A lot of conversations and articles for the last decade discussed the convergence of logical and physical access control. These conversations, products and projects often focused on solutions based on the concept of convergence as defined by one card. The desire is to have one card (device or token) to get into buildings; to log into networks (and single sign-on); for remote access; and for access across global enterprises and applications. While this may be a convenient way to describe the outcome it does not represent all the work, skills and the opportunity today.
Things are changing rapidly in the identity and access markets. In the very near future, one card goes the way of one smartphone. It is a matter of when—not if—the speed and breadth of the impact will occur. The solution required is not about the physical device or token type (though standards-based ones are an important consideration and there will be multiple tokens generated). It is about the creation and maintenance of trusted, interoperable digital identity and its ability to authenticate ourselves and our rights and privileges (e.g. roles) to do things across a wide range of circumstances, locations and contexts (“Personal Identity Verification (PIV) of Federal Employees and Contractors.” National Institute of Standards and Technology, June 23, 2006, http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf.); and “Personal Identity Verification (PIV) of Federal Employees and Contractors DRAFT.” National Institute of Standards and Technology, March 2011, http://csrc.nist.gov/publications/drafts/fips201-2/Draft_NIST-FIPS-201-2.pdf).
This includes policy and procedures in addition to technology and the ability to maintain these controls. System integrators need to be able to add value across the board—and not just install the technology.
Convergence conversation changes
Convergence has not gone away. But the way it is discussed needs to change. Convergence is evolution. It is technology and Moore’s Law taking its course. It does not need to be created or engineered—it just happens. And while past conversations of convergence focused on the need to leverage public and private networks, at present there is a need to focus on the digital identity of people and things.”
Additionally, while networks have always been a part of the access control solution, the security networks, however, have often not shared information over public systems. As information technology (IT) departments move more of their infrastructure, platforms and applications to the cloud, security and access control systems and its integrators will need to do the same.
Take, for example, smart devices. There are over five billion smartphone chips produced yearly, which results from the growing demand for commercial (retail) and enterprise use and continued capabilities growth (Eurosmart, 2012, http://www.eurosmart.com/index.php/publications/market-overview.html). What’s more, smart devices wag the dog due to individuals’ request to utilize security services at work and at home with the same device. This creates a disruptive demand for services accessed via smart device use across commercial and residential security. The vast number of devices—and again Moore’s law (increased processing power and falling costs per calculation, memory unit or pixel)—provide expanding functionality, e.g. Gigahertz processors, Gigabytes of flash memory, better displays and connectivity and application support, i.e. apps. Smartphones and tablets tilted IT departments’ individual use of personal devices at work, actions which access control systems and their integrators will also need to follow. The systems at home will meet or exceed the capabilities of the access control systems at work. In fact, home systems are already more sophisticated than work systems since the upgrade cycle is more frequent and uses more recent technology. As a result, there is a further impetus from the convergence of work and home.