@import url(‘https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,opsz,wght@0,6..12,400;0,6..12,500;0,6..12,600;0,6..12,700;1,6..12,400;1,6..12,500;1,6..12,600;1,6..12,700&family=Nunito:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap’);
@import url(‘https://fonts.googleapis.com/css2?family=Architects+Daughter&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap’);
h3 {
font-weight: bold;
font-size: 18px;
color: #348089;
}
figure {
padding: 4px;
margin: auto;
}
figcaption {
background-color: #f8f8f8;
color: #404144;
font-family: ‘Nunito Sans’, Arial, sans-serif;
font-size: 16px;
padding: 2px;
text-align: center;
}
.highlight {
padding: 3%;
border-top: 8px solid #207BBC;
border-bottom: 3px solid #207BBC;
width: 100%;
font-family: ‘Nunito Sans’,Arial,sans-serif;
font-size: 16px;
background-color: #EAF1F7;
}
.pqFull {
display: block;
border-width: 2px 0;
border-style: solid;
border-color: #404144;
padding: 1.5em 0 0.5em;
margin: 1.5em 0;
position: relative;
font-family: ‘Architects Daughter’, Arial, sans-serif;
font-size: 21px;
text-align: center;
color:#0067A6;
}
.pqFull:before {
content: ‘201C’;
position: absolute;
top: 0em;
left: 50%;
transform: translate(-50%, -50%);
background: #fff;
width: 3rem;
height: 2rem;
font: 6em/1.08em sans-serif;
color: #666;
text-align: center;
}
.pqFull:after {
content: “2013 2003” attr(cite);
display: block;
text-align: center;
font-size: 18px;
color: #404144;
}
As cloud-based access solutions continue to grow in popularity, experts say they aren’t exactly replacing physical key cards so much as they are offering an alternative — or flexibility — to the end user. They’re also enabling security dealers and integrators to meet the needs of multi-site users as well as the needs of users in specific verticals that may have increased regulatory considerations. Like any part of the security whole, cloud-based access presents its own challenges.
Staying informed on the benefits, the challenges and the technological advancements in the cloud-based access space is paramount. “As cloud-based access control continues to grow, the question is how fast do the various vertical markets transition,” says Alex Kazerani, senior vice president, cloud video security & access control, Motorola Solutions, Chicago. “We encourage integrators to be ahead of this trend and become the cloud physical security experts for their customers.”
As cloud-based access control continues to grow, the question is how fast do the various vertical markets transition.
Ahead, subject matter experts share their guidelines for mitigating risk as a provider in the access market.
Flexibility & Usability
One size does not fit all. When trying to accommodate the needs of users in the access control space, that saying is certainly true. There are many considerations that could determine why a user would opt for purely on-prem or completely cloud-based access. But there is a significant bell curve of users whose needs can be met by a hybrid mixture of cloud and on-premise — and many cloud-based solutions offer the flexibility to do this.
“We see that most companies will use both physical and mobile credentials as well,” says Marie-Jeanne Sauvé, manager, product & industry marketing, Genetec, Montreal. “We’re not seeing mobile credentials replacing the physical security cards, but instead they are giving options to users and making sure that they can find what’s best for them. Some companies will go full mobile credentials, some will stay all physical, and some will use a hybrid model.”
Users can scale up or scale down their reliance on either side of the aisle — on-prem or cloud-based — depending on how the technology is meeting their needs. “Some users start on-prem and then they want to move to the cloud — our architecture can do that really easily,” Sauvé says. “We can grow with them and their business as we go. So cloud and on-prem offer the same level of flexibility on their side.
In terms of hardware, Genetec has an open architecture for all our systems. So we do offer different vendor support for credentials to cameras to controllers. Our users can really choose what makes sense to them in terms of hardware. We really don’t want to lock them in any scenarios and so they can choose what they want to deploy. I think users really want to have that flexibility of hardware.”
When you move into cloud technologies, you’re taking that burden off of the organization. And that, I think, is one of the major reasons why we’re seeing cloud adoption, is that high availability, the redundancy, the guaranteed uptime, the patching of cybersecurity threats.
Additionally, the cloud enables manufacturers, software providers and even tech giants to work in tandem to deliver convenient access solutions to users. “When you bring in —for example — Google wallets, Android wallets or Apple wallets, you now have multiple parties that are kind of playing in that space,” says Kris Houle, product manager SaaS, Genetec. “Meaning, you’ve got — for example — HID, and then you’ve got Apple who are two different credential providers that have to work together along with a manufacturer like us. The cloud aspect of it is also a technological enabler that connects these multiple types of producers or vendors or OEMs to be able to deliver something that’s easy to use for an end user.”
AI & Analytics
The long and the short of it is AI is improving efficiency in access control too. “Cloud-based access solutions deliver several key capabilities in these areas,” says Brandon Arcement, chief commercial officer, SwiftConnect, Stamford, Conn. “First, they deliver real-time monitoring through AI-driven alerts that detect unauthorized access methods, and by continuous tracking of access logs and usage trends. Second, they automate reporting and compliance through a combination of custom reports for audits, compliance and security reviews, and by integrating with SIEM systems for enhanced visibility. Lastly, they support incident response by instantly revoking credentials if a device is lost or stolen, and by ensuring that access controls can be geo-fenced and time-restricted.”
Kazerani adds, “Cloud-based access control solutions offer real-time monitoring and data analysis to operators to help them make important decisions and enhance situational awareness. For example, instead of a log line saying that someone entered the lobby door at 7p.m. using mobile credentials, there is video footage of that event showing who entered and what the person was carrying. Given the cloud footprint, the system can connect to identity providers and disable a terminated employee in real-time. Cloud-based access control systems can provide the status of all doors and see who is entering which area in real time.
“Reporting and analytics are reshaping security and efficiency for access control,” Kazerani continues. “ Instead of scrolling through an endless list of users, AI can be used to quickly connect management or security personnel to a user just by saying their name. In terms of improving efficiency, real-time occupancy data can help improve the utilization of the workspace by determining which spaces may be most commonly used or underused. Also, the trend of returning to office further reinforces the need to know who is at your facility at any given time.”
Best Practices
Cloud-based Access control presents concerns around privacy, cybersecurity and even general security, but there are also a number of actions that can be taken by the dealer and integrator to mitigate these risks. A growing trend in the access control space is the “zero trust” environment. Put simply, “never trust, always verify.” It involves two or even three levels of verification for users to gain access. And some providers are enabling that functionality.
“For example, administrators can enable biometric authentication on a user’s phone,” Kazerani says. “Additionally, employers can require a third method of authentication, which could be a pin code, or any combination of badge, mobile, pin, license plate, etc. When using these in combination, one can help increase the security of their facility and create a zero trust environment.”
Partnering with a manufacturer with a mind towards cybersecurity can do a lot to mitigate cybersecurity concerns. “[With on-prem systems] if you wanted things like high availability or redundancy, there was a lot of cost that gets put onto that customer to maintain that infrastructure, and it required a high level of sophistication,” Houle says. “When you move into cloud technologies, you’re taking that burden off of the organization. And that, I think, is one of the major reasons why we’re seeing cloud adoption, is that high availability, the redundancy, the guaranteed uptime, the patching of cybersecurity threats. This is now a service by organizations who are dedicated to executing those specific types of services.”
Arcement offers the following advice, “Access should be granted only to authenticated users on trusted devices with least privilege permissions to reduce the risk of unauthorized access. Providers should have SOC 2 Type II and ISO 27001 certifications and conduct regular third-party penetration testing to ensure security controls meet the highest standards. Utilize strong encryption protocols and secure API communication to prevent unauthorized data access and tampering. And finally, redundancy and failover mechanisms ensure continuous service availability, preventing downtime in critical environments.”
Keeping pace with the cloud-based access control market is key to the success of the dealer/integrator in the market. As security’s scope expands and integrates with the day-to-day needs of users, more and more opportunities are presented to dealers and integrators. Access control can extend beyond doors, Arcement says. “When evaluating cloud-based access solutions, integrators should consider the entire user journey, beyond just entry points,” he explains. “Cloud-based access should extend to turnstiles, parking, elevators, lockers, and workplace amenities (e.g., smart printers, meeting rooms, desk booking).
“Integrators should ensure the solution aligns with enterprise IT and mobile device management frameworks to facilitate easy adoption and security compliance,” Arcement continues. “The best access solutions offer tap-to-enter functionality using Apple Wallet, Google Wallet, and other NFC-enabled credentials, removing friction for users. This brings unexpected delight without forcing a user to change a behavior and learn something new — it’s a business application with a great consumer experience. Also, choose a platform that supports multiple access technologies and integrates with a range of security and workplace management systems.”
Cloud Enables Compliance
Can cloud solutions be leveraged in certain verticals to meet standards and regulations like HIPAA for healthcare? Kris Houle of Genetec says, “HIPAA as an example is where the patient’s information is managed in particular systems. You have to ensure that there’s an audit trail. We don’t ever touch patient information so we technically don’t comply with HIPAA. Now, that being said… our system does help organizations who manage patient information ensure that they are meeting all of the requirements to comply with HIPAA.”
Houle continues, “In a hospital, we’ll have a room with certain servers or paper files. Our cloud-based access control system can monitor who has access to that particular room. It will provide the audit trails of every single access to that door. You will have the remote management capabilities where you can get alerted or prevent authorized entrance. If there is an incident at that level, you will get that notification. I can put into place a mandatory audit review of every single individual that would have access there and make changes to that list at certain intervals that would comply with the organization. These are the types of things a system could put into place to help an organization manage their compliance for a regulation like HIPAA.”
Offering another compliance example, Houle says, “North American Electric Reliability Corporation (NERC) is an electrical grade one where even though you might be in the middle of nowhere, you still have to prove who had access and at what time and how they got in and out. We have a specific solution that even though you are offline, we’re able to have that audit record forensically if you need to prove who had access there.”
https://www.sdmmag.com/articles/104276-future-flexibility-of-cloud-access