For most physical security programs, "in denial" is the most accurate way to describe the state of lock and key management. On day one, you know the state of locks, referring to where they are and how they are keyed, and keys, meaning how many there are and who has them — especially master keys.
Over time, that picture changes and the state of key controls grows far from what it should be. The larger the organization, the worse the situation gets. It’s the “dirty little secret” about physical security programs that is hard to face up to.
For large organizations, the task is more than daunting — it can seem practically hopeless, because manual lock and key programs are not feasibly maintainable in practice. Add in the fact that there is no way to guarantee that keys will not be copied. Locks and keys are a major vulnerability to insider and outsider threats.
Thus, every year for more than two decades, I get asked the question below — especially following the annual ISC West and ASIS shows:
Q: Is there any kind of electronic key system that I can use to supplement or improve the state of my metal lock and key program?
A: There are several that you can find at the ISC West and ASIS exhibits, and here are two that I saw on the show floor at ISC West 2011:
Intelligent Key Technology
There is more than one kind of intelligent key technology, and I will mention two here that take different approaches but have one thing in common — they use the intelligent keys to power the locking devices, eliminating the need to change batteries at doors or other access points.
UTC Fire and Security’s Supra line of products (part of UTC’s acquisition of GE Security) includes electronic key products that can be used to eliminate the use of metal keys. TRACcess is an electronic range of locking and key storage devices powered by the TRACkey (i.e. the locking devices themselves require no batteries or other power source). An audit trial of who accessed what and when is maintained through the TRACcess Manager database. Currently, product information can be found at www.traccessuk.com.
Products include: the TRAC-Vault intelligent storage device designed to hold multiple keys or access cards on-site; the TRAC-Padlock designed to outdoor gate and general requirements; the TRAC-Tube attack-resistant intelligent storage device that can hold two keys and access cards. UTC has improved the product line since its acquisition, something that I’ll comment about in next month’s column.
The CyberLock technology from Videx won a product of the year award at last year’s ISC West show, and somehow I missed it. This year, a client brought it to my attention right after the show, where Videx had released an expansion to its CyberLock technology. I visited the Videx website and watched the 12-minute video about how the CyberLock technology works (www.videx.com/CyberLock/CyberLockVideo.html).
The CyberLock technology has two primary hardware components: an electronic key, and a replacement lock core for standard locks that contains the electronics for the lock side of the system. The CyberLock cylinder requires no power, as it is powered by the CyberKey. The CyberLock requires no network connection because the transaction information is carried back by the CyberKey. A software application collects access history (for details, see the online video) and provides key and keyholder management. It includes an API for integration to access management systems.
Strengthening Key Management
With these kinds of solutions available, every facility and security manager can significantly improve the state of lock and key programs — including management of locking cabinet access. This is an area of convergence (computer intelligence inside physical lock systems) that has generally been neglected for far too long.
Regardless of the size of your organization, there is no longer any excuse for having an unintelligent lock and key situation. So do your homework, improve your asset protection profile, and establish a lock and key program that you can be proud of.