Top five access control trends for 2014
Trend #1: The industry is quickly moving beyond static, proprietary access control architectures to more secure, open and adaptable solutions that support customers’ desire for new products and technologies that enable their business.
As the security landscape continues to evolve in new and complex ways, progressive organisations and thought leaders are adopting a new attitude towards change and viewing it as an opportunity for improvement and value rather than an interruption or distraction.
Proactively making changes today will ensure that an organisation’s access control solution can adapt to future threats and take advantage of opportunities and applications beyond access control. Future high-value applications might range from cashless vending, time and attendance and secure print management, through to secure network logon - all as part of a fully interoperable, multilayered security solution across company systems and facilities. By using solutions that are based on industry standards such as OSDP bidirectional communications, and incorporating dynamic rather than static technologies, security becomes independent of hardware and media and the infrastructure can more easily evolve beyond current abilities and have the adaptability to combat continuously changing threats.
The industry is still evolving towards this point, however, with many companies reluctant to embrace change. In a survey of integrators and users, HID Global found that less than 50% have upgraded their systems in the last year and more than half have not upgraded in the past three years. Respondents were given a list of top technology best practices, and while 75% felt they were important or very important, half felt they were not implementing them well or at all. Similarly, 93% agreed that a list of top policy best practices was important or very important, but nearly 40% said they were not implementing them well or very well. We expect these numbers to shift as strategies for change become better understood and the industry embraces the opportunities that change can bring.
Trend #2: Integrating physical access control with IT security will bring new benefits while changing how organisations operate.
Historically, physical and logical access control functions were mutually exclusive within an organisation, and each was managed by different groups. Now, however, the lines between these groups are beginning to blur. Organisations want to provision physical access control system (PACS) and IT identities on a single card (or smartphone) that can be used to open doors and log on to computers. This will create a seamless user experience when securing doors, data and the cloud and improve how organisations create, use and manage identities across many different applications on both smart cards and smartphones. Users will soon be able to carry many types of access control credentials as well as one-time password (OTP) tokens on a single microprocessor-based smart card or smartphone. This has led many companies to seriously consider the benefits of incorporating secure physical and logical access on cards and phones into their facilities and IT access strategies. This allows companies to improve efficiency through centralisation of credential management for multiple logical and physical access control identities across IT resources and facilities. Organisations will be able to achieve true convergence through a single solution that can be used to access IT resources, while also enabling many other physical security applications. There will be a single process for provisioning and enrolling both IT and PACS identities, and it will be possible to apply a unified set of workflows to a single set of managed identities for organisational convergence.
Trend #3: Strong authentication will continue to grow in importance in the face of a rapidly changing IT security threat environment - and will also move to the door.
Security professionals understand the importance of multifactor authentication, also known as strong authentication, especially for IT security. The industry is quickly moving beyond simple passwords (something the users knows) to additional authentication factors including something the user has (such as a mobile or web token) and something the user is (ascertained through a biometric or behaviour-metric solution). Unfortunately, users have grown weary of the inconvenience of hardware OTPs, display cards and other physical devices for two-factor authentication. While the industry is replacing hardware OTPs with software tokens that can be held on such user devices as mobile phones, tablets and browser-based tokens, there are security vulnerabilities with this approach. A far more secure authentication alternative is multiapplication credentials that use a data model which can represent any type of identity information and can be carried on smart cards or smartphones. Users will simply take the same card (or phone) they use for building access and tap it to a personal tablet or laptop for authenticating to a VPN, wireless network, corporate intranet, cloud and web-based applications, single-sign-on (SSO) clients and other IT resources. There will be no need for a separate card reader or additional devices to issue and manage, nor will they need to enter a password on touch-screen devices.
We will also see increasing adoption of other authentication factors including biometrics, as well as gesture technology. With a predefined wave of the hand or other gesture, users will be able to control a variety of RFID devices, dramatically changing how we interact with access control systems.
Trend #4: Mobile access control will continue to roll out in stages.
During 2014, we expect to see the first phase of mobile access deployments rolled out, in which smartphones will function similarly to how a card transacts today, depending on technology and business ecosystems already in place. In subsequent phases the phone’s onboard computing power and multimedia capabilities will be leveraged to overcome limitations and provide a more functional and rich user transaction and experience. Looking forward further, the connectivity of smartphones will be used to perform most tasks that today are jointly executed by card readers and servers or panels in traditional access control systems. This includes verifying identity with rules such as whether the access request is within a permitted time and, using the phone’s GPS capability, whether the person is actually in the vicinity of the door. The user can then be validated using a cloud application and granted access via a trusted message over secure communication to the door.
In this new paradigm, mobile devices (rather than an access control system) make the access decisions and doors (rather than cards) present their identity. This role reversal, sometimes called duality, changes how access control solutions are offered. Organisations will be less dependent on the expensive infrastructure required for connecting servers, panels and readers - just electronic locks that respond to a mobile device’s encrypted ‘open’ command. This simplified and more economical model will enable the industry to secure more assets: interior doors, filing cabinets, storage units and other areas that have been prohibitively expensive or complex to secure in the past.
Trend #5: We will enter a new era of NFC authentication services.
There is an emerging paradigm in which near field communications (NFC) RFID tags will be attached to many items in public places, to establish their unique identity so that authenticity can later be conveniently verified using contactless readers or any NFC-enabled smartphone or tablet. This authentication model will enable a variety of new transactions and services, ranging from authenticating items and documents and securely managing chain-of-custody, warranty and other transaction data, to accessing web links provided by smart digital posters (digital out of home marketing - DOOH), proof of presence (electronic visitor verification - EVV) and authorising a phone to operate in an organisation’s virtual telecom system.
These and other applications will rely on the ability to confer trust both on the NFC tags and their interactions with many different devices and applications. Without this trust, tags could be reconfigured or duplicated, leading to counterfeit authentication, fraudulent transactions and increased user vulnerability to mobile and online security and privacy threats. This will require the ability to confer trust to, and provide security for, the readily available NFC tags used for these applications, to eliminate the inherent risks associated with using NFC tags by ensuring they are valid before they can be used. Ensuring this level of trust will require a combination of NFC tags containing cryptographically signed data elements that cannot be copied or modified without detection, plus secure cloud-based authentication services that are backed by a proven server infrastructure. With this ecosystem in place, it will be possible to develop applications that allow an NFC-enabled smartphone or reader to communicate tag information to a secure, cloud-based server, which validates whether the tag is authentic and asks for a proof of presence, then transmits this information back to the smartphone or reader.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.