Access Control: Selling the Upgrade

As the security landscape continues to evolve in new and complex ways, it brings change on many levels — which can and should be interpreted as an opportunity for improvement rather than an interruption or a distraction. This concept has never been more important for integrators as they face increasing pressure to deliver greater value and solve more complex problems for their customers.

There are many reasons that organizations often avoid or delay change, including concerns about budget and the impact on productivity and workflow. However, this can be especially dangerous when it comes to access control infrastructure, where a combination of technology obsolescence and escalating security threats can quickly cripple an organization’s ability to protect its people, facilities and data assets.


Persuading the Customer to Make the Leap

The best approach to change is to be proactive, rather than reactive. Organizations should pursue solutions that are dynamic and adaptable to ongoing changes in an organization’s needs and industry best practices. When you approach a customer to change or upgrade their access control infrastructure, you should focus on these three key criteria:

1. Interoperability and leveraging standards: Building an architecture that supports change requires careful attention to the “connections” between architecture components. The goal is interoperability, which delivers economical upgrades and ensures that products are supported with a well-developed channel model for service and support. Users need to understand all of the architecture’s communication dependencies and how standards might be applied.

A prime example is the Open Supervised Device Protocol (OSDP) and companion Secure Channel Protocol (SCP) for reader communications — both of which have been standardized by the Security Industry Association (SIA). These protocols replace legacy, unsecured Wiegand technology to provide bi-directional, multi-dropped communication, extending security from the card reader to the access controller. OSDP enables users to re-configure, poll and query readers from a central system, reducing costs and improving reader servicing. The protocol also enables continuous reader-status monitoring, and tamper indication functions for readers with onboard tamper detection capabilities. OSDP also drives new opportunities for innovation, such as by adding advanced display capabilities to readers.

2. Adaptability: Today’s identity ecosystem is significantly more dynamic than in the past. Static legacy systems, such as proximity card technologies, are easy targets for attack and quickly become anchored to obsolete software, devices, protocols and products. In contract, today’s solutions ensure that security is independent of hardware and media so that infrastructures can evolve to support tomorrow’s needs. These solutions also enable smart cards to be portable to smartphones; thus enabling organizations the option to use smart cards, mobile devices or both within their PACS.

3. Simplicity: When we create complex, customized solutions, we may also create a future liability in terms of diminished support and longevity. Leveraging industry standards and best practices will enable customers to take advantage of the expertise of a network of peers who have shared solutions, enabling them to learn from each other.


Making the Transition

There are many possible migration launch points, including mergers/acquisitions, relocation and facility consolidation; or, the trigger might be the need to standardize on a single card, or a corporate re-branding and re-badging. Organizations may also want to add new card applications such as time-and-attendance or secure print management. They may also need to improve risk management, or boost security because of an event, or new client or new regulatory requirements.

Whatever the impetus, today’s access control platforms enable a secure, phased migration. It can take several days or weeks to migrate and, if necessary, a parallel system can be in place for months. The key is to ensure interoperability with legacy and future systems — multi-technology cards and readers bridge the gap between just about any legacy system and today’s secure contactless technology.

One approach is to simply use multi-technology cards. A smart card can securely house up to four different access control technologies, including Weigand, magstripe, low frequency, high frequency or a contact chip. This approach works well if an organization only wants to upgrade security for a specific department or group. Employees carrying a card with both technologies can enter any location regardless of whether it has an old or new reader.

Another approach is to install readers that use a combination of old, low-frequency and new, high-frequency technologies, including 125 kHz HID Prox or magstripe, as well as the latest RFID technology. This increases flexibility to support unique requirements. Multi-technology readers are also helpful for granting access to employees that may be on a different campus, using different technology.

HID Global supports both of these approaches. The company’s iCLASS SE platform uses a new Secure Identity Object (SIO) data model that supports open standards including Abstract Syntax Notification One (ASN.1, a joint ISO/IEC and ITU-T standard). SIOs can represent many forms of identity information on any device that has been enabled to work within the secure boundary and central identity-management ecosystem of the company’s Trusted Identity Platform (TIP). The combination of TIP and SIOs improves security and increases flexibility for adapting to future requirements, such as adding new card applications. Additionally, iCLASS Seos credentials can be carried inside smartphones in a managed access environment.


Secure Issuance

It is also important to consider current secure issuance requirements. Today’s printers, card materials and software incorporate critical visual and logical technologies so that organizations can implement multi-layered validation. There are many hardware choices, from monochrome direct-to-card (DTC) solutions to high-definition printing (HDP) retransfer technology for contactless or contact smart cards. Organizations also have high-throughput options, and can select products that deliver the high-volume reliability and advanced credentialing features of large centralized units, along with the lower cost and smaller footprint required for the distributed printing model.

Secure validation is a key ingredient. In addition to two-dimensional identifying data such as a simple photo ID, or more sophisticated elements like higher-resolution images and forgery-proof laser-engraved permanent personalization, today’s smart cards can include chips, magnetic stripes and other digital components for an important third security dimension. With expanded data storage, cards also can include biometric and other attributes to further enhance validation.

Other elements to consider are speed and convenience. Printers with built-in programmers/encoders combine multiple processes into a single, highly efficient in-line card personalization step. Opting for field-upgradable units enables organizations that already own a card printer to add an encoder in the field so they can leverage smart card benefits well into the future.


A Path to the Future

There is significant value in shifting the traditional way of thinking about change, and looking at it as a leadership opportunity rather than an interruption, distraction or something initiated in response to an adverse event. Integrators can help their customers to easily and inexpensively expand and upgrade their systems to meet changing needs while taking advantage of new technologies.

By using dynamic rather than static technologies, security becomes independent of hardware and media, and the infrastructure can evolve beyond current abilities with the adaptability to combat continuously changing threats. Helping customers make the right technology decisions today will also help them meet new requirements with the confidence that they will be able to preserve investments in their existing infrastructure.


John Fenske is Vice President of Product Marketing for Identity and Access Management with HID Global. To request more information about HID, please visit