To Up­grade or Not, That is the Ques­tion?

Change is good good, es­pe­cially in ever chang­ing e-threat en­vi­ron­ment, but why should peo­ple adopt the habit of up­grad­ing? Here are few rea­sons that you should know

PCQuest - - CONTENTS -

When is it ever a good time to up­grade your ac­cess con­trol so­lu­tion? Many or­gan­i­sa­tions fol­low the pol­icy of ‘if it isn’t bro­ken, don’t fix it’ but this can be a risky sit­u­a­tion in a world where tech­nol­ogy and threats are chang­ing so rapidly. The use of older, le­gacy ac­cess con­trol sys­tems ex­poses an or­gan­i­sa­tion, a build­ing, a server room, a com­puter to the pos­si­bil­ity of unau­tho­rised ac­cess and the con­se­quences of this. But why should users up­grade?

Data Pri­vacy

One of the big­gest driv­ers for up­dat­ing le­gacy ac­cess con­trol sys­tems is the need for en­hanced lev­els of data pri­vacy. This could come about through the on-board­ing of a client that re­quires high lev­els of se­cu­rity, new leg­is­la­tion be­ing brought in for spe­cific in­dus­tries, or even new build­ing ten­ants. The driver re­mains the same: data or the build­ing it­self is in some way ex­posed to or at risk and needs added pro­tec­tion. Yes­ter­day’s tech­nol­ogy is no longer suf­fi­cient for to­day’s ac­cess con­trol and iden­tity man­age­ment chal­lenges. In The Ac­cess Con­trol Re­port 2016: Le­gacy In­fra­struc­ture and Mo­ti­va­tions for Up­grad­ing, 44% of re­spon­dents stated they were plan­ning on up­grad­ing their ac­cess con­trol so­lu­tion. This is a strong in­di­ca­tor that end-users are ac­knowl­edg­ing that the risk to or­gan­i­sa­tions is evolv­ing, and the need to pro­tect their phys­i­cal as­sets and con­se­quently data as­sets is im­por­tant. It would take a se­cu­rity breach that ex­posed a flaw in the cur­rent sys­tem for 92% of re­spon­dents to con­sider chang­ing their cur­rent ac­cess con­trol sys­tem, but not be­fore­hand.

On any site at any one time, in ad­di­tion to reg­u­lar em­ploy­ees, there are also in­di­vid­u­als and groups that have ac­cess to var­i­ous parts of a site for short pe­ri­ods of time. Th­ese could be visi­tors, main­te­nance teams or con­trac­tors. In the re­port, 75% of re­spon­dents have third-party mem­bers on site on a reg­u­lar ba­sis. In­te­grated vis­i­tor man­age­ment so­lu­tions in mod­ern ac­cess con­trol sys­tems sig­nif­i­cantly im­prove the dis­tri­bu­tion and use of tem­po­rary cre­den­tials but also safe­guard var­i­ous parts of the site to un­war­ranted ac­cess. Ac­cess con­trol so­lu­tions, such as mo­bile ac­cess, make it eas­ier for fa­cil­i­ties and se­cu­ri­ties man­agers to track who is ac­cess­ing what parts of the site to en­sure no­body is in an area they shouldn’t be.

User Con­ve­nience

The con­tin­ual de­vel­op­ment in con­sumer tech­nol­ogy has spilled over into the busi­ness world with de­vices now be­ing used for work and in our per­sonal lives. Bring Your Own De­vice, mo­biles and wear­ables are all com­mon fea­tures of to­day’s of­fice en­vi­ron­ment. Or­gan­i­sa­tions can utilise this grow­ing level of se­cure tech­nolo­gies that em­ploy­ees are car­ry­ing around with them on a daily ba­sis. In­stead of hav­ing sev­eral key cards or fobs that have a high chance of be­ing left be­hind, users can now utilise, smart­phones or smart de­vices, their clos­est pieces of tech­nol­ogy for se­cure ac­cess con­trol as well. Mo­bile ac­cess con­trol is

in­creas­ingly com­ing into the mar­ket and the ben­e­fits this brings are nu­mer­ous.

Un­der­stand­ing the re­quire­ments from build­ing oc­cu­pants is an im­por­tant step be­fore un­der­tak­ing an ac­cess con­trol up­date. The re­port noted that 48% of re­spon­dents would like an easy-to-use ac­cess con­trol sys­tem, with 32% re­quest­ing mul­ti­ple lev­els of ac­cess de­pend­ing on author­ity re­quired. This added se­cu­rity el­e­ment is clearly an im­por­tant func­tion, and one that can be eas­ily des­ig­nated with more mod­ern tech­nolo­gies. Hav­ing mo­bile cre­den­tials that al­lows for mul­ti­ple ac­cess lev­els, for in­stance, saves the users from hav­ing mul­ti­ple ac­cess con­trol de­vices that could lead to con­fu­sion or pos­si­bly mis­place­ment. The sur­vey also noted that 29% of re­spon­dents would like fu­ture-proof tech­nol­ogy. This can eas­ily be pro­vided through mo­bile ac­cess so­lu­tions which grant users mod­ern tech­niques for ac­cess con­trol, but also a sin­gle cre­den­tial for mul­ti­ple ac­cess de­vices. Util­is­ing smart­phones are a very straight­for­ward so­lu­tion that solves three of the top con­cerns of em­ploy­ees look­ing for up­dated ac­cess con­trol.

One of the largest stum­bling blocks to up­dat­ing an en­ter­prise’s ac­cess con­trol sys­tem is the per­ceived dis­rup­tion that the up­grade will cause. 69% of re­spon­dents in the re­port be­lieve that up­grad­ing to a new ac­cess con­trol sys­tem would be dis­rup­tive to their daily busi­ness, while 55% cite cost as the big­gest mis­giv­ing about up­grad­ing. De­spite the per­ceived dis­rup­tion, many sites can be retro­fit­ted us­ing ex­ist­ing ac­cess con­trol hard­ware be­hind the scenes, with min­i­mal re­place­ments needed to up­grade tech­nolo­gies. Not hav­ing to start from scratch also helps to sig­nif­i­cantly lower the costs, mak­ing it a more cost ef­fi­cient ven­ture with min­i­mal dis­rup­tion.

Flex­i­bil­ity

A new ac­cess con­trol so­lu­tion must be flex­i­ble so users don’t just see it as an ‘ex­pen­sive way of open­ing doors’. Open Su­per­vised De­vice Pro­to­col (0SDP) for se­cure com­mu­ni­ca­tion be­tween field de­vices in a phys­i­cal ac­cess con­trol sys­tem has gained in­creased im­por­tance al­low­ing for stan­dard­iza­tion, more flex­i­bil­ity and free­dom of choice for se­cu­rity man­agers.

Flex­i­bil­ity also sup­ports mul­ti­ple ap­pli­ca­tions for man­ag­ing not only phys­i­cal ac­cess but also log­i­cal ac­cess ap­pli­ca­tions, like com­put­ers and soft­ware lo­gins. Ad­di­tional ac­cess con­trol sys­tems, such as se­cure print man­age­ment, re­quire an as­so­ci­ated card is­sued to users. This rep­re­sents a prime op­por­tu­nity for or­gan­i­sa­tions to con­sol­i­date to a sin­gle ac­cess con­trol de­vice, such as a con­tact­less wear­able or

“Le­gacy In­fra­struc­ture and Mo­ti­va­tions for Up­grad­ing, 44% of re­spon­dents stated they were plan­ning on up­grad­ing their ac­cess con­trol so­lu­tion. This is a strong in­di­ca­tor that end-users are ac­knowl­edg­ing that the risk to or­gan­i­sa­tions is evolv­ing.”

smart­phone that com­bines ac­cess con­trol with other func­tions.

By ex­ploit­ing mod­ern tech­nol­ogy, such as mo­bile de­vices and wear­ables, users are af­forded the op­por­tu­nity to sim­plify their ac­cess con­trol de­vices: one de­vice, with one cre­den­tial pro­vid­ing ac­cess to mul­ti­ple ar­eas and re­quire­ments. It was found that nearly a quar­ter of re­spon­dents wanted to man­age mul­ti­ple cre­den­tials across a sin­gle de­vice. With mo­bile ac­cess so­lu­tions, mul­ti­ple cre­den­tials are rolled into one and stored on one de­vice. The fa­cil­i­ties or se­cu­rity man­ager is ca­pa­ble of con­trol­ling ac­cess and dis­tribut­ing cre­den­tials to those with the right se­cu­rity clear­ance. Tech­nol­ogy such as the lat­est high fre­quency ac­cess con­trol sys­tems en­sure se­cu­rity is in­de­pen­dent of hard­ware and me­dia. This makes it eas­ier for or­gan­i­sa­tion to sup­port func­tion­al­ity and higher lev­els of data pri­vacy.

Although, there are clearly sev­eral bar­ri­ers to the adop­tion of more so­phis­ti­cated ac­cess con­trol sys­tems, or­gan­i­sa­tions are plac­ing in­creas­ing im­por­tance to safe­guard their phys­i­cal as­sets as it sup­ports in pro­vid­ing pro­tec­tion to their IT in­fra­struc­ture as well. This is mainly due to the be­lief that cur­rent sys­tems in place are ad­e­quate enough un­til they are proven to have failed and the fact that a re­place­ment sys­tem is per­ceived to be an un­nec­es­sary ex­pense. De­spite the tech­no­log­i­cal ad­vance­ments, users are still con­tent with cards and fobs, re­gard­less of the lack of so­phis­ti­cated se­cu­rity and en­cryp­tion con­tained in th­ese when com­pared with mo­bile ac­cess con­trol so­lu­tions. The change to a more so­phis­ti­cated sys­tem is likely to come from em­ploy­ees them­selves, rather than de­ci­sion mak­ers. Ex­ist­ing ac­cess con­trol so­lu­tions are also easy to up­grade which pro­vide min­i­mal dis­rup­tion and cost-ef­fi­cient site retrofits. Fa­cil­i­ties and se­cu­rity man­agers need to ques­tion whether it is more ex­pen­sive to re­place an out­dated sys­tem, or re­cover from a site or data breach.

– Vish­wanath Kulka­rni - Di­rec­tor of Sales, Phys­i­cal Ac­cess Con­trol - In­dia and SAARC

Vish­wanath Kulka­rni Di­rec­tor of Sales, Phys­i­cal Ac­cess Con­trol - In­dia and SAARC

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.