Despite the well-deserved attention paid to cybercrime and electronic data breaches, physical access security — restricting who can enter office space, data centers, and more — remains a critical front-line defense for organizations across industries and company sizes. Smart cards, key fobs, and numerous other access technologies are commonplace in many office environments, and have been for some time.
Driven by convenience and operational efficiency, enterprises are increasingly seeking to leverage the potential of a mobile-first world. Harnessing the mobile revolution for physical access control will eventually merge the network and other secure access needs, creating a more connected environment.
Smart devices are everywhere
The number of smartphones users is expected to reach 6.1 billion in 2020, when it will represent 70 percent of the population, according to Ericsson. Smartphone users in Asia was estimated at just over 1 billion in 2015 and rising to 1.48 billion by 2019, according to eMarketer.
In addition, a new class of devices called “smart wearables” – such as glasses, watches, and fitness and healthcare devices — will increase the number of mobile devices in the market even further. IDC predicts the worldwide wearable device market will reach a total of 111.1 million units shipped by end of 2016 and total shipments will reach 214.6 million units by 2019. These truly mobile, “always-on” devices are even more natural candidates for access control applications because of the ready-to-use convenience of a wearable device.
Enterprises expect a mobile-first world
Extending physical access security to mobile devices increases enterprise efficiency by automating and eliminating a number of manual tasks. Consider how it changes a scenario that plays out in buildings all over the world each day.
An employee is travelling to another company-owned facility for a meeting. Prior to arriving, he informs the facility the date, time and duration of his visit. The administrator of the facility’s access control system enables activation of the employee’s PACS ID and related rights via a mobile access portal.
Through his mobile device, the employee could enter the parking area and facility, and readily access the conference room where the meeting takes place. Mobile access enables his seamless movement throughout the facility and once his meeting is over, the employee’s temporary access rights to the facility could then be programed to expire automatically.
The benefits of mobile access
- The freedom to move access control to phones, tablets, wristbands, watches and other wearables offers choice and convenience to end users, along with new and more convenient ways to open doors and gates.
- Always on hand: Users do not have to maintain and carry multiple cards.
- Quicker and smoother experience: In parking garages or at driveway gates, for example, the longer reach of the Bluetooth Smart communications standard makes it possible to drive up to the gate without having to roll down the car window to activate a reader.
- Gesture detection: Smart device sensors, most notably the gyroscope and accelerometer, enable gesture detection, thus offering the ability to open doors from a distance through intuitive gestures. For example, HID Global’s patented Twist and Go technology allows users to unlock doors or open gates by rotating their smartphone in a way similar to turning a key. This also provides an additional layer of authentication for added security.
- Connected mobile devices introduce new ways to manage mobile identities in near real-time.
- Time savings: Using a cloud-based portal to centrally manage mobile identities instead of managing physical badges frees up time for staff. It is even possible to enroll many users at once by importing a CSV or Excel file (batch upload), while invitations and provisioning can also be managed via email.
- Simple enrollment for end users: An end-user receives the invitation via email, downloads the app, and enrolls. The Mobile ID is provisioned right to the end-user´s smart device.
- Management of multiple locations: Many organizations have offices around the globe with different access control systems. With a mobile access solution supporting multiple mobile identities per mobile device, an employee can simply receive an additional mobile identity on her phone before leaving or upon arrival, negating the need for visitor or temporary badges.
- Mobile access can complement existing access control solutions by providing an alternative to more traditional form factors, while offering a number of security benefits over smart cards or fobs:
- Easily shared PIN numbers. Legacy systems such as Magstripe and low-frequency proximity cards are vulnerable to cloning (record and replay). In quality mobile access solutions, digital credentials or Mobile IDs are securely stored and protected, utilizing the security features of the mobile operating system (e.g., sandbox or PIN) and strong encryption.
- Communication with readers over longer distances. The readers can be mounted on the safe side of a door, minimizing the risk of theft, physical attacks or observation.
- Harder to lose. Mobile phones are rarely shared or stolen in a working environment, something which happens more easily with cards.
- Access rights controlled remotely. In the event of a lost, stolen, or compromised mobile device, access rights could be terminated easily through the management portal.
- Authentication. Smart devices also support multi-factor authentication, biometric identification, and other advanced security features that extend far beyond the capabilities of legacy cards.
Today’s organizations are beginning to see the benefits of merging physical and logical access. Mobile devices are changing the way that workers work and enterprises think about their operations, networks, and security. Putting mobile devices to work as tools for secure access is more convenient for users; easier for enterprises to manage; more secure than previous generation technologies; and creates opportunities for the convergence of network and physical security that are simply unavailable with legacy access tools.
Views are of the author and Techseen may not necessarily subscribe to them