Online Exclusive: When Electronic Access Control Isn

Online Exclusive: When Electronic Access Control Isn't Enough

Electronic access control (EAC) isn’t always enough to protect the vulnerable assets of a business.   That means hospitals, airports, universities, corporate facilities, government buildings, technology companies, retailers and others need to consider the question, “What next?” Or, perhaps, “What else can I do to protect our bottom line and mitigate risk?”

Everyone wants access control these days. It’s sexy.  Add video, put in biometrics, use multiple high-def screens to monitor and it feels like you have all the bases covered. But is it really doing the full job you need to protect all the vulnerable areas in and around your facility?  Probably not - if you think a little deeper about where and how an organization is vulnerable – internally and externally.

Because access control platforms continue to be expensive, only 6% of businesses that could use some form of electronic access control actually have them in place. That leaves a lot of organizations vulnerable, both at the perimeter and in specific areas of their buildings.

There are a number of reasons that controls beyond EAC are relevant and necessary. First, even if EAC is deployed, master over-ride keys remain vulnerable. Second, access control isn’t feasible for every area within a facility. Think, for example, about file cabinets with sensitive information or closets that may hold expensive tools, IT assets or everyday items like paper, ink and coffee. Security for these locations isn’t only about the potential theft of something big.  Instead, the loss of everyday assets and supplies over time can add up for a large facility and you wouldn’t even know.

So, even with EAC, the control of your keys is still critical to a strong site security plan.  Many of our large government, technology and corporate campuses have strong EAC programs. At the same time, they continue to have vulnerabilities when it comes to the processes and sensitive keys/assets they must protect.

A strong electronic key management and control program augments EAC. Putting one in place improves risk mitigation. Success isn’t determined by limiting the number of keys, but instead about controlling the process to what those keys have access to. That means knowing who has the keys and when, capturing data on how long the keys are out, and making sure you enforce when misuse occurs.

A successful key management program works with EAC, not separate from it or trying to replace it. A proper solution will expand the level of security by integration and extending new components to a site’s security plan. Additional assets such as lockers, for example, would come under a key program, but are likely not protected in most EAC systems.

Many key programs are old school. Employees may need to turn in their ID badge to get a key.  Or they sign out on a sheet to get a key. Sometimes a master key is assigned to an individual. There’s nothing inherently wrong with any of these approaches, but they all open the door to potential for abuse. Changing to an electronic key access and management program mitigates many risks and gives 100% accountability and auditability.

Key management doesn’t mean work disruption either.  Decentralizing the availability and use of the keys keeps the work flow moving, and in almost all cases improves efficiencies – put the keys where they need to be, not where they are convenient to “manage manually”. Your business or organization does not have to assign permanent access to one individual (like a housekeeper in a hotel environment, for example), or remotely make keys available during emergencies or after hours to vendors, contractors or an employee that “forgot their badge or keys”. Again, it isn’t always about the key -- measurable ROI is gained through efficiencies and risk mitigation.

Another major advantage of the electronic key management solution is that it helps bridge the gap between two distinct parts of most organizations – security and facilities. Rather than operating separately, they become integrated and more effective.  Electronic key management brings risk mitigation into alignment with liability-related issues.

We recently had the privilege to work with a large ivy league university, and despite the processes they had in place in terms of electronic security, we were able to identify key vulnerabilities. The security environment for universities requires additional considerations, such as the number of keys issued to employees. Over the years, universities and large Fortune 100 companies alike can find that keys disappear bit by bit and no one knows where they are. This adds up. Suddenly, vulnerabilities are exposed and a decision has to be made to replace numerous keys across the organization which can cost $50k or upwards of $300k in some cases. No one wants that. A quality electronic key management solution prevents that problem.

Despite the best efforts of businesses, universities or governmental agencies, if processes are not properly enforced, security suffers. You can’t manage what you can’t measure.

It’s often lack of knowledge that lets these sores fester. Many businesses don’t think beyond electronic access control to consider the importance of controlling keys as well. But why?

Far too often, key control is not top of mind unless there has been a recent incident. Master keys – take them away. Large key rings with unaudited keys – why? Employees with 24-hour access to areas they don’t need access to – think that through.  Log sheets – are they really being used? Meet at the security desk to get a key you need – is that efficient? "That’s the way it’s always been done" is not a good enough answer when you’re explaining why a master key was just lost - take control of your facilities. 

It’s far better to prevent incidents before they happen and extend the reach of EAC through a quality electronic key management solution that works with your existing platforms, not against it.  Control the keys, and you control the kingdom!

About the Author

Danny Garrido is president of Traka Americas, a global leader in electronic key and asset management that operates as part of ASSA ABLOY Global Solutions. Garrido has more than 22 years of experience in the security industry, ranging from owning his own security company, to the corporate levels of Brinks and ADT. He oversees the overall vision & direction for the business, including strategic partnerships, operational & commercial competences, expansion into emerging markets, and new business development.


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Survey: Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Mobile Applications Are Empowering Security Personnel

    From real-time surveillance and access control management to remote monitoring and communications, a new generation of mobile applications is empowering security personnel to protect people and places. Mobile applications for physical security systems are emerging as indispensable tools to enhance safety. They also offer many features that are reshaping how modern security professionals approach their work. Read Now

Featured Cybersecurity


New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3