Physical Security Access Control Systems | Greetly
Security is an aspect of organizational life that more and more people are taking very seriously. It keeps people and property as safe as possible. A thoughtful security protocol informs employees what to do in cases of emergency, whether from natural disasters (e.g. floods or fire) or from human hands (e.g. accidents, sabotage or violence). It strives to prevent human-induced hazards from occurring, as well as to prevent physical and intellectual property theft.
Unfortunately, for some businesses just starting out, security is an afterthought. Many small offices start working with simple door locks and passwords on their computers. But as companies grow and the stakes get higher, it is likely they will have to think more carefully about security, conduct security audits and form a plan. Part of that plan will be considering what kind of physical security access control system to use.
What is physical access control?
Physical access control can take a number of forms, but the basic idea is to create barriers to prevent unauthorized people from entering a physical space. In other words, physical access control ensures that only those who are allowed to enter an area can enter it.
Barriers to physical access can be either physical barriers — a locked door, a turnstile, a fence — or barriers of authority. A barrier of authority is a person or a sign explaining any restrictions. Think of a restaurant with a sign on a door stating, “Only employees beyond this point,” or a hospital receptionist admitting visitors during or outside visiting hours.
When we talk about physical access control, we are primarily referring to the system of physical barriers which work in combination with authority barriers and authorization plans to allow appropriate people in, and keep everyone else out.
Physical access control is at the heart of any good security plan, ranking right up with there with digital security. While digital security protects information — which can obviously be used to damage a company or individual’s reputation, finances or performance — physical security protects people and equipment in a more visceral way. The evening news is full of the unfortunate consequences of a violent person walking into a workplace with a weapon. In less dramatic fashion, physical barriers can prevent unknowing people from wandering into server rooms or other spaces with hazardous materials and equipment.
A physical access control system is the backbone of enforcing security surrounding physical access.
Physical security access control systems
In the modern era, physical access is very often controlled via a physical access control system, i.e. software and hardware designed to work in combination with electronic door locks and authorization guidelines. These systems translate an organization’s guidelines about who has access to what (e.g. rooms, equipment, vaults, etc.) into verification that locks and unlocks access.
Such a system will contain a database of different access levels and lists of which people belong to those access levels. It will actually control the locking mechanisms on various doors and barriers in accordance with the access level of the person providing credentials.
The beauty of access control systems — as opposed to issuing actual keys to open physical locks — is the ability to designate which credentials can open which doors, and to turn off access at a moment’s notice. It is far too easy for a physical key to be lost or stolen, requiring physical door lock changes that are quite costly.
Here are a few examples of why this functionality is helpful, using a hypothetical company that uses a key card access control system:
- John gets hired to work as a program developer at a medical laboratory. While he has access to most areas of the building, he does not have authority to enter the bio-lab unaccompanied. His key card cannot open the lab door.
- Mary recently left for a new position at another company. When she left, she forgot to return her key card. The system administrator can simply turn off access and her card will no longer unlock doors.
- There has been an accident in the lab. No one is allowed to enter until emergency personnel arrive. The doors can be remotely locked and all access denied.
- Visitors to the organization receive visitor badges and are issued cards with baseline access to common areas. If a visitor does not return a card after checking out, the card is deactivated.
Types of access control systems
Access control systems can generally be classified in two categories.
The produces use a credential scanner near the door/access point and a control box, usually located above the door. The control box communicates with the credential scanner, the door locks, the computer that runs the system, and sometimes with cameras. Everything is wired together.
The benefits of traditional systems include:
- Dependability: These systems, often called legacy systems, have been in use for years. They work. They do the job. They rarely have trouble.
- Security: The debate is ongoing as to whether traditional systems are more secure than IP systems (the second type). The fact is, hard-wired, proprietary systems are less likely to be hacked, and are thus seen by some as being more secure.
- Cost: Proprietary systems require proprietary hardware, and typically multiple control boxes. Most control boxes, due to the necessity of being within some proximity of the entrances, can’t control more than a few. It may be necessary to purchase one control box for each entrance.
- Location specific: Again, the location of the control boxes means that each is specifically programmed for that location. Moving a control box requires extra effort to make it work for a new location.
- Installation requirements: Many of these systems require both electricity and system-specific wiring.
- Self-contained: Because of the nature of how many of these systems work, it is difficult to integrate the systems with other systems and functionality.
IP or Cloud-based systems
Modern workplace access system are based on internet technology. They don’t require a control box. Instead, verification is handled at the credential scanner which is connected to a network containing all the necessary information. The credential scanner will obviously need electrical power and network access, which can actually be delivered through the same wires.
IP-based systems can be further divided into two additional categories: network-based and web-based.
- A network-based system is either hard-wired or wirelessly connected to the organization’s network. The software that controls it is stored on the organization’s servers and computers.
- A web-based system, by contrast, is controlled by software that is managed, maintained, and stored on the manufacturer’s servers and accessed via the Internet.
Advantages of IP systems include:
- Cost: Less equipment to purchase per entrance usually means a lower cost for most organizations. Eliminating control boxes makes a difference.
- Scalable: Less cost to install means it is much easier to scale up if the organization grows.
- Greater functionality: Because the system is network-based, it is easier to upgrade, add features, and integrate with other software than its traditional counterpart.
- Security: Again, it is difficult to say with certainty whether IP systems are more or less secure than a traditional system. Some argue that a breach at a single point in an IP system leaves the rest of the doors intact, while if a multi-door controller fails in a traditional system all the doors it controls would fail.
- Mobility: Web-based systems, in particular, offer the capability to change settings, or to lock and unlock doors from anywhere with an internet connection. Even network-based systems offer that capability, so long as the person has access to the network either by being on premises or via VPN.
- Network dependent: Many detractors are concerned that if the network goes down, the security system goes down with it. Considering organizations today are utterly dependent upon their networks, preventing or quickly fixing outages is a top priority. Still, downtime does happen, but most control systems are designed to store information in case of an outage.
- Hackers: Like concerns about network downtime, an access control system is only as secure as the network itself. If a hacker can gain access to the network, in all likelihood, they could also gain access to the door lock system. This may be especially concerning for web-based systems, since information is theoretically traveling through the internet at large. At the same time, web-based systems may have greater security than a company’s own network; makers of these systems know they need it and that their customers expect it.
What to look for in an access control system
Choosing an access control system for your organization is a decision not to be taken lightly. It is important that the system has the features you want at the right price.
Perhaps the most important aspect to consider, aside from the security level, is whether the system will work far into the future. Considering the cost of vetting, purchasing and installing all the components, this is a system you will be working with for quite some time. Taking the time to evaluate it from a forward-thinking perspective is absolutely vital to ensure it will do what you need it to for years to come.
That being said, here are some things to look for as you consider what you’ll need for years to come.
- Ease of use: How difficult is it to manage the user interface? Will users need vast amounts of training, or is it fairly straightforward? How involved is the setup process?
- Integration: Will it integrate with your organization’s directory or HR system? With video surveillance systems and equipment? With your visitor management system?
- Hardware compatibility: Does the system work on third-party hardware (e.g. cameras, door locks, controllers, etc.) or does it require proprietary hardware?
- Mobile: Is there a mobile app, allowing authorized users to make changes from anywhere?
- Types of authentication: There are multiple types of authentication, including a pin entered into a keypad; a card or fob that is swiped or scanned; a mobile app; or biometrics, i.e, fingerprint, eye scan, voice recognition, etc. The most secure systems require two types of credentials. You will want to determine which kind of authentication works best for your organization, and how secure you need to be. Does the system you are considering support multiple types of authentication?
- Reporting capabilities: What kind of reports can you generate from the system? Can you generate a report on a single person and their entries/exits? Or on a single point of entry? On the system at large? Are the reports easy to create?
- Scalability: Is it easy to add more hardware if your organization grows?
- Updates: As time goes by, how will software updates be communicated/installed? Is it an automatic process, or will it require staff to complete?
Where to start looking
Once you’ve determined that you need a physical access security system upgrade, it’s time to start looking and evaluating. Here are a few of the key players in the market.
- Kisi is a top-rated, cloud-based access control system with mobile functionality. It offers several possibilities for credentials, from cards, to fobs, to mobile phone, to a temporary link. Basic hardware equipment required includes a reader for mounting next to the door and a control box that belongs in the IT room. Different plans include different numbers of administrators and length of time data is stored.
- ISONAS Pure Access can be purchased as a fully hosted web-based access control system or as an on-premises solution. It is touted as “plug and play,” as all readers come pre-configured and are ready to use once connected via a network connection. Credentials supported are either proximity card or card and keypad, and can be either ISONAS specific or third-party.
- Johnson Controlsis an industry giant, with a multitude of products that suit organizations of any size. Their security systems can include and integrate with video cameras, fire alarms and more, and can be managed remotely via a mobile phone. They also offer a managed solution where they monitor and manage your security. Credentials vary by system, so you have your choice of biometric, key cards, keypads and more.
- Brivo is an SaaS security system that offers mobile and key card/fob credentials. Because it is a web-based service, the information is stored indefinitely and can be accessed from any device with an internet connection. There is relatively minimal hardware, and their API can be integrated with video cameras for real-time video. They also partner with several other vendors for integration with other camera systems, biometrics and intercoms.
- HID Global supports a lot of “big” operators, including government entities. With multi-factor authentication and a wide array of cutting-edge card and ID products, HID is a big player in the access control arena. They have both traditional access control systems with door controllers, or IP solutions and mobile.
There are many more companies out there and several online reviews to help you get started on the path of picking the right one for your organization.
Keeping it secure
Good security starts with good physical access control. Knowing who is in your building and that they have the correct authorization to be where they are is vital to keeping your people and your property safe. An access control system is a tool that makes the process significantly easier and more streamlined than the days of having to issue physical keys.
Credentials can be vetted and multiple layers of security put into place using one system — and generally one easy to use interface. Your organization can rest easier with the right access control system keeping an eye on the doors of your organization.