Business & Marketing
Embracing and leading change in the access control infrastructure
By John Fenske
The security landscape continues to bring change on many levels. While organizations often prefer to avoid or delay change because of concerns about budget or productivity and workflow disruptions, it can and should be interpreted as an opportunity for proactive improvement.
By John Fenske
Properly managed, change in the access control infrastructure can preempt problems arising from the dangerous combination of technology obsolescence and escalating security threats, which can quickly cripple an organization’s ability to protect its people, facilities and data assets.
There are many compelling reasons for change. These include improving inadequate card security, and enhancing value and convenience with a platform that supports multiple applications on a single smart card or, in the future, mobile phone. Simultaneously, organizations must cope with IT infrastructure changes that increasingly impact the physical access control infrastructure.
A positive, proactive approach to these and other changes requires an access control platform that can meet today’s requirements while making it easier to adopt future capabilities. And while migration requires investment, there is a return on that budget commitment. The ROI may be tangible, such as through improved insurance premiums due to better risk management. Or it could be intangible, such as the cost savings associated with not having a disaster that impacts the organization’s workforce or customers with long-term implications.
Organizations should presume and prepare for ongoing change, to ensure they can preserve earlier infrastructure investments as they move to new technologies and capabilities. Legacy security solutions can’t deliver this future, because they often use proprietary, static technology that makes them easy targets for attack, and precludes their evolution beyond current abilities and security levels. Instead, organizations need dynamic solutions that are adaptable to their changing needs and industry best practices including:
– Interoperability and Leveraging Standards: Organizations such as the Security Industry Association (SIA), The Smart Card Alliance, Physical Security Interoperability Alliance (PSIA) and Open Network Video Interface Forum (ONVIF) are addressing the challenge of ensuring that access control components and the “connections” between them continue to function and deliver the intended functionality. A prime example is the SIA’s Open Supervised Device Protocol (OSDP) and companion Secure Channel Protocol (SCP) for reader communications. These protocols replace legacy, unsecured Wiegand technology to provide bidirectional, multi-dropped communication over an RS485 link, extending security from card reader to access controller while enabling users to re-configure, poll and query readers from a central system, which reduces costs and improves reader servicing.
– Adaptability: The latest high-frequency contactless smart card solutions exist within a larger identity ecosystem that is significantly more dynamic than legacy systems such as proximity card technologies. These earlier technologies are static, which makes them easy targets for attack. They also quickly become anchored to obsolete software, devices, protocols and products, dragging down the access control infrastructure in terms of its ability to facilitate change.
– Simplicity: Today’s open and adaptable access control platforms provide a single, media-independent and mobile-ready solution for all applications and environments. The latest solutions also minimize migration disruption through the use of multi-technology smart cards and readers. Another important advance is multi-technology encoders that make it easier for organizations to migrate from current technologies to the security, adaptability and portability of new high-frequency contactless smart card platforms.
There is significant value in looking at change as a leadership opportunity rather than an interruption, distraction or something initiated in response to an adverse event. With the right approach, organizations can meet today’s needs, and easily and inexpensively expand and upgrade their systems to adopt new technologies when they are needed.
John Fenske is Vice President of Product Marketing, Identity and Access Management for HID Global.