The Next Big Step

• By Peter Boriskin
• Oct 01, 2017

Of all the megatrends being discussed within the security industry right now—from IoT to the Cloud to edge analytics— there is one technology among them that is most likely to have an immediate impact on the way businesses and facilities of all sizes operate: mobile credentials.

Individuals have found that their phones and other smart devices can be used in their own homes to operate locks, and—along with the push for more IoT-enabled devices at work in general—they have come to expect the same level of sophistication and convenience at work.

But traditionally in the business realm, mobile credentials for access control were used only by the largest of enterprises. This was due to the ability of large corporations to issue company-controlled devices to employees while also allowing a credentialing systems administrator to manage both the software and hardware. Or, in some cases, corporations planned and managed an effective BYOD (bring your own device) policy. Still, the cost of the system and the training required to use it served as barriers to entry to all but the most sophisticated systems administrators.

But the landscape has changed. As this demand increases through home use of these technologies, the learning curve to train individuals on mobile applications has become far less demanding.

Further, the cost of implementation has fallen sharply in recent years. With mobile credentials becoming more dynamic and consumable, we’re starting to see the technology trickle down from those large enterprises into the rest of the market. The instances of mobile- supported product and device solutions have also increased substantially, making the deployment and use of the credentials more attractive and impactful to businesses. Because of this trickle-down use in large enterprise and the expectation of use in the home, the pressure to adapt to the technology is now being felt on both sides to adopt to the new normal. The expectation for mobile applications for credentials among employees, residents, students, contractors, and visitors will drive security in the coming years from what has traditionally been hardware-based access control, to a new way of doing business.

New Ways of Doing Business with Mobile Apps

Mobile credentialing has the potential to improve overall business operations by allowing businesses and facilities to manage their workforce more efficiently with the process they use to distribute credentials. Physical key systems are extremely cumbersome to manage properly. Physical keys are difficult to distribute and track, and if lost, can result in an unsecured building or the added cost and difficulty of rekeying doors. In addition, there is no audit trail or way to know who accessed what.

By moving to a digital credentialing system, enterprise customers can utilize visitor management systems, offer expiring keys to contracted employees, and manager their own workforce through personal and company devices.

For universities, these benefits are largely the same. Credentials are offered to individuals via a mobile application and can be set to expire at the end of a semester. This also provides a much more secure solution, since college students are far less likely to part with their smart phones than they are to pass off their campus ID or key card to let someone else into their residence hall. They are also far less likely to misplace or forget their smart phones, reducing lockouts and the need to issue new cards.

There is a further increase in efficiency gained by sending a credential over an encrypted connection to a secure element in the user’s phone or mobile device. This is an improvement to having individuals report to an office that may potentially be offsite. For businesses or campuses that have multiple locations across a city, state or the country, the ability to leverage credentialing in this way is an incredible timesaver for both the facility management staff and the credentialed user.

Plan Ahead for These New Expectations

So, while there are both business benefits and customer demand driving the use of mobile applications for facility security, there is also a practical plan that enterprises can employ to ramp up to providing the technology: install door and opening hardware that works with current credentials and mobile applications.

By implementing and installing mobile-ready hardware for access control that works with multiple credential types, the owner of a facility can serve their existing access and identity management methodology while also planning for the future.

ASSA ABLOY addresses this need by offering a wide range of access control locks that support a wide range of credential types and HID Mobile Access. HID Mobile Access leverages Seos as the underlying credential technology to offer the freedom of using your device of choice—from smart cards to smart phones—for secure access to more applications. It also provides the confidence of best-inclass security and privacy protection.

By installing door and opening hardware that uses Seos, security professionals can blend traditional systems with new mobile applications and mobile credentialing.

With hardware ready for this potential change, the ability to move toward mobile credentials is as simple as introducing the application to users.

Practical Next Steps

For any new building, or any upgrade or retrofit, security decisions need to start with the credential. In the past, that meant deciding between the use of legacy hardware, such as mechanical locks and keys, or using new electronic access control components.

Today, that means implementing a solution that can be futureproofed to prepare for the demand of mobile credentialing through a mobile application. Even if you aren’t prepared to move to the system now, the planning to provide that in the future can begin today.

For integrators and engineers, that decision needs to be made with the owners, facility managers and network administrators all in one room. Many mobile-ready locks are IP-enabled and use existing network infrastructure to connect to the access control system. IP-enabled locks have a minimal impact on the network, making the ability to integrate a solution much less daunting than many imagine. This can be explained at the start of the project when a credentialing decision is being made, offering the opportunity to future-proof the system.

The bottom line is that the expectation of end-users to use mobile security applications as mobile credentials is here. And the ability to meet those expectations is available. But if you aren’t prepared to make the leap immediately then good planning, and future-proofing your hardware, means you won’t be left behind when the expectation for mobile applications becomes the new normal.

This article originally appeared in the October 2017 issue of Security Today.