Over the last several years, the evolution of traditional access control platforms has advanced exponentially. The rapid progression of cutting-edge technology, advanced interoperability and expanding applications figure to impact the security industry for years. Given the security and health concerns created by a two-year pandemic and mandates for safer access control protocols, the migration to enhanced secured credentials, mobile platforms and digitization are the future.
Security Technology Executive editors recently invited HID Global technology executives to help us chart the future of access control. We were joined in this Sponsored Roundtable-in-Print by Matt Willmore, HID’s Senior Director of Product Marketing at Modo and Matt Bennett, the Director of Strategic Alliances.STE: How does digital provide a better level of security?
Matt Wilmore: In the digital sense, you have much greater control over the life cycle of a digital credential as opposed to a physical card. I can control the lifecycle to meet my needs. I can decide right now that someone should no longer possess a digital credential, but I can’t necessarily do that as easily with a physical credential. Digital makes it easy to not only control who has access to it, but when and for how long (including distributing access for guests and vendors), and the ability to keep track of it and provide logging and some auditing for that security. It also enables other benefits like communication to the user when they are what I'll call in-flight, so if somebody is headed to an office and they need to stay away because there's a security concern or a fire, I can communicate that to them in real-time. I couldn’t do that with a physical card or a brass key, but with digital, I can. I think people are far less likely to share a smartphone than they are a badge because the smartphone has everything about them. People love to put their entire life on the phone, and I am much less likely to let you just borrow my phone than I am a badge.
Matt Bennett: With digital credentials becoming ubiquitous in the market, we’re seeing this question more and more often. I usually sum it up with a few data points:
- Digital credentials offer higher security as they are powered by Seos credential technology and follow data integrity best practices to bind each mobile ID to the device and protect the data at rest and in motion
- Versatile by design, mobile IDs can also be assigned with comprehensive policies to comply with the majority of customer requirements.
- Seamless lifecycle management of mobile IDs (creation, distribution, revocation) simplifies deployment and administration.
STE: Can privacy be maintained whilst providing useful data?
Wilmore: The answer is yes. What's important is that the appropriate steps are taken to identify the data that needs to be collected and the purpose for that data. If that's done upfront, you're much more likely to be successful. I think in the past, especially with the fewer rules, people would want to collect data just to have it. And hey, maybe later I'll find a use for it, but I don't think that really flies anymore. People, I think are preconditioned to say no because there's been just rampant misuse and deception with regards to privacy and how people’s data is being used and so now we're at the point where people are preconditioned to say no and you have to build up that trust.
Bennett: Privacy is at the core of everything we do at HID. User data is, of course, utilized in cloud services-based mobile access to connect individuals’ phones (and their identities) to the back end of the physical access control system. HID Mobile Access is certified with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Framework(s), designed by the U.S. Department of Commerce and the European Commission and Swiss Administration.
Privacy practices that HID Mobile Access employs have been updated to align with GDPR and Privacy-Shield Frameworks. We’re confident and proud of our Privacy by Design methodology. HID Mobile Access customers are in control of the personal data we process on their behalf, we have updated procedures to better assist our customers in complying with data subject requests.
STE: Are custom apps better or just different?
Wilmore: Usually we think of custom like we’re building an application for you from the ground up, and that's really not the case with Modo. We have a platform that allows you to assemble different things together and one of those things is of course the mobile access SDK, but there are other things like an LMS integration, seeing my room reservations, booking a desk for the day because I'm coming in. All those things can come together and be part of that. There might also be some things that we don't have in our platform, but a customer is able to add those themselves through different integration points.
Built apps for a customer are objectively better. The users really want to identify with the app they are using and that it reflects their company, university or brand; this is really important. It's also about the experience. For example, there are certainly a large number of people who are proud they work for XYZ, or they are a student at ABC University. They enjoy having that app on their phone because it states that you are part of that organization or you are part of the community. If you have an app that just says Moto or an app that says hi, it's not really the same connection. There's certainly an emotional connection between what you have in your phone and who you are as a person.
Millions of people are using our app every day, but very few of the users know that Modo is the company behind it because we want to step back as far as possible and just be the platform that the company or the university uses to create that experience. The app is just sort of the lens or the window into the company or the university and from that organization back to the user.
Another benefit of the app is it is built with the features you want, without the baggage you don’t need which can inflate the size of the app. For example, a large app is not usually a problem because your WIFI is good at home, but if you are a parent or a student that's doing orientation with a thousand other students and parents inside of an auditorium and suddenly everyone is being asked to download the app, it matters now that that app is 15 MB instead of 100 MB.
Finally, the apps we design can acutely address the pain points for the end-user. We have a customer who was manually doing self-assessment health care checks, Modo managed to implement this into their employee app so staff can do this on the app, and it's uploaded into the system. Another customer implemented a similar feature and if you failed the self-assessment, you were not permitted to access the buildings on campus.
Bennett: HID Global is fortunate to have an amazing community of custom app developers that have integrated HID Mobile Access into their unique ecosystem of mobile apps. From applications that focus on improving the day-to-day experience of a knowledge worker in a building to higher education institutions offering mobile credentials to their student and faculty population, to financial institutions augmenting banking transactions with a mobile experience and so many more. Every day our valuable community of developers is creating new and unique ways to leverage mobile credentials to help streamline our daily lives.
STE: How do mobile access control address sustainability and cybersecurity agendas?
Wilmore: There is obviously less waste in mobile than physical credentials. I know the cards are designed to be reused but a lot of times -- we see this in the hotel space -- those plastic cards are tossed. During the course of an average year, a busy hotel will probably have tens of thousands of plastic cards that are just being thrown away. Combine that with thousands of hotels around the world and you have a huge pile of plastic cards. In comparison, if you employ digital credentials, you can have that on the phone with zero-waste. You are also saving time, cost and manpower to do the distribution and collection. If you have prox cards and you're joining the office, but you're not here, I need to mail the card to you and then have you mail it back when you leave. And any changes require a new card to be sent again. In isolation these are small, but collectively they add up. Overall, with mobile, you deliver a better experience and you're using fewer resources. In relation to cybersecurity, mobile credentials start at single-factor, but they can build into multi-factor authentication. Let’s say you have the HID credential, but you need to be authenticated to the app and logged in. Perhaps you have MFA turned on before you are able to get that setup, there's already an immediate higher level of security prior to the credential being used. And if you have your phone locked and you need to unlock it to be able to use it, suddenly it's not only that you have this in possession but there's an opportunity to have a second level of security there.
HID Signo readers can save organizations energy through utilizing IPM (intelligent power mode), similar to the power saving mode found after a period of inactivity that is commonly found in laptops and other devices.