Selecting the Right Access Control System

Selecting the Right Access Control System

You have the necessary experience, but think about the specifications for the job

With a password on each computer and a cardbased access control system on the door, many businesses feel they have their bases covered when it comes to both logical and physical security.

The password for the logical access control system, which provides authorization into a computer system, they will argue, prevents just anyone from logging onto a computer—unless the computer’s owner has a sticky note with their password attached to the screen or they have shared their password with a friend. Then the laptop or desktop is easily accessible by others.

No Trespassing

The card will keep strangers out of the building. This works unless the credential is lost or stolen or passed along by a well-meaning employee to a co-worker who forgot his card. Access works on the premise that the user presents one of two items: something they have, like a card; or something they know, such as a password.

Whether you are running a small business office, doctor’s office, coffee shop or retail store, it is important to ensure that you protect staff and assets. While for some this may mean simply locking the front door at night with a key, the introduction of new technology at lower price points now means that every business can afford the cost of access control today.

However, accompanying these lower priced options also means there are a lot of access control systems on the market to choose, such as standalone systems for one to four doors, mid-size systems that use single-factor authentication such as a keypad or proximity card, or large-scale systems that enable corporations to provide access to employees at multiple facilities in different states while using a single credential. How do you choose what is best for you?

If cost is your concern, consider a card based or keypad system. With a card-based system, the small business can use a proximity card and reader system that allows them to issue an access control card to employees. This can be an ideal approach for a business with multiple locations where they want someone to have access to more than one location. Using a proximity card to access the building also cuts down on re-key costs when an employee leaves.

Another cost-effective option is to install a keypad system on the exterior of an office door. When an office manager enters his pin number, it can unlock the door for the day and also provide a report on the open and close times of that location. This information can be accessed remotely by the retail manager to lock and unlock the door.

A Unique Pin

In addition, the administrator of the system can issue multiple pin numbers to employees, so that each person has a unique pin. That pin number can be easily deactivated if the employee no longer works at that location. Still, while these options are most cost effective and may work perfectly for some businesses, others required some added security measures.

An option to combat this is multiple-factor authentication, which requires credentials that address both the logical and physical dynamics of a security system, in turn taking your system to the next level. Up until recently, this higher level of security was limited to certain upper echelon users such as corporate executives, IT administrators or others whose information and access was considered more important. For example, a CEO may have to both present a card and punch in an access code or use his or her fingerprint to open the door to the executive suite. The desktop used by the head of IT is protected by both a password and a swipe of his or her access card on an auxiliary reader attached to the computer.

Cost and complexity of instituting this technology have been cited in the past as reasons to restrict the use of additional safeguards to a small percentage of the corporate population, but increasingly those arguments are going by the wayside.

Security systems integrators are already installing card-based access control systems at a steady pace, so why not work with that existing credential and add a layer of logical access on top of it?

The mobility of the standard user, who takes his laptop home on the weekends or travels for business, makes having at least two-factor authentication for added logical security more significant. The same is true with protecting certain physical assets or areas such as a hospital’s drug supply closet or the records room at a financial institution. Installing systems requiring multi-factor authentication can prevent costly or even regulatory mistakes in these key areas.

With the different types of access control systems in mind, there are still a few questions to ask before deciding on a perfect fit.

The first thing you should ask is whether the system is easy to use and to manage. Next to price, ease of use is typically the most important factor to take into consideration when looking to implement an access control system. Who is going to manage the system on the back end and add a new cardholder or revoke privileges when someone leaves the company? Do you need a system that offers a web-based interface so that you can remotely manage this task on your own, or do you plan to hire your systems integrator to oversee that service?

Answering the Question

Before you implement any access control system, it’s important to answer this question, otherwise the system can become compromised quickly if access rights are not updated on a regular basis. Next, users should take a look at the kind of functionalities their facility needs. It’s important to select an access control system that aligns with your business needs. Do you have a lot of employees that require access to an office or facility during the weekend or evening hours? Or do you need to keep a few key rooms, such as an IT server room or supply closet, under lock and key and only accessible to a few select employees?

Also, will you need to monitor who comes and goes into the facility and need to create a detailed report on access times and who entered the facility? In some instances, a keypad can provide adequate security for a small business or to limit access to a specific area within a secure building. However, a keypad is not an ideal solution for high security areas because pins can be easily shared with other people. Instead, it is better to use a keypad and card reader combination to ensure multi-factor authentication.

Users should keep in mind that many entry-level access control systems do not offer third party integration. This means that if you plan to integrate video, elevator controls or an HR system in the future, it’s important to look beyond an entry-level system to future proof your system.

While you might not need these exact integrations today, be sure to look out five years or longer as to what your access control needs may look like. If you expect to add more employees, then an access control system with future capabilities may be the best option. An access control system that can integrate with Active Directory or PeopleSoft, for example, will enable you to integrate security functionality with human resources, so that when you onboard a new employee it becomes a single process to get them access to the building when they are entered into the HR system as a new employee. The same is true if that employee leaves the company—HR can deactivate their access privileges while changing the employee’s employment status.

Lastly, set a budget and stick to it. Price is always a challenging component because projects often are driven by a set budget, but many businesses also require a quality system that is reliable. Because the access control market offers numerous solutions, from standalone systems to IP-based systems, customers have numerous options from which to choose at a variety of price points.

A keypad-based system may be more economical for businesses with only a few access points to secure. These types of systems eliminate the added expense associated with purchasing and replacing proximity cards, for example. However, a business that has multiple access points to secure, requires detailed after-hours building access reporting or has a large number of employees may need to deploy a software-based system, which is generally more expensive.

Working in partnership, integrators, physical security personnel and the IT department can leverage the investment in the physical access control system into one that brings a higher level of security by tapping into the logical side as well. No matter the size of your business or your budget, the security market offers many different access control systems from which end users can choose. The challenge is, of course, deciding which one.

This article originally appeared in the March 2019 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3