Who Has the Keys?
Key management and control is a critical aspect of security
- By Mike McGovern
- Jul 14, 2008
There is a mistaken belief among
some that the use of traditional
mechanical keys is becoming
less important with the proliferation
and evolution of sophisticated access control
technology. The fact is, traditional
mechanical keys are more common than
ever, and today’s security awareness dictates
these keys be tracked, monitored and
managed effectively. Casinos, convention
centers, healthcare facilities, residential
and commercial property management,
educational institutions, government,
transportation and delivery, auto dealerships
and prisons are among the common
users of good key management systems.
Key Control Networks
The concept of key management relates
to keys secured in a locked or unlocked
enclosure and each key is assigned a
physical and logical location—or a
hook in more primitive systems. Each
key or key bundle may be assigned to
someone whose security credentials
permit the use of that key during that
time period. Authority systems range
from a guard identifying and issuing
keys in basic systems to automated
locking, release, tracking and timing in
advanced systems. Returned keys are
logged in—electronically or in writing—
providing management with a
report of when and to whom the keys
were issued and whether keys are available
or remain out.
The first of three basic key control
system methods is considered manual, or
primitive. This means key possession is
tracked and/or controlled by a sign-out
sheet and the supervision of administrative
and/or security personnel. This
method is labor-intensive and susceptible
to human error; there is no way of generating
an automatic report when a key is
not returned, for example.
In the second method, mechanical or
electronic key controls involve a metalto-
metal contact identification. These
technologies have been available for
more than 20 years. Contact chips and
similar systems rely upon electrical
point-to-point contact points of the
device attached to the key.
Keys are fundamentally mechanical
devices subject to abuse and frequent
exposure to dirt and moisture. These same
mechanical devices are, for secure operations,
dependent upon electrical contact
points, which are subject to failure and
high maintenance due to the normal wear
and dirt acquisition of the contacts.
The final method is the newest form of
key management. It is based on contactless
RFID technology—similar to but
more rugged than traditional proximity
cards. An RFID tag is embedded into an
indestructible key fob, docked into a round
port in the key board. RFID technology is
maintenance-free, and the contactless
identification capability of the fob can be
used for additional tasks related to access
and control efficiency. RFID key fobs are
not affected by dirt, moisture or wear. The
first system of this type—proxSafe®—
was introduced by Deister Electronics.
Item vs. Access Control
Key management may be seen as part
of the broader category of item control,
which is the cousin to access control.
Item control is a natural step as people
become more sophisticated in managing
and controlling access to places, information
and things. Today’s technology provides
means of identifying who is getting
into a building, who is accessing its information
technology and who is in possession
of its items or keys. Contactless
RFID-based systems also are equally
effective at managing safekeeping of
small assets and laptops.
Smart key management, in fact, is
essentially access control for assets. Such
systems can be configured as standalone—
in fact, about five years ago nearly
all such systems were configured as
stand-alone. These systems embed an
access database and log locally, and run
without centralized supervision. Data and
changes are periodically updated and
uploaded by system management.
Networking systems, often at multiple
locations—from a short distance to
halfway around the world—comprise a
single overall key management and
access system. Management is from a
browser-accessible server, and the system
resides on the local IT network with full
Web access capability. A single database
governs and records events and authority
for all locations. Networked systems also
must have a fallback—for all systems to
operate effectively in stand-alone
mode—in the event of a temporary failure
of the network.
From a logical and administrative
standpoint, a key or key bundle is really a kind of door object. The most advanced
systems have open protocols that may be
integrated into classic access control to
take advantage of single databases, single
management and the now far-reaching
security needs of an organization.
Cost Benefits
Misplaced keys cost organizations in
North America approximately $35 billion
annually in terms of inefficiency, shrinkage,
liability and lock replacement costs.
Consider the cost of replacing lost keys
and cylinders, time spent while locating
keys, and extra personnel to manage
manual key systems, and you get an idea
of just some of the costs that can be
resolved by an effective system. Lack of
effective key management also can result
in lost sales revenues for properties such
as assisted living and residential or commercial
properties where an ineffective
system would be seen as a detriment to
security and value of the property.
Automated electronic key management
systems typically have a payback of less
than 12 months when all risks and costs
are analyzed.
Electronic access control has become
a staple of the tools available to security
directors within commercial and government
areas to increase and manage security
requirements within their arc of
responsibility. Yet, relatively few of these
same sophisticated executives have incorporated
physical keys into a threat analysis.
Great care is taken with access
through doors to sensitive areas while
some of the organization’s highest-risk
areas are accessible by physical keys
loosely managed with a sign-out list.
Effective key management is an
increasingly critical part of any comprehensive
facility security plan. Electronic
contactless RFID key management systems
offer efficiency and security and are
most cost-effective over time. As the
most popular choice among users at
many levels—facility management, security
and IT—the RFID technology
method of key management is destined to
be the most obvious solution for a universal
realm of future applications.
Increasing numbers of security directors
and facility executives are assessing
the risk posed by uncontrolled physical
keys. This trend is changing toward much
greater use of key management, in some
cases in response to government mandates
such as FIPS 201-1. As sophisticated
access control systems integrate key
control into the broader access control
capability set, electronic key management
is destined to achieve an equivalent
ubiquitous presence.