Although a physical access control system is often defined by its software, it’s built from a combination of devices. And the way these access control devices are integrated and managed, significantly influences the system’s overall performance and lifecycle value.
When choosing an access control system, much focus is placed on how the software is managed and its user features – and rightly so. But it’s important to also investigate how well the system combines its physical devices so you can improve the user experience, lifecycle and value of the investment.
In this article, we’ll discuss some of the key considerations when choosing and managing access control devices as part of a system. And we’ll also look at how an access control system itself influences the value you’re able to get from the devices you connect to it.
Choices, challenges and changes
Creating the settings and management framework of access control software is an important process, but these settings can easily be adapted to new user requirements. Physical access control devices often have less or even zero adaptability. So changing a device can have much more impact, resulting in reinstallations, reconfiguring and potentially even retiring the entire system. To avoid such disruption, consider how the access control system can support smart choices and ease the impact of any inevitable device changes that happen during its lifecycle.
Locks – the fundamental basics
For access control systems, locks are the most fundamental of devices because they ultimately control an entrance’s physical security. The wrong type of lock, or a poorly fitted lock, can render many other devices and functional rules useless.
So you have the freedom to choose the right lock for each access point, an access control system should support all types of access control locking devices. Including offline, online, wireless and electronic locks. It must also be capable of integrating and managing a wide range of locks, with full functionality, from multiple vendors.
To achieve maximum performance, an access control system must be able, for example, to monitor the lock’s status to check it’s secure and operationally sound. If the lock can provide a fault output, the system should monitor this. It should also be able to monitor the door’s status to check whether it’s locked, open or in access control mode.
Access control devices for identification and verification
Another important consideration is the access control devices to be used for identification and verification at controlled entrances. The ideal management model for an access control system authorises carriers (people, cars etc) rather than the identifiers (cards). And can therefore allow a carrier to use several identification technologies efficiently, based on their single set of authorisations.
This efficient model then enables you to use, and easily manage, a variety of identification and verification methods. So you can select the best option for each access point based on factors such as risk or user requirements. It’s possible, for example, to use card readers, PIN readers, biometric devices and number plate readers all in one access control system.
Importantly, this ideal authorisation management model means that changing a device to increase security or add a feature (e.g. the use of PINs) demands little in terms of system management.
The security of cards and card reader devices
Cards and card readers remain the most common identification devices. Both are considered to be standard and straightforward, but they should still provide at least minimum levels of security. Cards should have at least some level of encryption to prevent them being hacked or copied. And the communication between card and reader must be secure to prevent wireless hacking. Communications from the reader to the controller shouldn’t be overlooked either and should also be encrypted.
For higher levels of security, transparent readers are a great option. They communicate securely with the card but don’t decrypt its data at the reader. Instead, they securely transfer fully encrypted data to the controller.
Mitigating risk with biometrics
For entrances with higher risk profiles, biometric access control equipment is being used increasingly more across a wider range of applications – for both identification and verification. A card can be lost, forgotten or stolen and a PIN can easily be shared. But it’s far more difficult to gain entry using someone else’s fingerprint, face or other kind of biometric identifier.
As the technology improves, and offers even more reliability and convenience, we expect the use of biometrics to continue increasing.
The type of biometric access control devices you specify should be determined by factors such as the environment, people flow and budget, as well as the security levels needed. And, as with card readers, the security of a biometric device is crucial. It’s essential that security and encryption are built into the device’s design and the system managing it.
Mobile devices for identification
As smartphones are now ubiquitous, the use of mobile devices for identification is also growing. They’re convenient for users and have good built-in security features, but there are some downsides.
As yet, there’s no standardisation for how an ID credential can be used on mobile devices, so you have to choose a vendor and stick with their system. Also, the time it takes someone to open their phone, find the right app and present their ID can really slow down people flow in high-volume settings.
When speed and functionality improve, however, we expect to see a sharp rise in the adoption of mobile devices in access control.
Controllers can significantly improve performance
One of the most important devices in an access control system is the door controller, which bridges the communications between card readers (and other devices) and the software application. The controller should be able to continue managing its tasks locally, even if network connections are lost.
And, as a network-connected IT device, controllers must support all the necessary network security and performance requirements, and have regular software updates, so they don’t become a vulnerability.
Controllers must be programmable too so they can support the user’s specific needs. And it should be possible to securely reconfigure them, and add new functionality and higher security settings, without physically visiting or replacing them. The more configurable a controller, the longer the lifecycle value it’s likely to have.
Controllers should also be based on open standards to enable them to communicate with the system’s other access control devices. They shouldn’t, for example, put limitations on the type of locks or readers that you choose.
Ensuring freedom for integration and best-of-breed technology
When it comes to your choice of access control devices, one of the most important influencers is the access control system itself. If the system’s architecture is based on open standards, it gives you the opportunity to choose and integrate with best-of-breed third-party access control devices. It also makes it easy to upgrade and add to your devices, because if one or more needs to be changed it doesn’t require a wholesale change to your system.
Through our technology partner programme, we work with companies that are the best at what they do when it comes to access control equipment. And, as there’s no vendor lock-in with AEOS, you can choose exactly the right device for each situation.