printer friendly version

A year of digitalisation and integration

The access control and identity management industry has always been relatively stable, with readers, controllers and management platforms installed and used from long periods of time and only being changed when absolutely necessary. This calm state of affairs has been uprooted over the last couple of years due to Covid and the sudden popularity of touchless access control, but also because the market is changing and what is available and reliable technically has advanced significantly.

The market today tends away from point solutions and integration has become the order of the day as organisations demand more than just opening and closing doors. Today, access and identity management has a new and expanded role as it becomes integrated with more systems and operations, such as building management and must also easily become a component of integrated management platforms.

The Access & Identity Management Handbook 2022 covers some of the changes we’re seeing in the market, but to get a ‘big picture’ overview, Hi-Tech Security Solutions spoke to two of the main players in the African access and identity industry to get their overview on what is happening in the industry with respect to various topics that are top of mind these days.

Starting out we referred to a buzzword that is in use globally, wondering if it applies in the access world as well? The term is ‘digital transformation’, which appears everywhere and means different things to different people. Are the same changes happening in the access and identity market? Are companies approaching access control and identity management differently today and is identity authentication and verification becoming more important in both the physical and digital worlds?

Walter Rautenbach.

The growth of digital identities

Walter Rautenbach is the MD of neaMetrics, Suprema distributor in 21 African countries. He says that considering our information age where everything is moving to digital, the risks related to cybersecurity and stolen identities are on the increase and therefore the need for identity authentication and verification remains in a rapid growth trajectory.

This need is being pushed even more by Covid, with companies wanting to continue operating amidst the crisis having either the choice of investing in such technologies or suffering the damages related to identity fraud. “This specifically referring to the digital world, or let’s say the physical world becoming digital.”

Previously, companies welcomed clients into their branches to open new accounts, now it is frowned upon and measures are being put in place to avoid physical contact. It is for this reason that many providers of mobile biometric identity confirmation have flourished, with institutions weighing their performance on how many digital onboardings are achieved.

“As far as it goes for the physical realm, we must ask ourselves how the load has or will shift from physical to logical,” Rautenbach says, “with a strong move to remote work instead of coming into the office. If you ask me, I will say the transformation of physical to logical authentication already exponentially exceeds merging physical and logical identity management. Don’t get me wrong, there are many prime examples where these have converged, but the current push from office to home is aiding it far more than previous idealistic efforts.

“It is interesting to see how major events such as 9/11 which then saw the rise of the smart device and now, how the current no contact environment, is shaping us more and more into a digital society.”

There will always be physical access control, he adds and the growth of digital authentication is eventually bringing these two closer together. Our cyber or information risks are expanding and the need for undisputed identity confirmation of a physical or digital nature will continue to merge and grow.

Tiisetso Khanye.

More than access through the door

Tiisetso Khanye, technical account manager with Gallagher Africa, says we are seeing more companies wanting to not only identify individuals coming through their doors, but be able to verify them through authentication too. “In today’s world, companies require more than badging a card at a reader to enter a door and there are several reasons for this.”

Firstly, it goes without saying the Covid-19 pandemic has changed the way organisations are using their access control systems. For many companies, access control is no longer just about identifying someone at the door, but the system is being used to ensure the individual is healthy and safe before they step on site.

Secondly, the requirement for original equipment manufacturers (OEMs) to have two-factor authentication (2FA) is becoming more prevalent. There are different types of authentication that can be used to prove identity:

• Something I have – usually a physical token, such as an access card.

• Something I know – something that isn’t physical; a secret that only the individual knows, such as a PIN or password.

• Something I am – a biometric, such as a fingerprint, iris, or facial identity.

“In access control, there are different levels of authentication for opening doors,” he continues. “Single-factor authentication utilises ‘something I have’, requiring an access card to be presented at a reader to gain access to that area. Two-factor authentication requires an access card plus ‘something I know’ or ‘something I am’ as an additional level of security.

“More customers want both these things at the entry point – a safety check and 2FA – before an individual can step on site. Organisations want an access control system that can check an individual’s temperature along with verifying that the individual is who they say they are, to ensure that they’re not only the right person going through the door, but they’re also not putting anybody else in jeopardy. So, in this regard, access control and identity management have evolved significantly in the past two years.”

While the evolution of access control technology and integration has been propelled by Covid-19, the need for 2FA has always been there, he adds. “If you think back to pre-pandemic times, we were already hearing from our customers that they wanted an access control solution with facial recognition capabilities and I think this need was not driven by wanting a touchless environment, but a more streamlined environment. An efficient system that facilitates the flow of movement across a site and various buildings. Essentially, facial recognition not only adds an extra layer of security with the biometric verification aspect, but it also removes the need for individuals to remember a physical token, such as an access credential.”

Khanye adds that mobile access is another example of the way digital identification is transforming the way in which businesses manage access control. Through smart, flexible technology, even the most complex of sites can securely issue mobile credentials for their staff, contractors and visitors. “This is an ideal feature for sites that require the management of credential verification for temporary contractors and visitors, as remote provisioning allows access credentials and digital IDs to be set up in advance of a user visiting a site and can be terminated as and when required.

“Beyond convenience, utilising digital photo ID solutions provide wider advantages for organisations. Removing physical cards eliminates the creation of new, or replacement of lost, stolen or expired plastic ID cards, not only reducing costs but also lowering their environmental impact. Once approved users are set up with their digital ID, it also provides the ability to create streamlined communication channels.

Cloud and services in access control

As cloud and the related services are growing significantly in every industry and vertical, there are new access control companies and solutions offering these services as opposed to the traditional ‘everything onsite’ setup. (It goes without saying that traditional companies are also making cloud-enabled solutions available as well.) Of course, not every company wants to be fully reliant on remote systems run by someone else, so the services on offer are flexible to offer fully cloud-based services as well as a mixture of onsite and offsite solutions.

As Rautenbach notes, “In the past we wrote letters, used analogue phones and travelled the world by boat. Now we email, pick up our mobiles or board a flight. In the same way cloud solutions are a natural progression in information technology, offering conveniences not experienced before. However, just because I can fly does not mean I will not use a car again and the same goes for cloud-based access and identity management.”

As with any good technology, he says cloud services need to add value and the more value they add, the more consideration they receive and therefore the utilisation of such technology will increase. It does not mean that because it is so good that everyone would use it and that there is no use case for other legacy systems. “As the implementation of cloud infrastructure has grown and since using of the same is seamless, so we have seen the growth of solutions available. It is essential that your identity or security management system should give you the option to use the cloud as it is not optional anymore.”

Some questions Rautenbach suggests companies thinking about or planning cloud implementations ask include:

• Do I trust my cloud provider and what will happen if they fail?

• Will the data be secure?

• Where will my data be located? Do regulations permit me to store it outside national borders?

• Is my network reliable?

• Will my organisation stop if my network drops?

“These are just a few questions that you and your platform providers will have to address on their cloud migration journey. Luckily there are many trusted providers, with network providers generally being more reliable and any good solution provider should have a cloud offering as an option.”

Khanye echoes this sentiment. “Traditionally, from an access control perspective, there’s always been a physical server, readers connecting to a systems controller and cabling. But now, with wireless access control, you get a lock – there’s no cabling installed or required – and you get a wireless hub fitted somewhere close to the door, which can talk wirelessly back to a server that can be based anywhere. Resulting in less physical requirements on site from an infrastructure or containment perspective.

“In that sense, I think we’re increasingly seeing the need for cloud solutions, especially given more buildings are becoming vacant, so justifying a large amount of physical infrastructure for an access control system is becoming more difficult. Essentially, we’re seeing more businesses move to the cloud or wanting cloud solutions because it saves on infrastructure costs and the like.”

Importantly, from a disaster recovery perspective, he adds that if the physical server is not based on premises, then it’s easier to migrate and move on to a new premises and re-establish connectivity to the server if its cloud-based.

“The riots in South Africa back in July 2021 are an example of this. Many manufacturing companies were being torn down, numerous shops were looted and organisations were damaged. If any of those organisations had servers on their premises that burned down, the servers would have also been part of that collateral. They would have to get a new server, reinstall and reconfigure everything from scratch. Whereas if they have a cloud-based system, they will only need to redirect it to the new premises, make a few configuration changes and this would result in quicker up-time for the site.”

One challenge Khanye does mention for those looking at cloud solutions in South Africa is bandwidth. “We are very limited in terms of bandwidth and it can be an expensive exercise. So, if an organisation wants consistent uptime, data connectivity and data transmission, then the bigger the bandwidth the better. But bigger bandwidth means more cost.”

Integrated solutions more than ever

We never seem to move away from the topic of integration, but in today’s world where rip-and-replace installations are rare and assets are sweated to the extreme because of budget concerns, the ability to integrate different products, across different disciplines (access, intrusion, surveillance and a host of non-security disciplines too) is more important than ever before.

Rautenbach is rather blunt in his take on integration: “Integration capabilities and system modularity are essential for access solutions. If your provider only offers a ‘one for all’ solution, then it is time to consider an alternative. Different businesses have different needs and should address your specific needs. When it comes to integration, implementing a cloud model in certain instances might be easier. It all depends on the type of integration and the accessibility of the same.”

Khanye adds, “From an access control point of view, it’s no longer just about opening and closing doors. It’s now about understanding why the door is open, why you are letting people through that door and what else needs to happen while they’re going through that door. For example, being able to integrate a fire panel that will isolate smoke detectors in a boardroom where a meeting is taking place is important. Having the ability to switch on lights and air conditioning when somebody walks into a conference room is also important. Turning the camera to focus on a particular area or entry point is important. All these examples are possible through integration.”

He expands that in a cost-driven and energy-conscious business environment, you need to have confidence that your building management services are running correctly and not consuming power and resources when they aren’t required. “That’s where the Gallagher BACnet integration comes in. High-level communication between Gallagher’s Command Centre and building management systems using the BACnet protocol provides opportunities for significant cost and energy savings.”

Rautenbach believes access control fits in well with building management. “Since today’s modernised access platforms offer more integrations related to your building, it does make sense in certain cases to merge the two. You want your alarm system to interface with your access management, receive sensor input from various other building parameters with the view of enabling an overall view of your facilities. On the other hand, one should also look at what data it is that you want to feed into you access platform, if it belongs there and if the staff that manage it should have access to it and would know what to do with it.”

Making better use of data

Living in the age of analytics, it was only a matter of time before the data collected in access and identity management implementations was also sliced and diced in order to find additional information to assist businesses and individuals. We have a couple of articles on some of these uses later in the publication. The question is how this data can be extended to add value to other areas of the enterprise?

“It all depends on the data that is captured, what individuals agree to share and use it for,” explains Rautenbach. “With PoPIA now active and with the pandemic at hand, we believe enforcement will become more stringent and therefore sharing data, even within the business, should be carefully considered.

“Besides the standard integration with time and attendance, video and visitor management, we have seen some interesting solutions using access control biometrics to be used as part of the vetting process, such as confirming identities with external sources and also in enterprise implementation

using access events to monitor and optimise the utilisation of facilities for health and safety purposes.”

Businesses can use data captured from their access control system to get a better perspective of their site, states Khanye. “For example, the data that captures consistent door forced opens can be used to find out why this is happening and mitigate future door forced opens. The data captured from certain alarms can be used in certain events to help the operational team be more efficient. So, utilising that data coming through from physical devices, door contacts, alarm inputs and cameras being offline can be used to improve business efficiency.”

Using a real-life scenario as an example, an organisation could identify that the north side boom entry is a lot busier in the morning through their access control data, so they decide to keep that boom entry open during the day and then lock it in the afternoon. They also know that the reception area is busier during the day and they don’t want to create congestion by asking people to badge every time they go through the reception door. Instead, they configure the reception door to be unlocked from 8 am until 4 pm – while reception is manned – and then lock the door from 4 pm and require people to badge in. Making those informed business decisions is made possible through collecting that data and using it intelligently to improve business efficiency and processes.

Another example, he says one of Gallagher’s customers in Zambia uses their Proximity and Contact Tracing Report and after a confirmed case of Covid-19 on site, the government required a report of all the people that tested positive and all the people they were in close contact with. “We were able to produce that information within minutes.”

Another way data captured for access control can be used to add value to a business is through competencies. Access management can be based on individual competencies such as:

• Safety: is the employee inducted, trained, licenced and fit for work?

• Equipment: does the employee have the right vehicles or safety equipment?

• Security: does the employee have the right clearance?

• Regulatory compliance are there other requirements the employee must meet?

There are many benefits of competency-based access management. For starters, it offers automatic enforcement of business Occupational Health and Safety rules and policies, reduces the spread of Covid-19 caused by the presence of non-compliant staff, provides tangible evidence of duty of care and ensures automatic compliance with government regulations.

Critical issues in 2022 and onwards

To end the conversation, we asked our two experts to look ahead and tell us what they see for the industry in the coming year: more of the same or some revolutionary changes – or something in between.

“We believe that on the solution side the trends of the previous two years will continue along with more growth in touchless technologies and the protection of private data,” says Rautenbach. “We also expect to see the focus returning to integration, which has recently not been as active whilst everyone has been scrambling to stay afloat. We believe that mobile credentials and the utilisation of them in access and identity management will continue to grow even more than before, with new supporting features to aid touchless and privacy.

“We are also hoping to see those private and public enterprise projects, which were put on hold during the pandemic, start engaging again and making use of rapid development enhancements, focusing on accuracy and health and safety and generally making good use of these in decisions going forward.”

“I think 2021 and the latter part of 2020 was all about contactless experience, ensuring people are safe and secure, whether indoors or outdoors, through minimising the need for physical contact,” says Khanye.

“One of our customers in South Africa is still restricting the number of people within their building. Command Centre’s Zone Counting functionality allows them to set an alert when the number of people inside the building has exceeded 100. When this limit is reached, employees receive a broadcast notification via the Gallagher Mobile Connect App informing them to work from home, as the building is at capacity for the day.

“I think 2022 will be similar, but more enhanced. We are moving towards more of a dual authentication and dual verification methodology way of working. Additionally, more companies are looking for improved ways to manage their sites from a people perspective. Knowing who is on site, how many people are in the building and what time they are going to arrive. In that sense, businesses are looking for a pre-emptive way of dealing with access control, as opposed to just letting people through the door.

“Businesses across South Africa are using intelligence more than ever before and want to maximise their access control system. They don’t just want an access control system that opens and closes doors, they want a system that keeps people safe, ensures compliance, optimises facility use, protects assets and data, integrates with other systems seamlessly and they want a solution they can scale as they grow.”

For more information contact:

• Gallagher Security, +27 11 974 4740, [email protected], www.security.gallagher.com

• neaMetrics, 0861 632 638, [email protected], www.neametrics.com

Share this article:

Further reading: