Access control is defined in the Cambridge Dictionary as
WORKPLACE: ways of controlling who can enter a building or area, usually involving electronic technology:
The buildings are secured with an access control system.
IT: ways of controlling who can see or enter information on a computer system:
We ensure that proper security and access controls are in place to protect your data.
The most obvious example of access control is the humble lock and key. If a door is locked and you have a key, you are authorised to enter. If you don’t then you are not authorised. Although this is an oversimplification, the point remains valid and the analogy works: access control helps keep people in the appropriate places for their roles.
So what happens in high traffic areas? Let’s consider Heathrow Airport. 206,800 people are estimated to pass through there every single day, which calls for intensive security measures. If we return to our lock and key analogy, how can you make sure that everyone can get where they need to go, whilst making sure that only the authorised people have keys to the locks in certain areas?
An access control system is an effective way of securing premises from unwanted guests and providing protection for you, staff, visitors, infrastructure and more. By having control of who is onsite, offsite and everywhere in between you have the reassurance of knowing what is happening on your site at any given time.
Every company’s security needs are different, so choosing a system that is right for you will depend on the size of your business and the number of people that will need access. For high traffic areas such as concert halls, train stations, hospitals etc, this is even more important as there is a regular flow of visitors. Listed below are some of the advantages an access control system has to offer according to the National Security Inspectorate:
- You can control who is entering your premises; where and when
- You can better protect employees, visitors, property and sensitive information
- You can secure certain sections of a building
- You’re able to reduce timesheet procedures
- You can integrate access control with HR systems for ease of monitoring and data management
- You can integrate access control with other security systems for centralised management of the site
- You’re more likely to meet the requirements of the Disability Discrimination Act
- You can control access to a wide variety of other facilities or equipment, such as vending machines or PCs, using smartcard technology.
As you can see, access control is not a single discipline but rather a mixture of disciplines leading towards a goal. CCTV, Surveillance, Computer Systems, Physical Manned Guarding, Mechanical Turnstiles, IoT enabled devices, logins, passwords and smart locks can all contribute to access control.
This is nothing new; access control has become a staple of perimeter and physical security. In fact, the recent escalation in terrorist attacks and threats has seen a steady increase in access control implementation. The global access control market is growing at an annual rate of 7.49%, according to a new report published by reportsnreports.com. In 2015, the global market was valued at $5.92bn and is projected to grow to $9.8bn by 2022 (source: IFSEC).
However, investing in access control is often seen as an excess rather than a necessity. When people and businesses think of access control they don’t think of a smoothly integrated system that can not only keep people safe but can also integrate into HR software to track hours and days logged or when the next Health and Safety review is due. They don’t think of an integrated system that can work with security cameras, security lighting and live video analytics to provide a complimentary system assuring safety at every turn. People often see it as unnecessary and overly priced ergo a waste of money. Not only this but people often think of access control as chunky mechanical locks and barbed wire fencing, quickly souring an image of an area with ease of access and flow into that of a high-security prison system. In truth, access control is evolving and has taken on board not only a wealth of technological advancements but also that of integrated systems that can provide a better benefit to businesses than ever before.
If you don’t think that you and your business are not a target it’s worth noting that, if you’re host to a large number of people, then you’re more likely to be a target. After the numerous terror attacks and other incidents we have witnessed in the past, we can see crowded areas such as concert halls, marketplaces, shopping centres and more are common targets. In terms of actual buildings attackers often try to get in through either force or through subterfuge(often playing someone else or innocent until the attack).They’re filled with innocent people and are the perfect place to inflict the maximum amount of injury and loss of life.
These places could be permanently busy, like train and bus stations, sports stadiums, shopping centres, high streets, visitor attractions, cinemas, theatres and commercial centres. Even places that will have occasional but substantial footfall are not exempt these include festivals, protests, outdoor worship, road races and parades, are also prime targets and therefore require heightened and stringent security measures such as access control.
The key to understanding access control security is to break it down. There are three core elements to access control. Although this example from TechRepublic deals specifically with IT security, the same concepts apply to other forms of access control.
Identification: For access control to be effective, it must provide some way to identify an individual. The weakest identification capabilities will simply identify someone as part of a vague, poorly defined group of users who should have access to the system. Your username, a PGP e-mail signature, or even the key to the server closet provides some form of identification.
Authentication: Identification requires authentication. This is the process of ensuring that the identity in use is authentic — that it's being used by the right person. In its most common form in IT security, authentication involves validating a password linked to a username. Other forms of authentication also exist, such as fingerprints, smart cards, and encryption keys.
Authorization: The set of actions allowed to a particular identity makes up the meat of authorization. On a computer, authorization typically takes the form of read, write, and execution permissions tied to a username.
An integrated approach to access control, utilising the latest in video analysis and technology will undoubtedly make these areas safer. Yes, there are associated dangers with all in one approach to access control, in particular, hacking into these systems through distributed denial-of-service (DDoS) attacks. These can render an entire system blind very quickly and can cause numerous issues including serious and life-threatening ones. However, integrating this with mechanical options such as locks, turnstiles, manned guarding, and more can all have a positive benefit to the safety and security of these infrastructures.