Modern access control is a new breed of security that goes far beyond keeping the doors closed to the wrong people. James Francis enters the fray.

Electronic access control is not a new concept. In fact, it ranks as one of the first truly consumergrade applications of technology in the real world. Tapping in a sequence of numbers on a keypad or using a magnetic striped card have been opening doors for decades, if you’ll pardon the pun. But for a variety of reasons – cost, complexity, pre-technology thinking – such access systems have remained within specific industries requiring high levels of security. Today all of that has changed. Modern lifestyles embrace the ease of technology, costs are much lower and there is far more to be gleaned from an access control system than keeping the wrong people out.

“Access control is certainly more than letting the right person into a building or controlled area,” says Nick Perkins, divisional director of Identity Management Solutions at Bytes Technology Group. “The process itself can be linked internally to deliver a much wider scope of access and security control. As an example, someone should not be able to log into their PC if they haven’t accessed the building or entered the secure parking area.” There are also broader trends to be highlighted, says Marius Coetzee, MD of Ideco: “Data can easily be analysed to ascertain pedestrian traffic trends or patterns. It can help building managers determine staff preferences for many different things such as access routes, smoking areas, canteen areas, toilet facilities and so forth.”

The price is right

The ability to analyse staff and building trends is a perk that dovetails nicely with modern thinking around analytics through technology. Access systems have also come to take advantage of existing technology setups, leading to much more cost-effective solutions, Coetzee explains: “With the advent of network connectivity, Ethernet and Power Over Ethernet, access control is extremely cost effective. These are not nearly as bandwidth intensive as surveillance or other security systems, and as such can easily leverage existing office networks.”

This blending with technology is an inevitable evolution, as the needs for physical and virtual security are aligning on the same systems, says Robbie Truter, area sales manager Sub Saharan Africa at HID Global. He points out that with modern trends such as employees bringing their own devices, there are plenty of overlapping opportunities for a company’s security and analytics goals. With a single card or mobile device a person can gain the right access to a building, computer, and even specific applications. “Physical and virtual security have traditionally taken place in two different domains, with very little visibility into what the other is doing. This is changing as the economics of a simple, effective access solution combined with the capabilities of today’s technology are accelerating the convergence between physical and virtual security,” Truter notes. Such blending of disciplines can encourage other cost-saving plays as well. For example, by integrating access control to other building functions, it is possible to regulate lighting and heating systems.

Another often-touted sales point is that access control, specifically through fingerprints, can help eliminate ghost employees and workers clocking in for each other. It can also be wired into payroll systems. Coetzee raises a nuanced example: “Some access control systems can even integrate with breathalyzers or RFID sensors and will only allow access to an area if the worker has a 0.00 reading and if the RFID tracking system detects the correct tag number for workers assigned Personal Protective Equipment in the vicinity.”

The responsibility of access control

Yet while the market has become more accessible and cheaper, companies should realise their own growing responsibilities when adopting an access control system. It used to be a problem to get employees to trust such technologies, particularly biometric fingerprint readers. But as these systems become commonplace – smart cards to access public transport or fingerprint scanners on smartphones – end-user habits and perceptions are changing. The bigger challenge for any access control adopters is keeping personal data secure and Truter says adopters must realise they are taking on legislative responsibilities. “With the introduction of the Protection of Personal Information Act (POPI) it establishes the rights and duties that are designed to safeguard personal data. In terms of POPI, the legitimate needs of organisations to collect and use personal data for business and other purposes, are balanced against the right of individuals to have their right of privacy, in the form of their personal details respected,” he says. Perkins agrees that this responsibility should not be taken lightly: “An organisation is also responsible for ensuring that personal information held internally is securely protected. Having weak access security or systems access security could place an organisation in an equal amount of trouble.”

Fortunately legislation is easier to manage when working with top integrators and vendors, and the benefits certainly outweigh the added legal headaches. “If correctly designed, sold, installed and maintained, an access control system should not be a burden at all. It should enable a company to operate far more efficiently, especially with enterprise solutions where accurate process flow and change management planning is imperative,” Coetzee ends.