Dynamic Change Looms for a Traditional EAC Industry

March 9, 2020
The advent of the cloud, enhanced identification and managed solutions drives access control landscape

Some end-users lament that there just isn’t anything new on the access control technology horizon. But according to three industry technology experts, the future of access control is rich with cutting-edge technology, advanced interoperability and expanding applications that will impact the security industry for years.

Security Technology Executive (STE) editorial director Steve Lasky recently posed some pointed questions for two leading access control vendors and a top national systems integrator to offer their take on the new technology landscape. This continuing series of technology-sponsored Roundtables-in-Print includes Steve Wagner is President of Open Options, a security industry veteran of 35-plus years; Ian Lowe, Product Marketing Director for HID SAFE and the newly released WorkforceID at HID Global; and Phil Lutes, President of Signature Systems of Florida since 1992, who has installed and serviced access control systems since the 1980s in a variety of vertical markets.

STE: Many access control end-users don’t feel their technology options offer much variety. But with the advent of Cloud, mobile and managed solutions expanding those options, how dynamic do you feel the future of access control solutions are in the near future?

Steve Wagner -- I believe that access control systems have historically been and remain today; the central nervous system of any/every facility’s security. While system options have evolved from thick to thin client offerings and to the more current cloud, these incantations still require human interaction and process. It is the user experience frontier where the future lies in access control. All the complexity of a highly integrated security platform must come to life in an intuitive framework that allows a system user complete flexibility and deep control of their building(s) security apparatus. The user experience must be adaptive and operator specific. Give the operator what they need to see/operate and only what they need to see/operate and do so on every connected device at their disposal.

Ian Lowe -- The future of access control is a dynamic landscape with unprecedented sophistication and capabilities. However, as with any uncharted territory, new risks result as well. Additionally, regulations such as GDPR, California Privacy Laws, and others continue to impact how businesses deploy and manage security solutions. Being limited by legacy technologies compounds security risks and makes it nearly impossible to keep up with ever-evolving regulations. Thanks to the workplace being a fluid environment no longer being limited to a single location, the security perimeter is changing. Identity is the new perimeter and it’s what defines how we access our workplaces and the applications we need to do our jobs. This means that access control vendors are being forced to increase the speed of innovation through the adoption of more agile development methodologies, and the embracing of new (to access control) technologies, such as Cloud, Mobile, Near Field Communication (NFC), Bluetooth (BLE), Ultra-Wide-Band (UWB), and Artificial intelligence.   

STE: From a systems integrator’s perspective, what has been the most dynamic technology shift in access control over the past five years and what has its impact had on your clients?

Phil Lutes -- The move towards wireless locksets has created both opportunities and challenges as the manufacturers work out the details.  Much of our customer base is Higher Education and K-12 and can benefit from the lower installation costs of wireless locks.  The major manufacturers are directly marketing to these customers to create demand, but the customer isn’t always aware of the feature sets when compared to traditional wired access control doors.  For example, a feature like lockdown may not function exactly as expected without tweaking settings that can impact battery life, which then becomes a maintenance issue for the owner.  Also, when using wireless locksets, the owner must decide if they want the system to be on the building’s wi-fi network or on a 900Mhz frequency.  Cybersecurity concerns and wireless network stability become topics during these discussions, drawing in the participation of IT, and bringing another layer of complexity to the application.

STE: How is technology reshaping your customer’s needs and the way you approach servicing them? 

Lowe -- Our customers are expecting an e-commerce buying experience where they can go online to do their own research, easily find answers to their questions, experience a free trial, and purchase products as easily as if purchasing on Amazon. From a support perspective, they are expecting more flexibility, better accessibility and an always-on approach afforded by digitization. Online FAQ’s, support videos, online 24/7 support for applications in the cloud, chat and help bots, digital hardware configuration tools that are delivered as apps on mobile devices, and online connectivity of the physical access HW ecosystem. Our channel partner and integrator partners are asking for more personalized, streamlined and digital purchasing and contracting experiences.   

Lutes -- Until the last couple of years our industry expected service to be delivered in person at the customer’s site.  While we occasionally provided remote support via the internet, this was not the norm.  However, today we have several employees available to provide remote assistance and have modified our service agreements, so customers expect and receive this level of service.  This trend is partially the result of the trend towards IT being involved in the maintenance of the security department’s infrastructure and their reliance on third-party support; especially for applications like access control that is outside of their area of expertise.  The transition to include remote support created learning opportunities for our team, as we had to become familiar with each customers’ requirements for accessing their network.  Tracking who had user accounts and VPN software was a new discipline for us, but critical for mutual success.  In general, the larger the enterprise is, the more difficult it is to obtain and maintain remote access to their network even though these larger enterprises need that level of support most often.

STE: What are end-users asking for in future deployment of access control systems that are driving what you are doing now and what will be offered in the next five years?

Wagner -- They are asking for choice, connectivity, cyber resistance and proper long-term care. The market desire is to have the choice of Open systems and that those systems are replete with choices of ancillary subsystems that are easily connected and offer meaningful transactional data. Whether the connection is direct or networked, clients expect that the piping between devices are secure and employ proper protections that resist cyber-attacks. Just as important as the technology deployed, is the comfort the customer expects from direct interface with factory expertise for the long term “care and feeding” of their investments. They will look to be richly educated in their systems’ capabilities, to be certain they are optimizing their initial and subsequent investments. When there is a problem, they want subject matter experts on call solving them.

At Open Options, we will continue to practice the Open ideal providing choice to our clients and our prospects. We will continue to aggressively add technology partners that lengthen the security reach of our software platform on behalf of our clients, focusing on making those connections with the utmost cyber-aware programming available. Enhancing our client experience will require concerted programmatic effort to maintain client engagement with our training and professional services staff.

Lowe -- End-users are asking for more frictionless, seamless access experiences with varying role-based needs and security built-in. For visitors, end-users seek to make a great first impression. The entire visitor experience from the moment of arrival through departure should run smoothly. Anything less than a “wow” experience, unfortunately, reflects poorly not only on the end-user’s technologies and processes, but it’s a poor brand experience. For example, when a visitor arrives, the end-user wants to already know who that visitor is well before they reach the front door. This can be done with the advanced collection of identity data. They want the visitor to have a great arrival experience. This means excluding superfluous additional information during check-in and eliminating repeat processes or answering questions multiple times because the data is siloed. It also could include a slick, self-service sign-in experience using a tablet-based kiosk.  

For the employees, they expect that the building already knows who they are from their first day. They can enter the building with minimal interaction with the door; it should just open for them. They can move from one office to the next without having to wait for access to be granted.  

For contractors with a limited window to complete their tasks, time wasted trying to access the workplace could mean the derailment of an entire project. They expect to get to work on the first day, not spend most of the day trying to access the many doors and areas they need to survey in order to complete their assignment. Long, drawn-out processes to request and grant access as well as provide credentials for one or more contractors can very easily spiral out into an inefficient burden for the end-user. Contractors and end-users expect a similar, seamless process of the visitor experience with the additional protection and clearances that employees can expect, without adding drastic overhead and administrational burden on the end-user.  

In order to deliver this experience, access control and identity ecosystems must work seamlessly together. They’re asking for unified identity and access management across multiple and often different, access control environments. 

STE: Many end users are finding themselves in the process of migrating their access control solution from an existing legacy system to something more robust. As an integrator, how are you seeing this play out in the market and what is driving this transition?

Lutes -- This transition is driven from a few angles.  First, we sometimes see sites with old access control software running on a standalone workstation using an operating system that is no longer supported (i.e. Windows 98).  IT departments are quick to point out the risks – both hardware and software failures – and push for upgrading to a system that can run in a supported environment.  Second, as IT becomes more involved in administering and supporting access control, there is a demand for integration into Active Directory and other personnel management software to reduce data entry and eliminate risks such as terminated employees remaining active in the access system.  Many legacy systems lack the ability to connect with other databases and were not designed with an open architecture philosophy.  Lastly, the software in many legacy systems cannot keep pace with the OS environment of larger organizations, as patches and updates from Microsoft create a need for constant development and testing by the manufacturer.

STE: Connectivity and open systems are buzzwords common to the access control market. What do these concepts mean to end-users and how is technology addressing an expanding IoT universe that is driving technology to the edge?

Wagner -- It is always dangerous to use these buzzwords and equally so with terms like IoT and The Edge. As with many things, it’s about context and market understanding. For Open Options that context would be access control and the markets would be all verticals that are non-residential.

With those parameters, I would offer that connectivity in our market means the attachment of data-generating devices in an easy to install and easy to “mine” way.  Can an integrator attach a device to the access system of my client and can my client, easily extract the data generated by that device, no matter its location? Then mine it, for the usefulness of the data provided. Additionally, can this newly attached device interact with my core security platform in a seamless, non-operator, effected way?

The definition of The Edge is an equally challenging term, as it changes depending on the security provider, the responsible system overseer, or manufacturer. If you water down the definition of The Edge to any endpoint device, you run the risk of watering down the data richness derived by a device that fits this definition. The best example being the door switch, strike or REX.

In the gross definition of endpoint device these all fit. They have been in place at doorways for decades, providing limited data of their state. While their data output is small, and they can seamlessly begin a chain reaction without the intervention of an operator on a state-change. They are not an IoT device though they can exist at the edge of a building envelope. Nothing provided by these devices is rich with data, however, functionally they are richly important.

Fast forward to today’s Vaping dilemma in schools. There are highly sophisticated detection devices enabled to sit on the network be placed in school bathrooms and hallways that can detect the presence of vapor and its contents. Are they edge devices? Maybe? They are in place for school administrators attempting to quell the practice and placed where the act routinely happens.

These devices, when connected to access systems, can report a host of detection parameters. They are the epitome of an IoT device, smart, networked, interfaced with a host/cloud data store and managed interactively or autonomously once programmed.

Both examples are devices out in the world, both devices provide useful data, one highly differentiated and one as a simple on/off/tamper report. Both are rich in detail and depending on the system they are connected to will provide useful actionable information for the consumer. 

Lowe -- The words “open” and “connectivity” is a must-have. This means that the end-user has more choice in the technology and the solutions they can choose. Vendors must adopt the use of open standards to enable this choice for end-users. Some examples include: 

  • Unified Physical Identity and Access Management (PIAM). Many larger organizations are faced with multiple physical access control environments. Which makes identity and physical access management challenging and costly. PIAM unifies the management of identities and access control policies by providing a single portal or user interface that acts across multiple physical access systems. PIAM also connects to primary IT identity and HR systems such as Microsoft Azure Active Directory, SAP, Workday. 
  • Open supervised device protocol (OSDP). This is an access control communications standard developed by the Security Industry Association (SIA) to improve interoperability among access control and security products – most commonly door readers and door controller panels. Devices from different vendors that support OSDP should work together harmoniously and meet the highest levels of security available today. 
  • Bluetooth LE, Near Field Communication and Ultra-wideband. These are all communication standards that help us as vendors to provide more seamless access control experiences, including real-time location services and secure door access without having to take your access control badge out of your pocket and tap it against a reader. 
  • Adoption and implementation of IT security standards such as digital certificates.  Highest levels of encryption to enable trusted identities across the entire access control ecosystem- people, software/cloud applications and hardware. Physical access control solutions must adopt these standards to ensure strong cybersecurity defenses and interoperability with the rest of the workplace technology and application ecosystem.  
About the Author

Steve Lasky | Editorial Director, Editor-in-Chief/Security Technology Executive

Steve Lasky is Editorial Director of Security Technology Executive, Security Dealer & Integrator magazines and SecurityInfoWatch.com.