The many faces of access control
By Daiva Wood & Yanik Brunet
Access control has long been a vital component in a complete security suite for enterprises ranging from the largest multinational corporations down to single-location small businesses.
Recently, it seems to have taken on even greater importance as security manufacturers and integrators offer a new array of equipment and enhanced services.
Among the more exciting offerings are managed and hosted access control, which allow end users to determine how much involvement they want in the process – from a great deal to virtually none at all.
By Daiva Wood & Yanik Brunet
Managed access control makes sense for any size organization with a need for protecting a single door to a large enterprise system. In most cases, end users aren’t in the security business and don’t want the responsibility of installing, monitoring and maintaining a system. With a managed access control solution, the end user gets a system that requires no time commitment from its employees. The service provider installs all card readers and control panels; system servers, are stored, maintained and administered by the service provider; all data entry, including cardholder additions, deletions and edits, as well as access schedule definitions are managed by the service provider, who also monitors and responds to system events and alarms.
The end user receives customized reports on a daily, weekly or monthly basis. While many organizations are outsourcing legal, payroll and other professional services, it makes sense to consider doing the same for access control. And generally, in a managed services scenario, service providers can often offer a more robust system for less money.
Hosted access control is similar to the managed services version in that it involves a service provider installing access control panels and readers and providing an offsite server, administering and maintaining the associated operating system, database and application revisions. But the end user still remains responsible for data entry as well as monitoring and responding to system events and alarms.
This is an option that often appeals to end users who don’t want the responsibilities that come with system ownership, but have available and capable staff to handle database maintenance.
These two options aren’t new concepts, but only recently has the technology caught up allowing for easy-to-deploy, interconnected systems.
A third option is traditional access control. In this version, end users purchase the control panel, readers, servers and software to operate and monitor the system. Users maintain databases and may also choose to service systems with their own in-house technicians. Often they elect to sign a maintenance agreement with their integrator.
Managed, hosted and traditional — three access control solutions — are ideal for a wide variety of end user security needs and capabilities. The decision to choose one type of access control will be based on a number of factors.
Often, the decision about which type of access system to choose may be determined by an organization’s current — or legacy — system. A company may have already spent hundreds of thousands or millions of dollars on access control equipment and would find it difficult to scrap it all for a new system.
Other times, a corporate IT department will play a role in the decision. This is because most security functions now require a computer network to transmit data. And IT folks are very particular about what and how much data is transmitted across their networks. While the bandwidth required by an access control system is small compared to that required by a video surveillance system, IT will want to be sure its network is safe from outside hackers.
This is where the convergence of logical and physical security comes into play. Cyber security is becoming more important in both Canada and the U.S. There are currently more than 10,000 attacks daily on government and financial networks in the two countries.
It is no longer unusual to require multiple authentications before gaining access to an office or the network. Previously, a user name and password were acceptable. Now, private and public IT departments may require another security layer such as biometrics. Fingerprint scanners are the most frequently used biometric devices. Although they have been around for years, only recently has the reliability of biometric devices significantly improved, while the costs have dropped.
There are some other relatively new additions to the access control arsenal. One example is an edge device that sits on the network and records data at the entry location. These devices, which include readers and controllers, are great for use at smaller or remote locations. Faster computer processors and less expensive memory chips are the driving forces behind these devices.
The demands of remote sites or areas where cabling is expensive or difficult to install, have led to an increase in the use of wireless readers. Wireless technology has allowed for the placement of readers where they may have previously been impossible to install.
As for making the switch from legacy systems, access control equipment manufacturers are making transition readers that can read multiple card technologies. These readers allow organizations to integrate new, modern equipment without having to completely replace an existing access system. This eases the burden on organizations allowing them to make the change as their budget and staffing permit.
The tools we use and the way we install and manage access control is changing rapidly. That change will only accelerate as technology evolves and the need for access control grows.
Daiva Wood has over 15 years of experience in the security industry. She is currently manager for strategic products, access control for Boca Raton, Florida-based ADT Security Services.
Yanik Brunet has been with Kantech, a brand of Tyco Security Products, for more than 12 years. He is currently the North American sales manager, based in Vancouver, B.C.