New Trends in Access Control

For some time now, an ongoing drive for converged solutions has dominated the security debate across corporate management.

A simplistic version of events is that task consolidation helps to realise reduced costs. While that may be an undercurrent bolstering the convergence movement in these austere financial times, there’s far more to it than mere pounds and pence.

Converged solutions actively assist companies in meeting their regulatory requirements and obligations while helping to enforce consistency of policy.

Information as assets
At least in part, the convergence movement is motivated by due recognition that business assets are increasingly information-based. In today’s commercial landscape, information assets demand every bit as much attention as do their physical cousins — if not more, some would argue.

One need only converse with recognised experts from ASIS, ISACA, and ISSA — co-founders of the Alliance for Enterprise Security Risk Management — to support and develop that statement.

This overriding desire for convergence is mirrored in the access control solutions market. For operational convenience, end-users now increasingly crave a single credential that will allow — in the first instance — access to buildings, followed swiftly by an ability for personnel to log on to the company network with that same credential and, subsequently, access remote networks without the necessity for any one-time password tokens or key fobs.

Such solutions are not just about convenience, either. Importantly, it’s a more secure response to the situation. Why? Converged access control permits far stronger authentication throughout a given company’s IT backbone and doesn’t solely focus on defence at the perimeter.

By extension, organisations are able to leverage their existing credential investments, appending logical access control for network access on the way towards energising multi-layered and fully interoperable security solutions that truly span their networks, systems, and physical facilities.

That’s one trend in the access control space, then, but what of the others as we rapidly approach the 40th Anniversary edition of IFSEC International?

Contactless smart cards
Card technologies are themselves continuing to evolve from prox to magstripe and on to ‘smart’ variants. Contactless smart cards founded on open standards are viewed by many as the ‘Holy Grail’.

More and more layers of additional security are being added, be they purely digital or visual. Meantime, card storage capacities are expanding to accommodate the latest biometrics as well as other multi-factor forms of authentication.

One of the $64,000 (₤42,000!) questions here is: ‘Will Near Field Communication (NFC)-enabled smartphones come to replace physical smart cards in the years ahead?’

Received wisdom suggests the answer is: ‘No’. It’s more likely the case that the two will coexist as part of overall physical access control solutions.

In terms of developing NFC-enabled projects, the security sector spent much of 2012 laying a solid base from which to build mobile access control solutions.

If widespread adoption is to take place, though, a distinct ecosystem has to continually evolve and include widely available and secure handsets, readers, and locks that can recognise digital keys embraced by those handsets and service providers able to deliver and manage mobile credentials duly created.

Speaking of mobile credentials… One trend witnessed of late is that some organisations have begun to outsource what might best be described as traditional ‘badged’ access control solutions to those offering services in the cloud. Put simply, mobile devices could be connected to the network via, for example, a link that’s WiFi-enabled.

A further approach is derived by making use of mobile network operators ‘over the air’. New applications can be pushed out to the NFC-enabled phones in much the same way that apps and music may be downloaded by consumers in the social environment. The idea is that multi-factor authentication is then transformed into a managed service run in the real-time arena.

Last, but not least, what about BYOD (bring your own device)? Companies may save money on technology while employees can work with chosen systems that might just boost staff productivity and/or morale. However, key company information could be rendered somewhat less secure.

With a recent Logicalis study suggesting that only 20 percent of employees surveyed had signed a BYOD policy, there’s clearly much work still to be done here.

Brian Sims is organising the content for the Access Control Area of IFSEC International 2013. To register for the show, please visit IFSEC International 2013.