What’s new in access control for 2019
The adoption of new technologies in the access control market looks set to grow in 2019, as users demand greater convenience and security.
Izvor: a&s International
The global market for access control products grew by 8 percent in 2018, reaching sales of nearly US$7.5 billion, according to market research firm Memoori. This was driven in part by IP networking products, access control as a service (ACaaS), biometric readers and identity management tools. The firm predicts further growth through the integration of other physical security systems and building automation systems (BAS).
More Wireless Locks, Identity-Based Systems in 2019
From increased adoption of wireless locks to integration of authentication and access management, access control industry players discuss some of the trends they see for 2019.
Overall, the access control market has been slow to adopt the latest technological trends. One reason for slower adoption is that organizations do not update access control systems as regularly as they update other technologies such as cell phones.
According to Gaoping Xiao, Director of Sales for APAC at AMAG Technology, traditional access control is still 10 years behind other sectors. Despite this, Xiao thinks increasing awareness of the security benefits will see the market warm to newer technologies in 2019. “These newer technologies have more rigid regulations (and) in the next 12 to 18 months I think there will be a major uptick in people understanding that there is risk associated with legacy platforms, like using proximity cards or Mifare CSN cards in critical locations and updates in technology are needed to provide a safe environment.”
Jason Spielfogel, Director of Product Management at Identiv, expects to see an expansion in the use of of wireless locks in 2019. “Not only do wireless locks represent the marriage of reader and lock in the same hardware, but the ease in which a wireless lock deployment can be installed and made operational dwarfs the older, cabled methods of installing an access control system,” he said.
He added that the hospitality industry “moved in this direction several years ago, and now the main commercial/ industrial segments are rapidly following. Wireless locks also represent a way to establish fast, temporary access control environments that can just as quickly be uninstalled or moved to another location.”
Francois Lasnier, SVP of Identity and Access Management at Gemalto, highlights the use of identity-based access control across a user journey in both the physical and digital spheres as an interesting development for 2019.
“Instead of looking at each access transaction individually, with each access control system relying on disparate identity systems, global access control platforms feeding from various identity systems (e.g., AD for enterprise apps, physical access database, biometrics, etc.) and taking smart decisions based on global access policies using both physical and digital context information is something we could envision down the road,” Lasnier said.
Lasnier also expects the integration of authentication and access management to gain momentum over the next few years. “Authentication will need to be integrated into access management more tightly in order to afford the risk mitigation organizations need, and in order to reduce the burden of logging into multiple apps for end users,” he said. “This is driven by an ever present need to provide access security at the application level, as a result of a continuously expanding threat surface and of an intensifying threat level. The expanding threat surface is the result of a hyper expansion of cloud- and web-based delivery, while the intensi- fying threat level is evident in the scope of the breaches in the past few years and its repercussions.”
According to Vince Wenos, VP of Global Technology and Engineering at Allegion, other trends of interest this year include: the continued rise of IP-based network solutions as a challenge to traditional RS-485 architectures; continued demand for and adoption of cloud-hosted solutions over traditional on-premises solutions; increasing intelligence in “edge” devices due to improvements in power management and lower cost computing; mobile access and its ability to drive further convergence of physical and logical security; the inclusion of advanced machine learning and AI; and biometrics.
Moving From Card-Based Credentials to Mobile Access
Although card-based credentials have long been a mainstay in the access control industry, end users have begun demanding more secure and convenient methods of access. One technology tipped to address these concerns is mobile access.
The consensus among industry players is that mobile access will take center stage in 2019. Technologies like Bluetooth and PIR are increasingly being incorporated into readers, enabling users to leave their phone in their pockets and achieve entry simply by waving their hand near the reader. IHS Markit expects strong growth in the mobile access market over the next five years. According to its report, global mobile-credential downloads are estimated to increase at a compound annual growth rate (CAGR) exceeding 100 percent between 2017 and 2022. Furthermore, it predicts that roughly 20 percent of currently installed access control readers will be mobile capable by 2022.
“While the most secure environ- ments will continue to use cards as part of their multifactor credentialing schema, in the commercial/industrial/ residential markets, the shift is to move away from cards and use smartphones as the primary credential,” said Jason Spielfogel, Director of Product Management at Identiv. Richard Huison, Regional Manager for the U.K. and Europe at Gallagher Security, said mobile access was no longer seen as a gimmick and had gained traction due to its convenience and added security. He added that mobile provided undeniable benefits, such as the fact that it could be used across multiple sites and that creden- tials could be sent remotely over the internet. “This is a huge benefit for the customer in administration. It gets away from all of the card printing and keeping those cards catalogued and in the correct hands.”
Francois Lasnier, SVP of Identity and Access Management at Gemalto, said that as phones became the central point of interaction not only in identi- fying and authenticating users, but also in initiating access requests (physical or digital), it would be easier to build global access policies and make access decisions based on the overall user journey. Additionally, Rick Caruthers, President of Galaxy Control Systems, said more customers were requesting mobile applications where push notifi- cations were sent from the access control system to mobile phones with video for review.
Gallagher Security’s Huison believes the ubiquity of smartphones gives them a distinct advantage over access cards. “I think of it this way: how many people return home if they realize they’ve left their access card behind on the way to work? No one, realistically. But most people would do so if they realize they’ve left their mobile phone at home. They’re using their phone for paying for goods and to carry their cinema ticket or restaurant booking, so why not equip it to let them through doors they’re allowed through?” This view is echoed by Andrew Fulton, Head of Product Management for Access Control at Vanderbilt. “Mobile access control is in higher demand right now from end users looking for a way to incorporate their mobile phones with certain access levels within their organization. In today’s world, a mobile phone is a constant, and it’s natural for businesses to see this as an opportunity to integrate mobile access into offices and varying levels of access,” he said.
John Davies, MD of TDSi, said that while mobile access was already prevalent in residential spaces, research suggested some larger end-user organizations were already buying new readers in readiness for mobile-identification technologies. Estimates suggest mobile identity readers are likely to make up around 10 percent of reader sales by 2020. Mobile was also being used for access control in ways beyond opening doors, with security departments using mobile solutions for remote monitoring, setting alarms and enrolling employees into systems, said Gaoping Xiao, Director of Sales for APAC at AMAG Technology. “Mobile solutions provide more functional control (in your hands) of a system that is developed and deployed. A functional purpose is accepted and adapted. Mobile has not been widely accepted for opening doors, but it’s coming,” Xiao said, adding: “We will see it adopted in universities and in vertical markets where there are remote buildings such as the energy/utility market.”
Despite the benefits, there are sectors where Huison thinks it will not be adopted, such as the U.K.’s National Health Service and local authorities, due to concerns over a “lack of control of cards.”
Balancing the Pros and Cons of Mobile Access
With adoption of mobile access solutions tipped to increase this year, here are some of the benefits as well as challenges to consider when implementing a mobile access solution.
Convenience is one of the biggest factors leading to mobile access conversion. “ F o r m a n y o f u s , remembering our mobile phone is significantly easier than remembering a badge or keycard. There’s also the issue of waste, as the plastic used in these credentials can be wasteful – especially when used in large quantities, such as in a hotel environment,” said Andrew Fulton, Head of Product Management for Access Control at Vanderbilt.
Other benefits include near-instant credentialing, faster, more convenient access and lower total cost of ownership (TCO) for multifactor authentication.
“The means of credential delivery has improved and the cost of the readers themselves has come down. This has prompted more companies to consider mobile access for upcoming projects,” said Rick Caruthers, President of Galaxy Control Systems. “We feel mobile access technology will continue to gain in acceptance and capture more market share from traditional proximity technology,” he added. While mobile access is convenient, considerations over whether log data will be stored on a mobile device or on a cloud server also need to be factored in.
Gaoping Xiao, Director of Sales for APAC at AMAG Technology, added that “the cost of virtual credentials versus traditional physical cards must (also) be considered as the investment can be high for some vendors’ solutions.”
Nancy Islas, President of Maxxess Systems, said that in order to be a suitable replacement for existing card and proximity access readers, the speed and capacity of mobile credential access readers needed to be at least equivalent to existing devices. AMAG’s Xiao noted that one of the challenges for office environments was that they still required employees to have a physical badge with a photo in order to distinguish between employees, visitors and contractors. Still, mobile access in this scenario has a clear advantage — it is convenient as most people carry a smartphone with them most of the time, and it is more secure as smartphones are typically protected by a password.
Vanderbilt’s Fulton said another challenge was the large number of different platforms on which these programs were built. “Not everyone carries the same type of phone – or even a smartphone for that matter. Another consideration is how to handle visitors and contractors that might require short-or long-term access to a facility, as well as how privacy issues are handled – that is, if an employee is using a personal mobile phone for access, how much can the employer access if that phone is being used as a credential. All of these challenges must be addressed and discussed before a company can implement these kinds of solutions.”
Cybersecurity concerns must also be addressed, as the line between how we use our mobile phones for work and personal matters becomes increasingly blurred. Because of this, mobile devices were likely to become a more attractive threat vector, according to Francois Lasnier, SVP of Identity and Access Management at Gemalto.
“Users therefore should be aware and more vigilant regarding the apps they install; enterprises will dedicate more resources to end-point and access security on mobile devices. Inherently, mobile devices have some limitations in terms of security and will become the center of cyberattacks as their role to help us run our lives keeps on increasing. Therefore, security mechanisms to maintain a high level of trust while assuming that the mobile as a device could be compromised (‘zero-trust’) will become increasingly important,” Lasnier said. Other issues include diminished phone battery life, since most mobile access solutions using Bluetooth will need this function to be turned on at all times.
Video Integration With Access Expected to Continue
Integration of video surveillance into access control systems is expected to continue in 2019, as end users look for seamless solutions to group different functionalities onto a single platform.
Video integration with access control has been happening for years and access control industry players believe this will continue as part of a wider integration trend.
“Integration in general will be critically important for manufacturers of both access control and video components, such as cameras and management systems. The shift toward video integrated with access control is a natural extension of this trend and manufacturers that make this a critical component of their offering will be more successful than those that don’t,” said Andrew Fulton, Head of Product Management for Access Control at Vanderbilt.
Nancy Islas, President of Maxxess Systems, said: “Any entity with a NoC or SoC will experience immediate benefits by merging all critical surveil- lance, access control, security systems and two-way communications onto a unified platform. Such higher levels of integration provide security and operations management with total situational awareness, allowing them to coordinate the activities of first responders and the people they are protecting with the information they need to know in the event of an emergency.”
Rick Caruthers, President of Galaxy Control System, said industry profes- sionals were “increasingly looking for higher levels of systems integration to consolidate operations and tie in previously disparate system capabilities on a unified platform.”
“Galaxy Systems has supported VMS integration for the last several years and we will continue to expand with new integration partners as they arise,” he added. Jason Spielfogel, Director of Product Management at Identiv, said video “represents a simple way to visually verify an access control event, and access control represents additional data that can be used in a surveil- lance investigation. The prerequisite for such integration really depends on how the end user uses their system, but whenever cameras are co-located near access control checkpoints, it is a waste of investment to not have them integrated together and, once integrated, provide an amazingly fast way to verify events and validate correct/incorrect practices.”
While both live and recorded video will continue to be of value, solutions that can leverage images to enhance security — for example, facial recognition on the video stream — will likely be most popular, according to Vince Wenos, VP of Global Technology and Engineering at Allegion. “
It is important to note that expanded use of video technology in the consumer electronics space for logical access control and payments is positively changing end-user percep- tions and acceptance, which will allow for greater deployment and adoption in the traditional physical access control world,” Wenos said. Vanderbilt’s Fulton said solutions offering both access control and video management in a more cloud-based format were being chosen by small to medium-sized enterprises, due to the price point and services offered. Other verticals that could benefit from video integration included those in which video was a critical component to access control, such as health care, education, financial services, higher education, casinos and hospitality, he added.
Richard Huison, Regional Manager for the U.K. and Europe at Gallagher Security, sees video surveillance integration with access control as driven more by manufacturers and suppliers trying to differentiate themselves, rather than by market need or desire.
Instead of being a necessity for every application, Huison believes video integration with access control should be based on individual need. “Video integration simply isn’t practical or worthwhile as there isn’t the manpower to monitor video where there is a huge access control throughput. I’m thinking here of hospitals and education, for example. For instance, at Kings College London, the Gallagher access control system controls a million door movements every month!”
Contactless Biometric Access Control Spreads Across Verticals
Biometrics in access control is already a trend, and now the focus is on contactless technology.
Contactless biometrics are expected to see continued growth in the access control market over the coming year, thanks in part to more accurate and advanced technology.
The global biometrics- system market is expected to reach US$41.8 billion by 2023, growing at a compound annual growth rate (CAGR) of 20 percent, according to a report by Markets and Markets.
Similar to how analytics was expected to be the “it” trend for over a decade, predicted explosive growth in biometrics has also remained “just around the corner.” Today, however, significant advances in technology have lowered the cost and improved the performance of virtually all biometric modalities, making adoption easier.
“Combined with a general shift in user acceptance due to the application of biometrics on smartphones for logical access control and electronic payments, these advances will fuel continued deployment of biometric solutions,” said Vince Wenos, Vice President of Global Technology and Engineering at Allegion.
Jason Spielfogel, Director of Product Management at Identiv, said creating an access control system that didn’t require the specific cooperation of the user had always been the Achilles heel of contactless biometric systems. This is because such systems generally require the subject to be in an exact spot and/ or looking at a specific place for the system to recognize and authenticate the user. However, as technologies that can recognize an iris or a face at non-direct angles mature these barriers can be overcome. “When combined with systems designed to prevent tailgating, this technology has the potential to revolutionize security checkpoints,” Spielfogel said.
Gemalto recently announced a joint pilot program with a leading airline to implement biometric boarding. According to Francois Lasnier, SVP of Identity and Access Management at Gemalto: “The test will confirm that passenger needs and expectations are met through use of facial recognition versus a traditional boarding pass as well as satisfying CBP (Customs and Border Protection) U.S. Exit requirements.”
Allegion’s Wenos noted that government and public safety would no longer be the only primary verticals utilizing biometric technologies, adding that education and health care would also see expanded use for general access control. “In health care, applications are likely to include streamlined workflows that improve staff utilization and patient outcomes; more cleanliness with contactless implementations; and verified identity for access to patient information and other data. “Businesses, too, may dramatically increase the use of biometrics for logical access control, with potentially 90 percent using the technology by 2020 according to Spiceworks,” Wenos said.
John Davies, MD of TDSi, said construction sites were a good example of where biometric access control could be beneficial. In such an environment, it was far more practical for workers to use a palm-vein or facial-recognition system, as carrying a token would be impractical and a fingerprint could be difficult to read due to the harsh conditions workers’ hands are exposed to. Such a system would also be well suited to sports grounds or stadiums, where the professional players need to gain access to non-public access areas without having the availability of pockets or a bag to carry credentials. According to Wenos, another contactless biometric gaining ground was voice technology, as evidenced by double-digit growth in the adoption of voice assistants. “Voice authentication can be a bridge between physical and digital security and an extra layer of protection when needed,” he said. Still, there are barriers to adoption.
Richard Huison, Regional Manager for U.K. and Europe at Gallagher Security, pointed to the increased consciousness of data privacy in the post-GDPR era. He said people were worried the “authorities … are taking a picture of me” without knowing “what they might do with it.” “The fact that the system is just taking measurements of certain facial characteristics and plugging them in to an algorithmic image doesn’t matter. It’s the same reason why scanners in cashpoints didn’t take off 20 years ago — because of people’s fear. But, ultimately, because of the consumer convenience it will be a growing trend and the technology will improve to facilitate this, along with public education to conquer the fear factor.”
Facial Recognition to Drive Contactless Biometric Growth
Advancements in facial recognition and growing acceptance of the technology are driving growth for its use as a contactless biometric for access control.
Despire initial skepticism from consumers the increased ubiquity of facial-recognition technology has smoothed the path for its use as a contactless biometric for access control. Nancy Islas, President of Maxxess Systems, pointed out that the implementation of facial recognition in leading smartphones had dramatically reduced the learning curve. It is now widely accepted by the public, which will further accelerate deployment of facial recognition for more applications, like access control. The global facial-recognition market is expected to reach nearly US$7.8 billion by 2022, at a compound annual growth rate (CAGR) of 13.9 percent, according to a report by Markets and Markets. Growth is attributed to the increased need for enhanced surveillance and monitoring in public places and the increase in the use of the technology in sectors such as government departments.
Andrew Fulton, Head of Product Management for Access Control at Vanderbilt, noted that similar to mobile credentials, users looked for flexibility when it came to access control. Biometric readers could help achieve this, while also offering an additional layer of security to protect an organization, he added.
Although new technologies are constantly being touted, the most popular biometric systems are generally the most established and practical, such as facial recognition and iris. “We see facial readers have been developed rapidly in the past few years, and many customers are beginning to use facial readers instead of fingerprint or hand-geometry readers because they are convenient and highly secure. Also, the facial template capacity can be as high as 10,000 to meet the large number of people required in some applications,” said Gaoping Xiao, Director of Sales in APAC at AMAG Technology.
Facial recognition technology had improved significantly over the years and it was now more accurate than iris recognition, said Richard Huison, Regional Manager of U.K. and Europe at Gallagher Security.
“We’ve seen facial recognition, originally developed by Aurora Computer Services, adopted effectively in controlled situations such as passport control at airports,” Huison said. However, he noted that even in highly controlled environments like passport control, the hit rate was not always ideal.
“We have the additional problem of the constraints of the camera being too tight to accommodate some people. I’m over 6-feet, 6-inches and can’t find a camera high enough to take me, while people in wheelchairs may be below 4 feet,” he added.
Vanderbilt’s Fulton said that regionally, facial-recognition software was “making its way into the Asia Pacific market as a means for contactless biometric access control, as well as analytics capabilities. We’ll start to see this work its way toward Europe and the U.S. as the technology continues to develop and companies move toward the adoption of these types of technological advancements.”
Vince Wenos, VP of Global Technology and Engineering at Allegion, pointed out that facial recognition investment had been growing significantly, particularly in China, as players see the combination of facial recognition and artificial intelligence (AI) as a major disruptor. “Reports show that venture capital investment in biometrics over the past two years exceeded US$4 billion, with approximately half of that amount going to Chinese facial recognition companies,” he said.
More Cloud and Awareness of Cybersecurity
With storage becoming increasingly affordable, the migration of access control onto the cloud looks set to increase in 2019.
Acceptance of cloud-based access control and video management solutions is expected to continue in 2019, with industry players pointing to an increased willingness among end users to adopt cloud products. While most consumers still want to invest in more traditional access control solutions, the benefits of the cloud, such as quicker installation time, automatic software updates, flexibility and mobility, managed services and increased cybersecurity, are enticing users. “We anticipate the major growth in the upcoming year will be in the cloud-hosted access control space as it opens up new revenues for resellers as well as the opportunity for many small-to medium-sized operations to economically deploy advanced access control capabilities,” said Rick Caruthers, President of Galaxy Control Systems. “As a result, we will also see cloud/hosted access control solutions continue to evolve with more features and integrations in 2019,” he added. Jason Spielfogel, Director of Product Management at Identiv, said moving control and management of an access control system to the cloud made sense for many reasons, including improved management and controlÍÍ and better security.
“It also gives access control systems nearly infinite scalability unburdened by the requirement of additional panels in an on-premises environment. The current state is a hybrid approach, with the cloud being the primary brain of a system and an on-premises backup. As access control manufacturers continue to move more system functionality to the edge (bridges and readers), it will make the cloud an even more attractive option for access control,” Spielfogel said.
IHS Markit expects market revenues for access control as a service (ACaaS) to increase to US$950 million by 2022. Small- and medium-sized enterprises will lead the adoption of ACaaS, according to IHS Markit. SMEs accounted for 21 percent of market revenues in 2017.
“Pushing access control into the cloud ensures end users can enjoy enhanced security but without necessarily having to invest in expensive IT infrastructure to do so. Access control as a service promises to be a robust and rapidly growing segment of the market for small- to medium-sized projects (up to 50 doors). However, it is not something that looks like it will take off for larger projects just yet,” said John Davies, MD of TDSi.
“Interestingly, with access control as a service presenting a new paradigm for providers, we may well see new players entering to market as a result. New entrants mean more competition, so it will be interesting to see how the market reacts and how providers meet these fresh challenges,” Davies added. With access control expected to shift to the cloud as well as become more IP-based, the question of cybersecurity becomes an important consideration.
Awareness of cybersecurity was the main force driving technological development in access control, said Richard Huison, Regional Manager of the U.K. and Europe at Gallagher Security. This was tied closely to GDPR and partially to mobile credentials, he added.
But Huison stressed that “cyber is the big issue and it’s resonating at a higher and higher level.” “At multinationals, in specific industries such as banking and in enterprise level companies, they want compliance with various government standards and to be confident that ‘whatever is being plugged onto my network’ will not facilitate hackers gaining access via the access control or video surveillance system.
“In the internet of things, systems that meet a range of global standards such as the U.K.’s Cyber Assurance Products (CAPs), the U.S.’s FIPS and Australia’s Type 1A are where genuine cyber resilience will be found. In the U.K., for instance, only a handful of the 40 or so manufacturers will offer this level of standards compliance and cyber resilience,” he said.
For SMEs — where typically there is a lower level of knowledge, expertise and resources — Huison believes users need to be convinced of the resilience of their network, as well as whether their security investment is future proofed and “cyber safe” in the long run.