Selecting the Right Access Control System

Selecting the Right Access Control System

You have the necessary experience, but think about the specifications for the job

With a password on each computer and a cardbased access control system on the door, many businesses feel they have their bases covered when it comes to both logical and physical security.

The password for the logical access control system, which provides authorization into a computer system, they will argue, prevents just anyone from logging onto a computer—unless the computer’s owner has a sticky note with their password attached to the screen or they have shared their password with a friend. Then the laptop or desktop is easily accessible by others.

No Trespassing

The card will keep strangers out of the building. This works unless the credential is lost or stolen or passed along by a well-meaning employee to a co-worker who forgot his card. Access works on the premise that the user presents one of two items: something they have, like a card; or something they know, such as a password.

Whether you are running a small business office, doctor’s office, coffee shop or retail store, it is important to ensure that you protect staff and assets. While for some this may mean simply locking the front door at night with a key, the introduction of new technology at lower price points now means that every business can afford the cost of access control today.

However, accompanying these lower priced options also means there are a lot of access control systems on the market to choose, such as standalone systems for one to four doors, mid-size systems that use single-factor authentication such as a keypad or proximity card, or large-scale systems that enable corporations to provide access to employees at multiple facilities in different states while using a single credential. How do you choose what is best for you?

If cost is your concern, consider a card based or keypad system. With a card-based system, the small business can use a proximity card and reader system that allows them to issue an access control card to employees. This can be an ideal approach for a business with multiple locations where they want someone to have access to more than one location. Using a proximity card to access the building also cuts down on re-key costs when an employee leaves.

Another cost-effective option is to install a keypad system on the exterior of an office door. When an office manager enters his pin number, it can unlock the door for the day and also provide a report on the open and close times of that location. This information can be accessed remotely by the retail manager to lock and unlock the door.

A Unique Pin

In addition, the administrator of the system can issue multiple pin numbers to employees, so that each person has a unique pin. That pin number can be easily deactivated if the employee no longer works at that location. Still, while these options are most cost effective and may work perfectly for some businesses, others required some added security measures.

An option to combat this is multiple-factor authentication, which requires credentials that address both the logical and physical dynamics of a security system, in turn taking your system to the next level. Up until recently, this higher level of security was limited to certain upper echelon users such as corporate executives, IT administrators or others whose information and access was considered more important. For example, a CEO may have to both present a card and punch in an access code or use his or her fingerprint to open the door to the executive suite. The desktop used by the head of IT is protected by both a password and a swipe of his or her access card on an auxiliary reader attached to the computer.

Cost and complexity of instituting this technology have been cited in the past as reasons to restrict the use of additional safeguards to a small percentage of the corporate population, but increasingly those arguments are going by the wayside.

Security systems integrators are already installing card-based access control systems at a steady pace, so why not work with that existing credential and add a layer of logical access on top of it?

The mobility of the standard user, who takes his laptop home on the weekends or travels for business, makes having at least two-factor authentication for added logical security more significant. The same is true with protecting certain physical assets or areas such as a hospital’s drug supply closet or the records room at a financial institution. Installing systems requiring multi-factor authentication can prevent costly or even regulatory mistakes in these key areas.

With the different types of access control systems in mind, there are still a few questions to ask before deciding on a perfect fit.

The first thing you should ask is whether the system is easy to use and to manage. Next to price, ease of use is typically the most important factor to take into consideration when looking to implement an access control system. Who is going to manage the system on the back end and add a new cardholder or revoke privileges when someone leaves the company? Do you need a system that offers a web-based interface so that you can remotely manage this task on your own, or do you plan to hire your systems integrator to oversee that service?

Answering the Question

Before you implement any access control system, it’s important to answer this question, otherwise the system can become compromised quickly if access rights are not updated on a regular basis. Next, users should take a look at the kind of functionalities their facility needs. It’s important to select an access control system that aligns with your business needs. Do you have a lot of employees that require access to an office or facility during the weekend or evening hours? Or do you need to keep a few key rooms, such as an IT server room or supply closet, under lock and key and only accessible to a few select employees?

Also, will you need to monitor who comes and goes into the facility and need to create a detailed report on access times and who entered the facility? In some instances, a keypad can provide adequate security for a small business or to limit access to a specific area within a secure building. However, a keypad is not an ideal solution for high security areas because pins can be easily shared with other people. Instead, it is better to use a keypad and card reader combination to ensure multi-factor authentication.

Users should keep in mind that many entry-level access control systems do not offer third party integration. This means that if you plan to integrate video, elevator controls or an HR system in the future, it’s important to look beyond an entry-level system to future proof your system.

While you might not need these exact integrations today, be sure to look out five years or longer as to what your access control needs may look like. If you expect to add more employees, then an access control system with future capabilities may be the best option. An access control system that can integrate with Active Directory or PeopleSoft, for example, will enable you to integrate security functionality with human resources, so that when you onboard a new employee it becomes a single process to get them access to the building when they are entered into the HR system as a new employee. The same is true if that employee leaves the company—HR can deactivate their access privileges while changing the employee’s employment status.

Lastly, set a budget and stick to it. Price is always a challenging component because projects often are driven by a set budget, but many businesses also require a quality system that is reliable. Because the access control market offers numerous solutions, from standalone systems to IP-based systems, customers have numerous options from which to choose at a variety of price points.

A keypad-based system may be more economical for businesses with only a few access points to secure. These types of systems eliminate the added expense associated with purchasing and replacing proximity cards, for example. However, a business that has multiple access points to secure, requires detailed after-hours building access reporting or has a large number of employees may need to deploy a software-based system, which is generally more expensive.

Working in partnership, integrators, physical security personnel and the IT department can leverage the investment in the physical access control system into one that brings a higher level of security by tapping into the logical side as well. No matter the size of your business or your budget, the security market offers many different access control systems from which end users can choose. The challenge is, of course, deciding which one.

This article originally appeared in the March 2019 issue of Security Today.


  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • Today's Enterprise

    Protecting servers and data has evolved rapidly over the past 15-plus years. Early on, concerns centered around the environmental conditions of where servers were housed within a building and the effects of humidity, temperature and air quality on their performance. This led to a better understanding of the need for a controlled environment to maximize equipment lifespan and capacity. It was also a driving force behind consolidating servers in a common space, i.e., the data center. Read Now

  • Study Proves It: Security Awareness Training Reduces Phishing Attacks

    Attackers are increasingly targeting human-based vulnerabilities to infiltrate organizations. Humans have direct access to insider systems and data – any threat actor can easily phish users, steal their credentials and secure keys to the kingdom without having to fight advanced cybersecurity defenses. Studies show social engineering attacks and human errors are behind 68% of all breaches.  Read Now

  • Security Questions Persist After Attempted Assassination Attempt of Donald Trump

Featured Cybersecurity


New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3