Embracing and Leading Change In the Access Control Infrastructure

Organisations often avoid or delay change due to concerns about budget and the impact on productivity and workflow. This can be especially dangerous, however,in the access control infrastructure, where a combination of technology obsolescence and escalating security threats can quickly cripple an organization’s ability to protect its people, facilities and data assets.It is far more effective to be proactive, rather than reactive, about change. This requires building an infrastructure that presumes and prepares for ongoing change to support evolving access control needs, and enables the organisation to preserve investments in its current infrastructure as it moves to new technologies and capabilities.

By: John Fenske, Vice President of Product Marketing Identity and Access Management with HID Global

There are many reasons to embark on this path, including upgrading inadequate security, and enhancing investment value and user convenience with a platform that supports multiple applications on smartcards or, in the future, smartphones.The ability to embrace the positive aspects of change requires an access control platform that can meet today’s requirements with the highest levels of security, convenience and interoperability, while enabling organisations to adopt future capabilities without disrupting the ongoing business operations.

Legacy security solutions can’t deliver this future, because they often use proprietary technology that is static. This makes them easy targets for attack, and precludes their evolution beyond current abilities and security levels. Organisations should pursue solutions that are dynamic and adaptable to the changing needs of their organisation and the best practices in the industry.

Benefits of High-Frequency

Contactless Smart Cards

In contrast with legacy solutions, the latest high-frequency contactless smart card solutions are built for interoperability, as part of a larger identity ecosystem that is significantly more dynamic. These solutions also ensure that security is independent of hardware and media, making it much easier for organisationsto evolve their infrastructure to support tomorrow’s needs. Today’s solutions also enable smart cards to be portable to smartphones so that organisationswill have the option to use smart cards, mobile devices, or both within their PACS.

For instance, HID Global’siCLASS SE platform, powered by Seos, use a new Secure Identity Object (SIO) data model that represents many forms of identity information on any device that has been enabled to work within the secure boundary and central identitymanagement ecosystem of the company’s Trusted Identity Platform (TIP). Any piece of data can be supported, including data for access control, cashless payments, biometrics, PC logon and many other applications. The combination of TIP and SIOs not only improves security, but delivers the flexibility to adapt to future requirements, such as adding new applications to an ID card. Additionally, iCLASSSeos credentials can be carried inside smartphones in a managed access environment, delivering a more hassle-free experience for users, who can carry the credentials for many access control applications on a device they rarely lose or forget.

The latest solutions minimize disruption during migration through the use of multi-technology smart cards and readers that leveragethese extensible and adaptable platforms.Another advance is the availability of encoders that enable organisations to encode and instantly issue cards using a single device. Multi-technology encoders make it easier for organisations to migrate from current technologies to the security, adaptability and portability of new high-frequency contactless smart card platforms.

In the case of HID Global’siCLASS SE platform, an encoder is available that provides an entirely open solution for encoding multiple credential technologies, including both Genuine HID® and third-party credentials, so that users can upgrade their existing card populations for use with iCLASS SE platform readers. For maximum interoperability, the encoder solution supports Seos, iCLASS SE, standard iCLASS®, MIFARE® Classic and MIFARE DESFire® EV1, as well as 125 MHz HID Prox® for encoding Prox credentials, and for migrating from HID Prox® to high frequency technologies. Users can seamlessly and easily migrate from one technology to another by simply extracting access control data from an existing card and writing it to the new credential, without having to manually input data or being encumbered by encoding details. For even higher security, users can “wrap” their access control data within an SIO and then write it back to the same card. Based on open architecture, the encoder enables SIOs to be added to the full range of supported cards, including MIFARE and DESFire credentials.

With this type of forward-looking solution in place, organisations can achieve the highest possible security now, along with the flexibility to adapt to future requirements.

Future-Proofing Secure Issuance

In addition to an organisation’s foundational access control card-and-reader platform, it is also important to consider current secure issuance requirements with an eye for tomorrow. Today’s printers, card materials and software incorporate critical visual and logical technologies so that organisations can implement multi-layered validation. There are a number of available hardware choices, including monochrome direct-to-card (DTC) solutions and high definition printing (HDP) retransfer technology for contactless or contact smart cards. There are also high-throughput solutions that optimise performance and productivity. Today’s desktop card printer/encoder products also give organisations a single solution that can deliver the high-volume reliability and advanced credentialing features of large centralised printers, as well as the lower cost and smaller footprint required for the distributed printing model.

Secure validation is another important consideration. Most ID card issuance systems simply compare the person presenting credentials with identifying data that is displayed on the card. This two-dimensional identifying data may be a simple photo ID or sophisticated elements such as higher-resolution images, or it might be a laser-engraved permanent personalization attribute that makes forgery and alteration virtually impossible. Smart card chips, magnetic stripes and other digital components add an important third dimension of security. With expanded data storage, cards also can include biometric and other attributes to further enhance validation.

Another element to consider is speed and convenience. Printers with built-in programmers/encoders combine what previously were multiple processes into a single in-line card personalization step, significantly boosting issuance speed, convenience and efficiency. Users simply submit a card into a desktop printer equipped with an internal smart card encoder to personalize the card. This not only speeds issuance but also eliminates the risk of waste as a result of human error during manual entry. Opting for field-upgradable units enables organisations that already own a card printer to add an encoder in the field so they can leverage smart card benefits well into the future.

Transition to a New Platform

When is a good time to start the transition? There are many possible entry points from which to begin the migration process, including:

• Merger or acquisition: Mergers and acquisitions often involve rebranding and/or the merging of disparate administrative and other systems, technologies and processes. Usually at some point in the process, the organization will need to issue new credentials. With the cost of new technology being competitive with legacy systems, this would be a perfect time to migrate to a more secure, sophisticated and capable system.
• Standardise on a single card: Due to rapid growth, decentralised administration systems and/or multiple physical locations, an organisation may end up with several different access control systems. Since new technology offers the ability to issue or change credentials remotely, it’s now possible to integrate access control into one system that is centrally managed. Standardising all locations and employees on one system can increase security and improve resource management. Going a step further to mobile access control delivers the benefits of over-the-air remote provisioning and management of secure identity credentials.
• Facility consolidation: If a company is moving or adding a building, new credentials will have to be issued for that location. This is an ideal time to look at access control for the entire organisation. It may be time to standardise all locations into one system.
• Re-issuanceprocess: As new employees join, many organisations manage costs by purchasing additional cards that work with their old technology. Some organisations may also need to change their cards due to a new brand image or logo,at which point they can upgrade to newer technology.
• New card applications: Organisations that want to add new applications such as time and attendance, secure print management systems, or cashless vending functions will need to issue some type of associated card to users. They can migrate to a contactless smart card that combines access control with these other functions, enabling employees to carry a single card for many functions. Administration of these functions is centralised into one efficient and cost-effective system. Organisations also can seamlessly add logical access control for network log-on to create a fully interoperable, multi-layered security solution across company networks, systems and facilities. In the future, they can migrate to the convenience, flexibility and security of carrying digital keys and credentials on smartphones and other devices.
• Risk management improvement: Either due to insurance requirements or to improve risk-management costs by reducing liabilities, moving from an outdated system to a current one can dramatically improve the security in an organisation.
• Changes in security requirements: As a result of new legislation or regulatory requirements, an organisation may be required to increase its security. Similarly, if a company acquires a new client that requires a high level of security, it may need improved access control. A new building tenant may also trigger the need for greater building or campus security, either to protect the parent organisation or to comply with the tenant’s requirements. They also might want to add new visual security technologies to prevent counterfeiting.
• Security event: The reality is that sometimes it takes an unexpected event or security breach to move an organisation to make the investment in a new access control system. Ideally, an organisation should migrate before there is a problem, especially if the system is still low frequency, which can be easily cloned.

There is significant value that can be derived from shifting the traditional way of thinking about change, and looking at it as a leadership opportunity rather than something initiated in response to an adverse event. With the right approach, users can easily and inexpensively expand and upgrade their systems to meet changing needs while taking advantage of new technologies. By using dynamic rather than static technologies, security becomes independent of hardware and media, and the infrastructure can evolve beyond current abilities with the adaptability to combat continuously changing threats.Making the right technology decisions today will also help organisations meet new requirements with the confidence that they will be able to preserve investments in their existing infrastructure.