Online Exclusive: When Electronic Access Control Isn

Online Exclusive: When Electronic Access Control Isn't Enough

Electronic access control (EAC) isn’t always enough to protect the vulnerable assets of a business.   That means hospitals, airports, universities, corporate facilities, government buildings, technology companies, retailers and others need to consider the question, “What next?” Or, perhaps, “What else can I do to protect our bottom line and mitigate risk?”

Everyone wants access control these days. It’s sexy.  Add video, put in biometrics, use multiple high-def screens to monitor and it feels like you have all the bases covered. But is it really doing the full job you need to protect all the vulnerable areas in and around your facility?  Probably not - if you think a little deeper about where and how an organization is vulnerable – internally and externally.

Because access control platforms continue to be expensive, only 6% of businesses that could use some form of electronic access control actually have them in place. That leaves a lot of organizations vulnerable, both at the perimeter and in specific areas of their buildings.

There are a number of reasons that controls beyond EAC are relevant and necessary. First, even if EAC is deployed, master over-ride keys remain vulnerable. Second, access control isn’t feasible for every area within a facility. Think, for example, about file cabinets with sensitive information or closets that may hold expensive tools, IT assets or everyday items like paper, ink and coffee. Security for these locations isn’t only about the potential theft of something big.  Instead, the loss of everyday assets and supplies over time can add up for a large facility and you wouldn’t even know.

So, even with EAC, the control of your keys is still critical to a strong site security plan.  Many of our large government, technology and corporate campuses have strong EAC programs. At the same time, they continue to have vulnerabilities when it comes to the processes and sensitive keys/assets they must protect.

A strong electronic key management and control program augments EAC. Putting one in place improves risk mitigation. Success isn’t determined by limiting the number of keys, but instead about controlling the process to what those keys have access to. That means knowing who has the keys and when, capturing data on how long the keys are out, and making sure you enforce when misuse occurs.

A successful key management program works with EAC, not separate from it or trying to replace it. A proper solution will expand the level of security by integration and extending new components to a site’s security plan. Additional assets such as lockers, for example, would come under a key program, but are likely not protected in most EAC systems.

Many key programs are old school. Employees may need to turn in their ID badge to get a key.  Or they sign out on a sheet to get a key. Sometimes a master key is assigned to an individual. There’s nothing inherently wrong with any of these approaches, but they all open the door to potential for abuse. Changing to an electronic key access and management program mitigates many risks and gives 100% accountability and auditability.

Key management doesn’t mean work disruption either.  Decentralizing the availability and use of the keys keeps the work flow moving, and in almost all cases improves efficiencies – put the keys where they need to be, not where they are convenient to “manage manually”. Your business or organization does not have to assign permanent access to one individual (like a housekeeper in a hotel environment, for example), or remotely make keys available during emergencies or after hours to vendors, contractors or an employee that “forgot their badge or keys”. Again, it isn’t always about the key -- measurable ROI is gained through efficiencies and risk mitigation.

Another major advantage of the electronic key management solution is that it helps bridge the gap between two distinct parts of most organizations – security and facilities. Rather than operating separately, they become integrated and more effective.  Electronic key management brings risk mitigation into alignment with liability-related issues.

We recently had the privilege to work with a large ivy league university, and despite the processes they had in place in terms of electronic security, we were able to identify key vulnerabilities. The security environment for universities requires additional considerations, such as the number of keys issued to employees. Over the years, universities and large Fortune 100 companies alike can find that keys disappear bit by bit and no one knows where they are. This adds up. Suddenly, vulnerabilities are exposed and a decision has to be made to replace numerous keys across the organization which can cost $50k or upwards of $300k in some cases. No one wants that. A quality electronic key management solution prevents that problem.

Despite the best efforts of businesses, universities or governmental agencies, if processes are not properly enforced, security suffers. You can’t manage what you can’t measure.

It’s often lack of knowledge that lets these sores fester. Many businesses don’t think beyond electronic access control to consider the importance of controlling keys as well. But why?

Far too often, key control is not top of mind unless there has been a recent incident. Master keys – take them away. Large key rings with unaudited keys – why? Employees with 24-hour access to areas they don’t need access to – think that through.  Log sheets – are they really being used? Meet at the security desk to get a key you need – is that efficient? "That’s the way it’s always been done" is not a good enough answer when you’re explaining why a master key was just lost - take control of your facilities. 

It’s far better to prevent incidents before they happen and extend the reach of EAC through a quality electronic key management solution that works with your existing platforms, not against it.  Control the keys, and you control the kingdom!

About the Author

Danny Garrido is president of Traka Americas, a global leader in electronic key and asset management that operates as part of ASSA ABLOY Global Solutions. Garrido has more than 22 years of experience in the security industry, ranging from owning his own security company, to the corporate levels of Brinks and ADT. He oversees the overall vision & direction for the business, including strategic partnerships, operational & commercial competences, expansion into emerging markets, and new business development.


  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • Securing the Flow of Operations

    The transportation industry is a complex and dynamic environment where efficient management of physical keys, vehicles and shared devices is critical to ensuring smooth operations, reducing costs and maintaining security. Every day, more transportation facilities are using modern electronic key and asset management systems to better secure, audit and manage the important assets that keep operations running smoothly. Read Now

  • Today's Enterprise

    Protecting servers and data has evolved rapidly over the past 15-plus years. Early on, concerns centered around the environmental conditions of where servers were housed within a building and the effects of humidity, temperature and air quality on their performance. This led to a better understanding of the need for a controlled environment to maximize equipment lifespan and capacity. It was also a driving force behind consolidating servers in a common space, i.e., the data center. Read Now

  • Study Proves It: Security Awareness Training Reduces Phishing Attacks

    Attackers are increasingly targeting human-based vulnerabilities to infiltrate organizations. Humans have direct access to insider systems and data – any threat actor can easily phish users, steal their credentials and secure keys to the kingdom without having to fight advanced cybersecurity defenses. Studies show social engineering attacks and human errors are behind 68% of all breaches.  Read Now

Featured Cybersecurity


New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3