Leveraging Data

Leveraging Data

Data from access control system may drive future security decisions

Campus security, both in a corporate and higher education setting, can be improved by leveraging data from access control systems to drive future security decisions. currently, these access control systems are used primarily for controlling and limiting entrance to buildings or areas within a facility. however, the data they generate is often overlooked to the detriment of physical security operations. access control data, if properly leveraged, can allow operators to detect, mitigate and prevent a variety of risks that extend beyond ingress and egress. if data attributes are parsed out for situations including employee, building, location and incident, when combined with third-party data sets, unique business and operational insights can be uncovered.


One application of using access control data is to profile risk on the campus based on empirical data rather than intuition or institutionally accepted best practices. Many interesting opportunities are possible for risk assessment using access control data. One example is to create an overall Building Risk Score by factoring in weighted variables such as the number of unauthorized access control alarms per building, volume and type of alarms, and the presence of sensitive locations or high-value assets such as a data center or research laboratory within a building.

More advanced algorithms will incorporate third-party datasets such as neighborhood crime, which can add context to the access control data. By combining the various variables, an algorithm can be developed to rank and score each building’s security risk, providing the security personnel with a proactive view of risk in the campus. The high-risk buildings can then be reviewed to ensure that they have the adequate staff levels, the appropriate security systems are in place or to understand if offices should be moved to a separate location. It is worth noting that over time, each building’s rank in the risk profile will change based on external environmental factors such as new construction and socio-economic dynamics on the periphery of the campus.


Another important risk consideration is the insider threat. Seventy-four percent of chief information security officers are concerned about employees stealing sensitive information according to SpectorSoft. Much of this happens when employees and students enter premises after hours or prior to separation from the company or educational institution. Data from access control systems can be parsed to pull out card holder information, providing valuable insight into employee and student behavior. For example, unauthorized alarms associated with employees and students can be visualized separately, which, when analyzed, show any number of patterns associated with their activity.

Sometimes, employees will have multiple access denials within a short time period indicating a potential problem with the employee’s access card or system set up. Other times, access attempts at odd hours of the day or night, when an employee is not scheduled to work, could be anomalous behavior and a sign of an insider threat. In fact, insider threat detection is enhanced when data feeds from human resources are available with termination dates for employees. When employees with a documented near term termination date display anomalous behavior, the probability of an insider threat event increases.


Cyber threats are increasingly becoming an issue. According to PricewaterhouseCoopers, there were about 30 to 40 percent more cybersecurity incidents in 2015 than in 2014. While cybersecurity today falls within the domain of IT, physical security professionals will soon have to worry about threats from cyberspace as physical security equipment increasingly becomes Internet-Protocol enabled and, thereby, accessible to hacks on the network and the internet at large. There is also the consideration of monitoring an employee’s physical and network presence.

Consider for example, the scenario where the access control system data has an employee gaining physical access to an office in Boston, but the network has that individual as being logged in with an IP address in Houston. Clearly, this is an anomaly and something to be investigated. Very few organizations currently test for anomalies in physical and network presence. In the future, this will become a requirement and access control data will play an important role.


Buildings in large and sprawling corporate campuses can generate up to two and a half million access control events per month, often leaving system administrators overwhelmed by the volume of alarms triggered and the amount of information coming in. Because of this information overload, operators often overlook important signals. One solution is to use risk profile indicators to designate areas of the campus as special “sensitive areas” that need to be watched carefully. The concept of zones can be introduced, which are a designated set of panels and readers corresponding to an area of the campus, a set of buildings or areas within a building that require special attention.

In these situations, analytics software can be configured to flag unauthorized access attempts in such vicinities. Special sensitive areas can be monitored to understand which employees and students used these facilities and when.


In addition, filters on alarm events can be set in these areas to enable a more proactive approach to systems events. For example, consider a scenario where a panel or reader has not been installed correctly. It will generate intermittent line communication errors but this error signal is just one of many generated each month.

If operators add an event filter to look for line communication errors, readers that may be malfunctioning will be detected and an operator can be dispatched to fix the problem, thereby, proactively securing access to a campus building in a designated sensitive area that might otherwise have been compromised because of equipment failure.


Combining video with incident data can significantly improve situational awareness. Consider this scenario: a recent review of an organization’s data log showed that attempted access to a door was denied. Within several minutes of this first attempt, doors nearby were forced open.

The assumption was made that an employee’s access card did not work, so a key was used instead to get into the area. There is a high probability that those were legitimate alarms, which should always be investigated and—if there was video—that footage would be used to verify the alarms.


Lastly, the data from an organization’s access control systems cannot only be used to improve security, but to improve workplace operations with an eye towards reducing cost. For example, an area of interest for many organizations is their office footprint. This is particularly true of organizations with flexible work plans or a large mobile workforce. Should the organization grow or reduce their physical space and, if so, in what ways?

Access control systems are one source of data which can help inform such a decision. They can be used to generate statistics such as the number of employees or visitors per building. Office spaces with a low employee-per-building ratio are candidates for consolidation, for example. These statistics can also help to determine the right level of workplace resource staffing per building. By harvesting access control data, and generating these statistics which can help reduce the cost of operations, physical security personnel create an opportunity to impact the business in ways larger than securing it.

This article originally appeared in the January 2017 issue of Security Today.


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Protecting Data is Critical

    To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet. Read Now

  • Mobile Access Adoption

    Smartphones and other mobile devices have had a profound impact on how the world securely accesses the workplace and its services. The growing adoption of mobile wallets and the new generation of users is compounding this effect. Read Now

  • Changing Mindsets

    We have come a long way from the early days of fuzzy analog CCTV systems. During that time, we have had to migrate from analog to digital signals. When IP-based network cameras arrived, they opened a new world of quality and connectivity but also introduced plenty of challenges. Thankfully, network devices today have become smart enough to discover themselves and even self-configure to some degree. While some IT expertise is certainly required, things are much smoother these days. The biggest change is in how fast security cameras and supporting infrastructure are evolving. Read Now

Featured Cybersecurity


New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3