An article caught my attention the other day: it was a news article about a hotel in Austria that had its access control system hacked and ransomware put in their system. This ransomware is a type of ‘hacking blackmail’, that resulted in the locking out of guests from their rooms, until the hackers received their €1500 (£1300). Since payment, the hotel has regained control of their systems and guests have resumed their normal business. Nonetheless, in there lies the rub. Access control, in all its forms, needs security.
What is Access Control?
Access control is a term that is often thrown about recklessly, but its definition is quite specific; access control (AC) is the selective restriction of access to a place or other resource. The most common form of AC is a lock on a door. This provides AC because it will deny access to those unauthorised persons, for example those not allowed a key. Although simplistic, this exemplifies our definition. For, access control will always encompass the issue of authorised personnel. It forms the purpose and reasoning behind the industry and as a result will remain a staple for all business security concerns.
The physical side of access control is often what people first see and come to expect, especially in businesses. There are barriers, fences, guards/check-in desks, turnstiles, etc. All of these products serve a specific purpose; to help keep a building secure and safe. Thanks to technological advancements, more advanced forms of access control are constantly evolving. You cannot but help to have noticed that in recent years there has been an increase in the use of NFC cards in our lives. This technology has been around in access control for several years now, with the technology becoming more secure and banks using it in our debit and credit cards for contactless payments. There is an increasing trend that is improving the smart card technology and that is the use of BLE (Bluetooth Low Energy) technology in smart phones. Our iPhones or Androids can be used to unlock doors, access computer terminals, check in and out of a building and much more. This shift in access control goes hand in hand with the emergent and rapidly expanding use of the cloud and cloud-based devices that use the Internet of Things (IoT).
There is also a recent trend of wireless locks. Wireless locks describes a locking unit that can be accessed and operated from a central hub, which not only can monitor, but can also permit/deny access to certain areas as needed. This type of system also removes the need for wires, rendering each lock unit easier and cheaper to install. The following extract from Security News Desk highlights the major benefits of wireless access control, including its cost efficiency.
These locks can be installed quickly, without changing door hardware. If you search YouTube for “Time challenge Aperio cylinder” you can watch a technician complete an installation, from start to finish, in under 2 minutes. No wiring and no cabling means there’s no electrician required, and so no need to pay decorators to tidy up afterwards. Maintenance simply involves changing a standard lithium-ion battery once every 2 years. That’s it.
Wireless locks are cheaper to run, too. Unlike wired locks, Aperio wireless locks only “wake up” when prompted by a credential. They are not connected to the mains, and use no power when inactive. One wireless electronic lock uses approximately 0.001 kWh of energy per year. A standard wired lock and reader uses 55.2 kWh.
And because any lost credential can simply have its access rights revoked, there’s no longer any need for the expensive, time-consuming process of changing the locks when someone loses a physical key. Audit trails can be generated at the touch of a button, another saving on the substantial cost — in both staff time and money — of administering a mechanical master-key system.
In this ever advancing modern world, the access control market has gone cyber. With so many varying systems and a whole smorgasbord of IOT devices that are available, access control is advancing at a rapid pace. However, this huge amount of variety has resulted in a big shift towards multi-channel integration of systems and devices. Systems akin to Onsite Management Systems will integrate with HR systems so that accurate clock in and out times can be made for staff. There can also be automatic denial of access outside of work hours, so that only security/authorised staff can enter or leave. This kind of integration is just one of near infinite possibilities that can benefit a business. The aforementioned example of the hotel certainly highlights the possible detrimental effects of integrated access control, but equally, it emphasises the need for robust cyber security and cyber access control to ensure safety and peace of mind.
Access control plays a vital and important part of security measures; there needs to be a balance between making everything as accessible as possible to the right people, without making your place of work look like a fortress. There is a definite need for access control to keep progressing, particularly with the increased use of technology in the work place and the potential dangers that this brings.
Many are concerned about the safety of the Internet of Things, most specifically with regards to the security of their homes and businesses. Stories and news articles of hacks seem to occur all too regularly. However, adding security measures (like those in our article) will help combat these threats and encourage the whole security industry to move forward.