COVID-19 has profoundly altered the way we work and, as a result, the way building owners and employers operate office buildings and other workplaces. As they’ve quickly adapted, they’ve embraced three new trends in access control and visitor management: digitizing these systems and moving them to the cloud; streamlining them to be more frictionless; and consolidating all access control under a new paradigm—identity management.
It’s worth noting, however, that innovations are being added to every layer of access control: the edge (access and biometric readers); the control (master platform and communication); and situational awareness (security operator stations). Now that most elements have shifted to wireless technology, legacy access control readers that use plastic access cards are being replaced by smart readers that offer mobile credentials recognition. While replacing a full access control system can be expensive, a software upgrade can enable the system to use mobile features without replacing existing hardware.
The race to the cloud
The pandemic has accelerated the move to the cloud in just about every industry, partly to accommodate workers who have suddenly shifted to 100% work-from-home status or hybrid schedules. Beyond that, building owners and facility managers are simply finding it more efficient to manage access control remotely via a cloud-based platform because it offers them a seamless and holistic view of their entire enterprise at a given moment from anywhere.
The cloud not only makes it possible to fully digitize and remotely manage access control but also enables a new level of analytics and reporting. For example, facility managers can see at a glance how many employees currently occupy a building or how many visitors are expected on a given day. This helps them streamline operations and also provides owners and employers with insights to make better-informed, real-time decisions about security, occupant well-being, and space utilization.
While most of us visit the cloud daily on our smartphones, apps, and databases, the security industry has been slower to jump onboard, viewing it as a potentially risky, off-premises domain. This concern has rubbed off to some degree on building owners and company leaders, so providers and integrators have redoubled their efforts to demonstrate that cloud-enabled access control is both secure and cost-effective—as well as smarter and more powerful. For example, it allows remote software updates, making it easier to upgrade to a higher-functioning system.
Access experience goes frictionless… but in a ‘zero trust’ environment
The pandemic also jump-started a shift to a more frictionless and touchless access experience that is intended to help protect occupant health as well as workplace security. Visitor management in particular had been a cumbersome manual process for decades, with security personnel maintaining an entry log in which visitors would fill out a paper form to receive an access card. While a tedious process overall, it also posed a security risk whenever a visitor forgot to return a card.
Recent technologies have streamlined the process for both security staff and end-users. When entering a facility, visitors these days often know in advance which floor they’re headed to because they’ve filled out a digital form that has granted access to that part of the building for a specified amount of time. When they enter the building, they simply check in at a kiosk rather than meet with security. Their phone, ID, or sometimes just their physical self serves as proof of identity.
New technologies have not only expedited access control but made it more secure by enabling a “zero trust” environment. This means that each person and/or their device—usually a smartphone—must prove their identity and access rights individually, rather than simply being granted access to a network. Multi-factor authentication is becoming the new normal in zero trust systems, often integrating tools such as facial and/or other biometric recognition.
Access control reinvented: identity management
Forward-thinking companies are venturing out beyond traditional access control and visitor management toward a new paradigm: identity management. They’re now looking for solutions that let them manage three types of “human” resources—employees, vendors, and visitors—that enter and exit buildings every day and require different levels of access. Security teams want this information at their fingertips—which a cloud-enabled platform can provide—so they can recognize and respond to potential intrusions more quickly.
At the height of the pandemic, in mid-2021, many companies removed contractors from payrolls to reduce costs, but those contractors often had access cards that would still let them into the building. With an integrated identity management system, an HR officer or other staff member can trigger a workflow indicating that a person no longer works for the company, which flows down to all physical security systems in the facility. If that person attempts to gain entry, it alerts the security team or simply blocks access. This is critical, because studies have shown that most security breaches are perpetrated by insiders—people who’ve had a prior association with the organization.
Toward fully integrated, cloud-based security
Many large enterprises and critical infrastructure facilities—government agencies, data centers, and hospitals—are integrating their video surveillance, intrusion detection, and access control systems to create layered protection for their staff and property. Providers have responded with a new generation of platforms that provide this level of integration using cloud computing power. As such, building owners are embracing the “secure by design” architecture of these platforms and the numerous benefits of a cloud solution as the future of access control and visitor management in a post-pandemic world.
Sheeladitya Karmakar is the Global Offering Leader of Enterprise Security at Honeywell Building Technologies.