacturers to utilize best-in-breed, IT-standard tools and distributed architecture. This approach offers the flexibility to design a scalable, customized solution that meets a company’s needs today and tomorrow.
Mark Mullison, chief information officer at Allied Universal, says, “In today’s world, a cyber threat can become a physical threat, which may turn into a cyber threat again. The walls between physical security and cybersecurity are coming down and these formerly disparate worlds are converging.”
Integrated enterprise access control solutions using advanced analytics and artificial intelligence are going beyond the archaic “detect and respond” model of risk management to become an ecosystem that provides a comprehensive safety and security solution. An integrated workforce ecosystem ensures reduced liability and enhanced reputation that amplifies the effectiveness of onsite security.
It’s not a choice between technology and people; it’s about allowing people to work with technology. Artificial intelligence systems interface with a company’s monitoring and response centers in which remote video monitoring data and video analytics data are accessible from the portal and brought into the attribute model. Over time, those data sources will include information from IoT sensors, drones and robots, along with cameras and other sources. Workflows today task our security professionals via text and email; in the future, workflows will be passed by drones and other automation technologies.
As time goes on, and the walls between physical security and cybersecurity have been eliminated, the walls between security officers, personnel and technology will also come down, leaving us with an ecosystem that allows all things to cooperate at light speed, which ensures we’re considering everything we need to consider, and bringing all these resources to bear in a way that drives better outcomes.
The acceleration of enterprise cloud has led to the development of new, sophisticated and complex cloud ecosystems, and it’s a challenge for businesses to grasp the full range of choices and implications that moving into this environment brings.
Increasing compliance and regulatory demands have also been a catalyst for data security changes. If your company has not been subject to data privacy and compliance issues, it’s not a matter of if, but when — and having trusted advisors to consult in the face of deadlines is key to success here. — By John Bradford, Senior Vice President of Sales, Allied Universal Technical Services
2. Mobile Access
Another long-time-coming trend that has recently seen accelerated adoption is mobile access control.
“We started to see this prior to the pandemic, but the pandemic has pushed the need even more for companies to start implementing mobile access control solutions,” says Jody Ross, vice president of sales at AMAG Technology, Hawthorne, Calif. “Centralized management allows companies to distribute and manage mobile credentials remotely, eliminating the need for employees to go to a badging office, and also supporting return-to-work guidelines.”
As Ross points out, mobile access solutions can include health forms that employees can fill out on their phones. If they complete it successfully, they can access the office building. If not, the credentials simply won’t work.
“Mobile access is quickly becoming the preferred method for many companies because they are more easily managed by the system admin, as well as more secure than traditional cards or fobs,” Segil says. “Security administrators can instantly add or revoke permissions, activate lockdowns and issue guest passes via user management software, without any face-to-face interaction.”
Aaron Simpson, president and chief technology officer of Stone Security, Salt Lake City, SDM’s 2020 Systems Integrator of the Year, says that mobile credentials are gaining more and more market share.
“With Apple announcing they are finally opening up their wallet to app developers, we will now have both of the major mobile OS’ supporting Bluetooth and NFC,” Simpson says. “We have used mobile credentials in our office for several years now and have been happy with the progress and dependability of the solution.”
Stamatelos predicts that mobile credentials will experience the fastest growth amongst all access control equipment. “There are several advantages in using mobile credentials, including convenience since people carry their smartphones on them all the time and are less likely to lose them. Improved security [is another advantage] as mobile credentials can be revoked, denying access to a stranger trying to use the mobile device for entry to a secured area. Greater flexibility [is also an advantage] as cardholders only need to carry their mobile device to enter several different facilities as opposed to carrying multiple credentials.”
Mobile access is not the only new authentication method that security professionals should keep an eye out for, though.
“The means of authenticating an identity is expanding — from traditional plastic cards, to mobile credentials, to facial recognition, to high assurance credentials with a biometric second factor, and any combination thereof,” Focke says. “The mobile device is also gaining importance as not just a keeper of a credential, but as a biometric factor as well. An enterprise-level access control system needs to be ready to deal with any and all types of authentication, especially when a company merges or is acquired by another company, and then has to merge their credentials and identity authentication techniques.”
3. Advancing Analytics
The adoption of artificial intelligence into the alarm management and response process is one of the biggest changes for the enterprise access control market, according to Focke.
“Enterprise access control systems generate tons of data, but much of it goes unnoticed,” he explains. “AI is allowing us to tease out the important pieces of information, put it into context and streamline the alarm management workflow and reduce response times. AI also allows us to add and analyze access patterns for anomalies, provide context around occupancy controls, enforce tailgating policies and social distancing guidelines, and it provides a tighter tie-in to video data for better situational awareness.”
Analytics can help organizations be more proactive, preventing crimes rather than responding to them, AMAG’s Ross explains.
“Analytics or business intelligence can be utilized to deliver critical information through data analytics, which help identify people who may pose a high risk to an organization,” Ross says. “Organizations are using access control data — and other data — and communicating with other departments to prevent risk. These solutions are a critical function of an incredibly important insider threat program.”
Pigna concludes that the use of analytics in system management and administration will change the way enterprise access control is done.
“A fusion of various modalities, such as access control, video surveillance and biometrics, allows administrators to be more efficient and accurate in managing the people flow throughout their facilities while providing a higher level of situational awareness and overall security.”
Challenges in Enterprise Access Control
As things continue to change in enterprise access control, navigating installations can be challenging for integrators. Here, professionals share some of the challenges you might encounter when working with enterprise access.
“Many access control companies build their own proprietary hardware platforms. It has been our sad experience to come across many end users whose access control platforms are now dated with stagnant software and the only solution is a rip and replace. So many of the new startup platforms are coming to market with proprietary hardware. This is good for the access control company but bad for the end user.” — Aaron Simpson, Stone Security
“COVID-19 has completely changed the working environment. Many organizations are choosing to allow their employees to have a hybrid set up between working remotely or at the office. This means that the need for office space will decline, possibly eliminating the need for additional access control. Vendors must look at potential new verticals or emerging markets to position access control. They must also be innovative in how an end user can use their product.” — Despina Stamatelos, Genetec
“The increase of acquisitions on a global basis offers organizations a challenge to bring multiple disparate systems under one system. Different access control, video and HR systems, just to name a few, all have to be incorporated into the new, larger company.” — Jody Ross, AMAG Technology
“Technology upgrades for enterprise customers can be massive, and many times this involves hundreds or thousands of remote sites. Detailed planning and testing of a proposed solution is essential before beginning a rollout.” — Rick Focke, Johnson Controls
“Given the typically long life cycle of access control systems, there are many legacy systems deployed today. Ensuring that proper cybersecurity measures are applied to those systems may not always prove to be successful. Therefore, administrators must take a calculated approach and plan for system updates as they budget capital and operational costs related to the support of enterprise access control systems.” — Ewa Pigna, LenelS2
“Because the nature of the business is undergoing so much change, and a significant amount of uncertainty still exists for most businesses following the pandemic, a one-size-fits-all approach is no longer viable. Businesses now need scalable management of users, schedules and access permissions for all locations in one simple interface; customizable settings and notifications; remote management capabilities; integrations with video management systems; a la carte features; etc.” — James Segil, Motorola Solutions
“I think the biggest challenge to integrators when using enterprise solutions is being able to understand wants versus needs. End users tend to only use 20-25 percent of available features, so why spend top dollar when actually simpler solutions can meet the 'real' requirements?” — Gareth O’Hara, Chief Sales Officer, Paxton Access
“Funding for the deployment of all the new technologies is a real challenge as the economy recovers from the shutdown caused by COVID-19. Access control, and in particular enterprise access control, can be expensive to deploy and, as a result, is a very sticky technology, not easily upgraded. The funding necessary to do a ‘forklift’ upgrade of an enterprise access control system is seldom available and estate owners/operators must look to other sources of funding to cover these costs. This has placed financial strain on enterprise leaders, who couldn’t have anticipated that they would need to radically change their access control policies and systems.” — Bill Hobbs, Vice President of Global Sales, 3xLOGIC
4. Cybersecurity Concerns
The COVID-19 pandemic and the increase in remote workers really exposed cyber risks — and access control systems were not immune, explains Genetec’s Stamatelos.
“We saw a high rise in cyberattacks over the last year and these are expected to continue,” she says. “Unfortunately, an unprotected access control system can be used as a point of entry to an organization’s network. This is very concerning and should not be taken lightly. Unfortunately, many organizations still use outdated technologies such as prox cards or the Wiegand protocol that exposes the access control system to potential cyberattacks.”
But as cyberattacks increased, so did awareness and the demand for sound cybersecurity practices and solutions, regardless of the deployment model, Pigna says.
“End users and integrators are challenged with securing their physical access control infrastructure in a very dynamic environment,” Pigna explains. “Stories of ransomware hackings on critical infrastructure and even smaller targets such as school districts are becoming more frequent. These stories have rightly caught the attention of many enterprise organizations.”
Today more than ever, it’s important that cybersecurity remain top-of-mind during every installation.
“Maintaining the cyber health of an enterprise system is paramount, and close cooperation with the customer’s IT department is a must-have,” Focke says. “Make sure your system provider has a proactive cyber response program and a good track record of mitigating vulnerabilities.