The Access Control Dilemma – Balancing Security, Convenience and Budget

The Access Control Dilemma – Balancing Security, Convenience and Budget

There are many different features with access control, and the technologies behind the platforms are ever-changing

 Physical access control has long been a key element of many facilities’ security strategies.  Noticeably the technology behind access control has continuously evolved, creating solutions that offer more security and convenience than ever before. From magstripe to contactless technologies and mobile credentials, the variety of solutions on the market can make selecting the right platform overwhelming. Choosing an access control system depends on the end user’s differing needs and requirements. While there’s no one-size-fits-all solution, the goal is to balance security and convenience for each facility, while complying with prevailing building and life safety codes and meeting budget considerations.

When comparing different brands and solutions, it is imperative to find out from the end user’s perspective how people will flow through the facility and to which areas these people should have access – and at what time of day.  In order to bridge any potential gaps in the access strategy, architects, distributors and general contractors will all need to be involved to ensure a smooth implementation process.

There are many different features with access control, and the technologies behind the platforms are ever-changing. When selecting the right access control solution for a facility, it is important to look at the evolution of these platforms – from mechanical keys to contactless technologies to the latest and greatest “intelligent” systems available on the market today. 

Mechanical Keys

Traditional keys have been used for access control dating back 6,000 years. While this low tech solution might seem obsolete, there are still many advantages to using the traditional mechanical key as part of one’s access control strategy. Locks and keys have worked well through the ages; they are easy to install, readily available and offer a simple and relatively secure access control solution.

However, anytime a key is lost, particularly a master or grand master key, the integrity of the system is immediately compromised. Carrying around more than one key is another adverse facet of using the traditional key as an access control solution. Keys can become a workable solution when there is a small number of people and/or doors or when they are used as part of a more comprehensive access control solution.

Magstripe Technology

Magstripe cards were first developed in the 1960s by International Business Machines (IBM) for U.S. government security purposes after IBM developed a way of adhering the magnetic tape with digital computer data to a plastic card via a hot stamping method.  It took a few more years of research and development but IBM’s engineering team created a machine that could quickly use the magstripe technology to create ID cards that were then utilized by banks, hospitals and other businesses.

Contactless Access Control

The 1990s saw the emergence of contactless technologies.  Proximity (prox) cards addressed some of the limitations of magstripe technologies. Prior to prox cards, physical contact between the readers and the credentials was required making it cumbersome and inefficient for end users, while demagnetized cards and physical wear on readers became time-consuming and costly for administrators.

The low frequency, 125 kHZ technology of the card allows for the card’s data to be detected when presented a few inches from the reader. These contactless cards offer remarkable reliability and longevity. Prox technology relies on radio frequency (RF) signals sent out from the reader. The cards themselves simply consist of an antenna, a capacitor, and a chip that stores the card’s unique ID number. When the card is presented to a lock, the reader translates the information from the card into a digital format read by either the lock circuitry itself (in a stand-alone environment) or a host panel/computer that makes the decision to authorize or deny a person’s entry. Prox technology can also be incorporated into diverse credential types such as key fobs, bracelets and wristbands, meaning users no longer require a physical card shaped credential.

While prox systems changed the access control industry by ushering in the proliferation of electronic access control due to lower maintenance costs, increased user convenience and new options for credentials, the technology still had its limitations. One of the largest of these is the technology’s widely-known security vulnerabilities. While prox systems will keep incidental visitors out, anyone with intent to breach the system can do so relatively easily. The credential is unencrypted, static and can be read in the clear, making it easy to clone or forge a card without the card holder ever knowing. The cloned card can then be used to open any door available to the original holder. There is also no direct means of determining if a system has been compromised, essentially worsening matters by providing a false sense of security. Another limitation is that prox cards cannot be encoded with anything other than the standard unique ID. While this might not seem like a major setback, newer technologies, such as smart cards, are able to store more information than just an ID number, such as a cashless vending debit value or a biometric template.

Smart Cards & Network Locking Solutions

Smart cards answer all the looming security questions posed by prox cards because they are encrypted. What does encrypted mean? The United States Department of Defense (DoD) approved Advanced Encryption Standards (AES) for smartcard technologies. AES is an encryption algorithm that has become the de facto encryption standard for commercial transactions in the private sector. This means that the cards and the readers talk the same encrypted language that cannot readily be hacked.

Some smart card systems have the capacity to both read and write information to the card at the lock or reader. This provides much better data security while creating greater flexibility for use in various applications. Multiple sectors on the card allow for storage beyond access control, including biometrics and cashless vending.

Smart cards used in some networked system provide flexibility by using smart credentials to transmit data between offline devices and head-end systems. This can be termed “virtual” networks. All user related information is stored on the smart credentials which act as carriers for the network. This eliminates the need to have wired or wireless locks at every secured opening and drastically reduces the overall cost of the access control system. Deciding between a virtual networked or wireless solution (or a combination of the two) will determine how the system is connected and updated. Smart technology can also be incorporated into diverse credential types such as key fobs, bracelets and wristbands, meaning users no long require a physical cred card shaped credential.

In cases where the possibility of immediate lockdown of an entire campus or facility is needed, either hardwired or wireless locks will need to be used. They also allow the user to lockdown an entire building very quickly by cutting access to all cards on the system while still granting emergency responders access.

Conclusion

Depending on the size and type of the structure being secured, along with knowing whether immediate lockdown is a prerequisite, will guide in correctly choose the product mix needed to secure a facility, whether it be purely mechanical, mechanical and standalone electronic, virtual networked or wireless/hardwired. Some manufacturers design their products and systems with scalability built in – meaning that as a facility’s security needs evolve they can upgrade their locking hardware with minimal aggravation and expense. Leveraging these new technologies provides a unique opportunity for contract hardware distributors, security dealers and installers to assist end users in customizing their access control system.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3