The world of access control has fundamentally changed. The system that used to just open doors now improves information security, increases productivity, more effectively manages scarce resources, enhances guest experiences and produces revenue for the end user where previously there were only costs.
Today, because much of the information that companies work with is electronic, securing both physical and logical assets is important. "Protecting both physical property and knowledge-based soft assets is vital to a company's success and continued growth," said Eric Joseph, Manager of Architectural, Engineering and Consultant Support Services at Lenel Systems International ( a UTC Fire & Security company).
Controlling access to IT applications has traditionally relied solely upon user names and passwords. "However with the increasing proliferation of IT applications in the workplace, many employees now have to remember as many as a dozen sets of user names and passwords, which are inconvenient and cumbersome to use," said Tim Phipps, EMEA Director of Identity and Access Management for HID Global. "People frequently forget their logon credentials causing them to be locked out of their accounts and prevented from doing their work. Even worse, some frustrated employees may decide to write their passwords down, which increases the chances that their passwords will be stolen or misused."
This is why convergence applications that use smart cards for physical and logical access control, such as single sign-on, are being widely adopted by many major access control manufacturers. "Smart cards used in conjunction with passwords provide for an additional layer of security," said Joseph. "Now that you are utilizing a more secure authentication process, you can confidently utilize single sign-on." Single sign-on is a business efficiency tool that enables a user to authenticate only once. The user can then gain access to different network applications, databases and platforms. This includes customized Windows and Web applications, as well as host-based or terminal applications. "Sometimes people do not log off their computers when stepping away from their workstations," said Joseph. "If one is required to use a smart card to log onto the computer, and is logged off as soon as the smart card is removed from the workstation, the possibility of an unsecured workstation is greatly reduced if not fully eliminated. Also, by integrating physical and logical security, when a cardholder leaves the building, his or her account can be disabled, restricting further access while the person is off-site."
Physical & Logical Convergence Applications
To facilitate IT security, a powerful contact chip capable of providing Public Key Infrastructure (PKI) cryptography is embedded into the smart card. According to Phipps, PKI is an industry standard method for exchanging information and communicating securely on IT systems. It relies on the use of public and private key pairs stored in digital certificates that are uniquely assigned to individual users to provide secure communication and access.
"By using the PKI support it is possible to encrypt documents and digitally sign messages, such as e-mail, so that the sender and recipient can be confident that the communication has not been corrupted, read or changed in anyway," explained Phipps.
Microsoft applications such as Word, Excel, Powerpoint and Exchange routinely support smart cards. "You can also use the smart card to protect access to confidential documents in Word such as legal agreements or purchase orders, or you might want to use it to control changes to financial or customer data in Excel documents."
Other applications include protecting access to VPNs (Virtual Private Networks), Thin Clients and Pre-Boot Authentication solutions.
"Because your credentials are stored on the smart card, they are portable and you can carry them with you wherever you go. This means that it is possible to authenticate yourself and gain appropriate access to an organization's buildings and IT applications even if you have to work at different sites, are traveling, or are simply working from home," added Phipps.
A business management application of an integrated access control system takes all information gained from the access system and utilizes business rules from other systems. Through software integration, business management systems such as time and attendance and enterprise resource planning (ERP) can share information. "That same information gathered by a security management system has value to other areas of a business. Integrating a business system with a security management system can maximize the value of both systems to the customer," said Joseph. "For example, events passed from the security management system to the business system can instantly provide information about new hires and terminated employees, and can be used by the payroll system to calculate compensation."
One example is business management software that deals with regulations such as Sarbanes-Oxley. "Sarbanes-Oxley's segregation of duties means that responsibility for handling customer orders has to be done by a variety of people to ensure integrity of the process and information. Often, those people actually work in different physical areas of the business, which means that, to a degree, access outside the process can be regulated," said Joseph. Integration of physical access control and business management software helps organizations comply with the rules. Other examples include controlling the number of hours certain workers can remain at potentially hazardous work sites such as coal mines, and restricting access by people who have not had sufficient training. These situations can be managed using integrated access control.
Human resource (HR) management also benefits from integration. Joseph pointed out that all demographic information that HR departments enter for new hires into their databases, such as names and departments, can be automatically transferred into the security management system so there is no need to duplicate data implementation. This greatly reduces the chance of errors and improves overall efficiency.
"Security systems can provide valuable information to the customer. Information about arrival and departure of employees, number of employees in a specific area, and the location of an employee within the facility are all valuable pieces of information that can be easily gleaned from the security management system," added Joseph.
If an employee's title is IT department manager, this information in the HR database is transferred to the access control database so that the employee is granted a specific access level based on the position, such as authorized access to the restricted server room.
Previously, a new hire's name, say Amy Smith, might have been entered into the payroll database as "A Smith." Such discrepancies caused inconvenience and confusion. With an integrated system of physical and logical access, however, users can cross reference different data.
When Amy Smith's employment is terminated and as soon as management removes the data from the HR database, her credentials are also removed from the payroll, and physical and logical access control system, said Sean Leonard, Global Marketing Director for Access Control Solutions at Honeywell.
Another application is attendance control. Prior to the implementation of the integrated system, a Korean police station was keeping records of its officers' daily meeting attendance using handwritten reports — a sometimes inaccurate and tiresome process. "Now, the officers only need to scan their cards at the portable controller before the meeting, and the management software automatically generates a report right after the forum," said a representative from IDTECK.
Other applications are possible. As the 24-hour health club business is booming, gym owners must better manage physical access control and customer databases. "Health club member and billing management software actually drives our access control system," said Jerry Graciano, Manager of Development Partnerships at Brivo, "and data that is entered into billing management needs to be entered only once. After that, data migrates in real time to the access control server."
Gym owners can input membership data along with bank account and credit card information into the billing management system, which transfers this to the physical access control system. If the membership card expires, access to the building is terminated automatically. "Gym owners can focus on other business operations such as equipment and training," said Graciano.
The access solution also enables users to receive email alerts and notifications or cell phone messages and then access the system (billing management and physical access control system) on line as both are web-hosted. "They now have the single point of data entry," pointed out Graciano.
Integrated Applications Save Money
As gas prices have sky rocketed, companies that distribute credits to designated employees must do more than control purchases with honor systems. An access control reader can now be installed on gas pumps to help gas stations monitor use. "The user has to swipe the company gasoline card and key in the mileage," said David Benhammou, President of CDVI.
"The access control reader communicates with gas pumps so that number of liters sold is automatically recorded and sent to the user's company. This will become a major market as energy prices continue to soar," added Benhammou. "Gas stations in Europe are now required by law to install cameras to monitor safety. Those cameras can also be used to record, enabling station staff to check if users are the valid card holder by comparing images against photos stored in the access control database. They can also check license plate information to see if the vehicle is the designated car."
Parking and hospitality are also using such applications to manage room and parking reservations. Parking can be scarce at ski resorts during peak season. Physical access control systems can be integrated with parking management software. "Our XML API technology allows different systems to exchange data in the XML standard so that they ‘understand' one another," said Graciano.
Now, all rental agents use a common interface to assign parking; agents are allocated an inventory of parking spaces and unused spaces are pooled and made available at designated times, said Graciano. Guests receive a parking permit to display on their vehicles. Each permit has a microchip, which can be programmed remotely by the rental management agent. The chip can be programmed to contain a variety of data, including check-in and check-out dates. Parking management software can also be integrated to manage reservations and credentials for common areas such as spas and fitness centers.
In addition to bringing significant revenue to resort owners, integrated access control and parking management systems improve the guest experience. Another integrated access control application, cashless vending, is also enhancing shoppers' experiences.
A representative from VMC House, a cashless payment solution provider, explained that "smart card users can load value onto the card using an electronic money loader. This card can then be used to make purchases at vending machines, staff restaurants or any point-of-sale (PoS) terminal located within the business or on the premises."
"Cashless technology generates several additional benefits such as the reduced costs of cash handling, faster transaction times to dramatically reduce queuing time in the canteen, improved convenience because users no longer have to remember to carry cash to make purchases, and better since coins are no longer needed — something vitally important in, for example, hospital environments."
IDTECK integrated its portable access control controller with a catering software program, together they allow officers scanning their proximity cards before ordering meals at cafeteria. The management software tracks meal costs, automatically calculating the correct amount to deduct from employee salary, saving the hassle of HR personnel counting themselves.
Promising verticals for integrated access control include financial and retail sectors. The biggest security concern for banks is information. The complexity and sensitivity of personal banking information are extremely high; users can access and protect information, for example, with integrated solutions like Novel and Imprivata (ID management software).
"If users don't have access to the door, they don't have access to the information. The possibility of having someone hack into bank information systems using a false VPN is thus minimized," said Vineet Nargolwala, Managing Director of Honeywell Systems Group EMEA.
"Integrated access applications are more often seen in the retail vertical, which benefits most from sharing data," said Leonard. "With access control, video, intrusion and information management, users not only monitor entry and exit of personnel, but also supervise delivery and dropoff of goods, flow of customers, PoS databases and customer information."