The Next Big Step
- By Peter Boriskin
- Oct 01, 2017
Of all the megatrends being discussed
within the security industry
right now—from IoT
to the Cloud to edge analytics—
there is one technology
among them that is most likely to have an immediate
impact on the way businesses and facilities
of all sizes operate: mobile credentials.
Individuals have found that their phones
and other smart devices can be used in their
own homes to operate locks, and—along
with the push for more IoT-enabled devices
at work in general—they have come to expect
the same level of sophistication and convenience
at work.
But traditionally in the business realm,
mobile credentials for access control were
used only by the largest of enterprises. This
was due to the ability of large corporations to
issue company-controlled devices to employees
while also allowing a credentialing systems
administrator to manage both the software
and hardware. Or, in some cases, corporations
planned and managed an effective BYOD
(bring your own device) policy. Still, the cost
of the system and the training required to
use it served as barriers to entry to all but the
most sophisticated systems administrators.
But the landscape has changed. As this
demand increases through home use of these
technologies, the learning curve to train individuals
on mobile applications has become
far less demanding.
Further, the cost of implementation has
fallen sharply in recent years. With mobile
credentials becoming more dynamic and consumable,
we’re starting to see the technology
trickle down from those large enterprises into
the rest of the market. The instances of mobile-
supported product and device solutions
have also increased substantially, making the
deployment and use of the credentials more
attractive and impactful to businesses. Because
of this trickle-down use in large enterprise
and the expectation of use in the home,
the pressure to adapt to the technology is now
being felt on both sides to adopt to the new
normal. The expectation for mobile applications
for credentials among employees, residents,
students, contractors, and visitors will
drive security in the coming years from what
has traditionally been hardware-based access
control, to a new way of doing business.
New Ways of Doing Business
with Mobile Apps
Mobile credentialing has the potential to improve
overall business operations by allowing
businesses and facilities to manage their
workforce more efficiently with the process
they use to distribute credentials. Physical
key systems are extremely cumbersome to
manage properly. Physical keys are difficult
to distribute and track, and if lost, can result
in an unsecured building or the added cost
and difficulty of rekeying doors. In addition,
there is no audit trail or way to know who
accessed what.
By moving to a digital credentialing system,
enterprise customers can utilize visitor
management systems, offer expiring keys to
contracted employees, and manager their
own workforce through personal and company
devices.
For universities, these benefits are largely
the same. Credentials are offered to individuals
via a mobile application and can be
set to expire at the end of a semester. This
also provides a much more secure solution,
since college students are far less likely to
part with their smart phones than they are
to pass off their campus ID or key card to let
someone else into their residence hall. They
are also far less likely to misplace or forget
their smart phones, reducing lockouts and
the need to issue new cards.
There is a further increase in efficiency
gained by sending a credential over an encrypted
connection to a secure element in
the user’s phone or mobile device. This is an
improvement to having individuals report to
an office that may potentially be offsite. For
businesses or campuses that have multiple locations across a city, state or the country, the ability to leverage credentialing
in this way is an incredible timesaver for both the facility
management staff and the credentialed user.
Plan Ahead for These New Expectations
So, while there are both business benefits and customer demand driving
the use of mobile applications for facility security, there is also a
practical plan that enterprises can employ to ramp up to providing
the technology: install door and opening hardware that works with
current credentials and mobile applications.
By implementing and installing mobile-ready hardware for access
control that works with multiple credential types, the owner of a facility
can serve their existing access and identity management methodology
while also planning for the future.
ASSA ABLOY addresses this need by offering a wide range of
access control locks that support a wide range of credential types
and HID Mobile Access. HID Mobile Access leverages Seos as the
underlying credential technology to offer the freedom of using your
device of choice—from smart cards to smart phones—for secure access
to more applications. It also provides the confidence of best-inclass
security and privacy protection.
By installing door and opening hardware that uses Seos, security
professionals can blend traditional systems with new mobile applications
and mobile credentialing.
With hardware ready for this potential change, the ability to move
toward mobile credentials is as simple as introducing the application
to users.
Practical Next Steps
For any new building, or any upgrade or retrofit, security decisions
need to start with the credential. In the past, that meant deciding between
the use of legacy hardware, such as mechanical locks and keys,
or using new electronic access control components.
Today, that means implementing a solution that can be futureproofed
to prepare for the demand of mobile credentialing through a
mobile application. Even if you aren’t prepared to move to the system
now, the planning to provide that in the future can begin today.
For integrators and engineers, that decision needs to be made with
the owners, facility managers and network administrators all in one
room. Many mobile-ready locks are IP-enabled and use existing network
infrastructure to connect to the access control system. IP-enabled
locks have a minimal impact on the network, making the ability to
integrate a solution much less daunting than many imagine. This can
be explained at the start of the project when a credentialing decision is
being made, offering the opportunity to future-proof the system.
The bottom line is that the expectation of end-users to use mobile
security applications as mobile credentials is here. And the ability
to meet those expectations is available. But if you aren’t prepared to
make the leap immediately then good planning,
and future-proofing your hardware, means you
won’t be left behind when the expectation for mobile
applications becomes the new normal.
This article originally appeared in the October 2017 issue of Security Today.