Online Exclusive: When Electronic Access Control Isn

Online Exclusive: When Electronic Access Control Isn't Enough

Electronic access control (EAC) isn’t always enough to protect the vulnerable assets of a business.   That means hospitals, airports, universities, corporate facilities, government buildings, technology companies, retailers and others need to consider the question, “What next?” Or, perhaps, “What else can I do to protect our bottom line and mitigate risk?”

Everyone wants access control these days. It’s sexy.  Add video, put in biometrics, use multiple high-def screens to monitor and it feels like you have all the bases covered. But is it really doing the full job you need to protect all the vulnerable areas in and around your facility?  Probably not - if you think a little deeper about where and how an organization is vulnerable – internally and externally.

Because access control platforms continue to be expensive, only 6% of businesses that could use some form of electronic access control actually have them in place. That leaves a lot of organizations vulnerable, both at the perimeter and in specific areas of their buildings.

There are a number of reasons that controls beyond EAC are relevant and necessary. First, even if EAC is deployed, master over-ride keys remain vulnerable. Second, access control isn’t feasible for every area within a facility. Think, for example, about file cabinets with sensitive information or closets that may hold expensive tools, IT assets or everyday items like paper, ink and coffee. Security for these locations isn’t only about the potential theft of something big.  Instead, the loss of everyday assets and supplies over time can add up for a large facility and you wouldn’t even know.

So, even with EAC, the control of your keys is still critical to a strong site security plan.  Many of our large government, technology and corporate campuses have strong EAC programs. At the same time, they continue to have vulnerabilities when it comes to the processes and sensitive keys/assets they must protect.

A strong electronic key management and control program augments EAC. Putting one in place improves risk mitigation. Success isn’t determined by limiting the number of keys, but instead about controlling the process to what those keys have access to. That means knowing who has the keys and when, capturing data on how long the keys are out, and making sure you enforce when misuse occurs.

A successful key management program works with EAC, not separate from it or trying to replace it. A proper solution will expand the level of security by integration and extending new components to a site’s security plan. Additional assets such as lockers, for example, would come under a key program, but are likely not protected in most EAC systems.

Many key programs are old school. Employees may need to turn in their ID badge to get a key.  Or they sign out on a sheet to get a key. Sometimes a master key is assigned to an individual. There’s nothing inherently wrong with any of these approaches, but they all open the door to potential for abuse. Changing to an electronic key access and management program mitigates many risks and gives 100% accountability and auditability.

Key management doesn’t mean work disruption either.  Decentralizing the availability and use of the keys keeps the work flow moving, and in almost all cases improves efficiencies – put the keys where they need to be, not where they are convenient to “manage manually”. Your business or organization does not have to assign permanent access to one individual (like a housekeeper in a hotel environment, for example), or remotely make keys available during emergencies or after hours to vendors, contractors or an employee that “forgot their badge or keys”. Again, it isn’t always about the key -- measurable ROI is gained through efficiencies and risk mitigation.

Another major advantage of the electronic key management solution is that it helps bridge the gap between two distinct parts of most organizations – security and facilities. Rather than operating separately, they become integrated and more effective.  Electronic key management brings risk mitigation into alignment with liability-related issues.

We recently had the privilege to work with a large ivy league university, and despite the processes they had in place in terms of electronic security, we were able to identify key vulnerabilities. The security environment for universities requires additional considerations, such as the number of keys issued to employees. Over the years, universities and large Fortune 100 companies alike can find that keys disappear bit by bit and no one knows where they are. This adds up. Suddenly, vulnerabilities are exposed and a decision has to be made to replace numerous keys across the organization which can cost $50k or upwards of $300k in some cases. No one wants that. A quality electronic key management solution prevents that problem.

Despite the best efforts of businesses, universities or governmental agencies, if processes are not properly enforced, security suffers. You can’t manage what you can’t measure.

It’s often lack of knowledge that lets these sores fester. Many businesses don’t think beyond electronic access control to consider the importance of controlling keys as well. But why?

Far too often, key control is not top of mind unless there has been a recent incident. Master keys – take them away. Large key rings with unaudited keys – why? Employees with 24-hour access to areas they don’t need access to – think that through.  Log sheets – are they really being used? Meet at the security desk to get a key you need – is that efficient? "That’s the way it’s always been done" is not a good enough answer when you’re explaining why a master key was just lost - take control of your facilities. 

It’s far better to prevent incidents before they happen and extend the reach of EAC through a quality electronic key management solution that works with your existing platforms, not against it.  Control the keys, and you control the kingdom!

About the Author

Danny Garrido is president of Traka Americas, a global leader in electronic key and asset management that operates as part of ASSA ABLOY Global Solutions. Garrido has more than 22 years of experience in the security industry, ranging from owning his own security company, to the corporate levels of Brinks and ADT. He oversees the overall vision & direction for the business, including strategic partnerships, operational & commercial competences, expansion into emerging markets, and new business development.

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3