Access control evolution spotlights high-tech and cybersecurity advancement in 2018
The past year has certainly been an interesting one with regards to technology innovations on the access control front – from an American-based company offering RFID implants to its employees for both physical and logical access to Apple making the long-anticipated announcement that it would finally open its NFC chip for third-party developers beginning with the iPhone 7 and iPhone 7 Plus. However, unlike other product segments in the industry where early adopters are willing to serve as beta test sites for bleeding-edge products in exchange for the ancillary benefits they may provide, access control remains the security backbone for most organizations and as such, end-users are much more hesitant to deploy what they see as unproven technologies.
It is clear though that many businesses are ready and willing to migrate from legacy systems to newer, more proven solutions, such as hosted and managed access control offerings, which have garnered increasing interest across the industry in recent years. So, what technologies and trends stand to gain the most traction in 2018 and beyond? SecurityInfoWatch.com (SIW) recently convened a panel of industry experts to get their thoughts on the current state of access control and where the market is headed moving forward.
The Panel:
- Brandon Arcement, Director of Product Marketing, HID Global
- Peter Boriskin, VP of Commercial Product Management, ASSA ABLOY
- Robert Gaulden, Director of Aftermarket and Electronic Sales, Allegion
- Mitchell Kane, President, Vanderbilt
- Robert Laughlin, President, Galaxy Control Systems
What trend do you expect will influence the access control market the most in 2018?
Kane: 2018 will see a shift in access control management from a siloed system within a security department to the inclusion of technologically advanced teams in charge of network security. Trained IT specialists and CIOs offer valuable input when it comes to security decisions. A strong relationship between access control and network security professionals is invaluable as interconnectivity between devices continues to progress and cybersecurity threats grow in severity and complexity.
Boriskin: It has grown slowly over the last few years, but the use of mobile as a security credential will receive a lot of attention in 2018. From the integrator’s perspective, they look at mobile and see the opportunity in that expensive piece of hardware already in their possession. In this case, the question becomes why not use this as a tool to configure, update, monitor and deploy devices? It becomes a powerful tool that they can only benefit from by leveraging it.
From a technology perspective, we can look to the residential market as an example. This is where we now see technologies that allow a homeowner to control lighting, heating, cooling, and more from a mobile device. The question we start to ask is if we can do this in our homes, why can’t we do it in our office where we spend eight or more hours a day?
Arcement: The move away from de facto Wiegand to the Open Supervised Device Protocol (OSDP) standard is poised to be a major disrupter for access control in 2018. High profile exposure of legacy Wiegand vulnerabilities, combined with the desire for a more connected experience when managing readers, have driven demand for the OSDP standard. Many manufacturers have now adopted OSDP and early adopters have proven its viability and benefits.
Laughlin: Continuing from 2017, cloud-based, fully hosted and managed access control and monitoring solutions will be the most powerful trend. This is changing the way access control systems are deployed and used because it reduces the complexity of implementing an integrated access control and security system.
Gaulden: The adoption of more intelligent devices being incorporated into the access control solution will drive a more IoT centric model. These devices will help expand the use and scope of access control systems beyond traditional security and help start to drive a better understanding of the environment, including throughput and efficiency. More intelligent devices will also help generate better service and customer satisfaction ratings as these devices will help troubleshoot and assist the integrator in understanding the problem before they deploy.
What kind of impact do you expect the recent announcement of Apple opening up its NFC chip will have on the adoption of mobile access control solutions?
Arcement: Although the interest and growth in mobile access control is accelerating, Apple’s recent announcement will not yet have an impact on mobile access adoption. Apple has supported NFC in devices since the launch of the iPhone 6 and Apple Watch in 2014, however; card emulation – the NFC mode most coveted for mobile access control and currently supported on Android – is still reserved exclusively for Apple Pay transactions.
With the new release, Apple expanded NFC support to include NDEF (NFC Data Exchange Format) tag reading. This enables a user to tap his/her phone on a tag for a wide variety of applications. Therefore, it greatly extends a number of applications in our RFID business and significantly expands the available market of compatible devices that can be used with solutions such as HID Trusted Tag Services. While NFC offers an attractive alternative to consider for the future in access control, Bluetooth remains the only ubiquitous communication standard that enables cross-platform support for mobile access today.
Laughlin: Any move made by Apple will have significant reverberations in the market. In this case, it is likely to accelerate the adoption of smartphones being used for credentialing over access cards and readers.
Boriskin: The increased availability of Apple’s NFC is encouraging and will further drive mobile adoption. It’s unclear at this point what that means for access control. Anything that improves people’s use of mobile technology is good for the industry. The more people are comfortable with using mobile payments, the better.
We’ve also heard a lot about the prospects of wearable technologies for access control purposes. Is this something that will become a bigger part of access control deployments moving forward or is it just a passing fad?
Laughlin: Ease of use and convenience have always been key features in access control solutions and wearable technologies, such as smart watches or personal biometric devices, easily fall into this category. In addition to the convenience factor, security is enhanced with biometrics which helps to ensure protection against unauthorized access. These factors point to solid growth opportunities.
Gaulden: There are use cases being implemented where wearables can drive a better experience. Take healthcare, for example. The ability to move through a facility, purchase food, gain access to your room, set room temperatures, call for assistance and track a patient can all be achieved via a wearable.
Arcement: The more form factor options for carrying trusted identities, the better, so that organizations can support the broadest range of use cases. Smart watches and personal biometric devices are the most common wearables for use in the enterprise environment today, but the extended use of wearables for enterprise access solutions continues to be part of the conversation. These devices are getting smarter and more common with support for a growing number of applications.
There has obviously been an increased focus on cybersecurity when it comes to video surveillance given the prevalence of IP technology in the market, but have those same concerns made their way to access control? What is being done currently to prevent access control systems from falling victim to hackers?
Boriskin: The IT/cybersecurity of security management systems is front and center in our minds. It’s definitely something we, as an industry, need to pay attention to. What that looks like from our standpoint is that we must take these threats seriously while also running penetration testing and evaluation, such as white hat hacking of our own systems, to ensure we are keeping up with the state of the industry and best practices in IP security. I don’t think security through obscurity is good enough anymore. There are a lot of eyes evaluating security and it has to be a continual evaluation as new threats emerge.
Kane: Cybersecurity concerns have absolutely made their way into access control. Although unexpected, this past year, in particular, elicited a heightened acknowledgement of cyber threats to existing security systems, as the inundation of Internet of Things (IoT) solutions brought with it an increased vulnerability for cyber-attacks. Access control providers are realizing the importance of performing mandatory audits and hardening of the installed base to address this concern, and policies must be developed to ensure the responsible designing and installing of new security systems.
Arcement: As with the video surveillance industry, we have seen security vulnerabilities become increasingly common in legacy technologies. To protect physical access control assets, it is critical to both select secure, standards-based technology and deploy it in a secure manner. To protect the industry, it is crucial to be willing to transparently discuss the weaknesses in legacy technology. Lastly, organizations concerned about cybersecurity threats are becoming more proactive in seeking trusted manufacturers and partners who have security expertise. Equally, organizations are looking for products and solutions that are developed using a security-by-design methodology, and vendors who have documented responsible disclosure policies.
Laughlin: Like any other system connected to a network, access control is potentially vulnerable to hacking and other cybersecurity concerns. It is critically important to ensure all devices are hardened, passwords are as secure as possible and frequently changed, and other cyber-hygiene measures are taken to protect the system from attacks. The increased use of phone-based credentials, which are highly encrypted, offer more security and are more difficult to copy or counterfeit than keys, access cards or other physical credentials.
What are some other technology innovations on the horizon that end-users, integrators and other security professionals should be on the lookout for in 2018?
Gaulden: Electronic access control solutions will be able to do more, and not just from a convenience or productivity perspective. Today, facilities utilize wired electrified hardware at main entrances for increased security and the convenience of credentials. Many have extended those benefits to office doors, resident entries and other interior openings with wireless electronic locks. With wireless technologies advancing—and the cost for these technologies decreasing—electronic access control possibilities will expand once again.
Arcement: Among the most exciting areas of development will be the use of data for predictive analytics and artificial intelligence (AI) to fuel risk-based intelligence and individualized access control capabilities. We will also see more focus on securing the IoT at the edge as new use cases replace traditional systems to drive the digital transformation. More organizations will embrace the benefits of the cloud, and we will see more focus on identity protection to combat cybersecurity threats, identity theft and fraud. Europe’s General Data Protection Regulation (GDPR) will be a major force in driving compliance activities; it will serve as a catalyst for ensuring that products and systems support new privacy-by-design mandates that require end-to-end security.
Kane: We saw an increase in cloud-based applications in access control this past year and this type of technology innovation will continue to expand in use throughout 2018. As they gain acceptance across the industry, mobile credentials, hosted solutions and intelligent locking systems will contribute to more streamlined, technologically advanced hardware and software solutions. End-users, integrators and other security professionals must realize the advantages of and embrace the advanced technologies we'll see in abundance this year.
About the Author:
Joel Griffin is the Editor-in-Chief of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].