Multi-factor Authentication for Building and Room Security

If you don’t like change, the last two years have been a challenge. While change has always been around, the pandemic has accelerated the pace, and old ways of securing buildings and data aren’t meeting today’s needs.

Organizations have spent a lot of time, energy and money responding to the need to enable and secure remote work. When it’s time for a return to the office, tomorrow’s office environment won’t be like yesterday’s.

That’s because remote work is here to stay. Which means that visits to the office will be frequent for some employees and less frequent for others. In the past, entrances were set up to sort out employees from visitors, with specific methods established to authenticate each group. This is changing. With work styles and office schedules becoming more individualized, everyone entering the building will be considered a visitor for security purposes.

Securing Rooms with Sensitive Equipment

Modern security at building entrances and rooms isn’t just about securing people and property. According to IBM, 10 percent of data breaches are a result of a physical breach. Interestingly, the probability of a successful phishing attack is about the same.

Rooms or closets with sensitive networking, telecommunications or computing equipment are the soft underbelly of many organizations. Even if card-based security works for your organization at the entrance, securing sensitive equipment inside the building is critical.

Data security laws and standards such as SOC2, HIPAA and GDPR require a thoughtful approach to the physical security of sensitive equipment. If a key, card, fob or badge is the only credential required to access sensitive rooms, you’re probably out of compliance with at least one law or standard. And you’re vulnerable to a physical breach that can lead to a data breach.

In our October 2021 blog post, we discussed the advantages of facial recognition technology as a replacement for traditional cards, badges and fobs to authenticate visitors at the entrance, and this technology can also be used to secure rooms.

But not every organization is ready to completely redesign its access control system. If you’re comfortable with the level of security your current access control system provides at entrances, you can add multi-factor authentication (MFA) at doors to sensitive rooms to ensure compliance and close a common vulnerability.

MFA for Building and Room Access Control

Bioconnect and HID Global are IST strategic technology partners that have developed MFA methods that loops smartphones into the existing authentication stream as an add-on to card security. These systems are flexible and scalable, and are easy to use because they are similar to MFA methods people use every day to access online resources and smartphones.

Mobile authenticators from Bioconnect include push notifications, where users verify their identity by entering a code displayed on their smartphone in addition to swiping a card or fob. Of course, it’s possible that a person’s access card and smartphone can be stolen, so Bioconnect also offers facial recognition as a second authentication factor.

Biometric information that’s properly encrypted is extremely difficult to hack, and modern biometric technologies have safeguards against spoofing. For example, HID Global uses multispectral imaging technology to not just scan the surface of the face, but also the subsurface of the skin, producing an image so detailed that it can’t be replicated.

Find the right partner

Before jumping face first into a new MFA solution for building and room access, it’s important to understand that the number of MFA options for building and room access have exploded in recent months. Sorting out the best solution based on your unique situation can be a challenge without an experienced partner to provide guidance.

At IST, we’ve seen our share of change, both in the evolution of security needs and solutions, and in the business and compliance requirements that drive change. And we’ve seen changes in many industries.

There are many factors to consider with any new security technology purchase, including integration with existing systems. We can help you understand which MFA options have the most value for your situation, and help you develop a solution that works, works well with your existing systems, and can be supported throughout the solution’s life cycle.

Equipment security is just one way that IST helps customers be secure from every angle. Contact us today and let us know what your biggest security challenges are.

Facial Authentication: Better Security with More Convenience

The return to the workplace is looming. While some studies suggest that the big return will start in December, many organizations are pushing that date out to 2022. While IST isn’t making predictions on when the return to work will actually happen, many organizations are making plans for the return, and moving forward, the flow of people in and out of buildings and spaces will likely increase as time marches on.

As employees, contractors and visitors return, security professionals will be tasked with not only securing buildings and spaces, but ensuring a healthy workplace. One sticking point is the proliferation of access control technologies that require a human touch—common surfaces that can be focal points for collecting pathogens.

So it’s no wonder that there’s been a sharp increase in demand for touchless access control, which minimizes the number of touch surfaces required to navigate building security. Solutions like automatic, revolving or sliding doors can help to reduce contact at high-volume entry and exit points. By coupling these solutions with contactless credentials, security professionals can better ensure security while minimizing surface contamination.

Access control is critical for a safe back-to-work strategy

The pandemic has increased hygiene awareness among employees, but due to the contagious nature of COVID-19, legacy access control technologies are becoming increasingly ineffective at meeting their concerns, resulting in a lack of confidence that legacy systems can contribute to a healthy environment. In addition, according to a recent study by ASIS International and HID Global, the access control infrastructure is deteriorating, further eroding confidence in legacy systems.

There are a number of other issues with legacy systems. For example, tailgating is a constant concern, and access cards are subject to theft and loss, and are costly to manage. In addition, traditional biometric readers can be hacked. For example, fingerprint readers were considered to offer airtight security. But according to Forbes, hackers say they can hack a fingerprint scanner in 20 minutes.

Better Security with More Convenience

Thankfully, many of the solutions required to ensure a safe working environment already exist, and technology providers have been working quickly to add features to help security professionals cover more ground with less work.

Touchless access control is an unobtrusive, stress-free way to enable people to move freely around buildings and spaces while providing security professionals with an effective solution for controlling and visually verifying who has access to restricted areas. Essentially, a modern solution can add convenience for users and better security for organizations.

The challenge for security professionals is to find a touchless access control solution that is easy to install, can authenticate everyone entering buildings and spaces, and has enough safety features to protect against common security breaches—all at a reasonable cost.

Facial Authentication vs. Facial Recognition

Facial authentication is a touchless access control technology organizations can use to quickly and accurately authorize people for entry into buildings and spaces. While facial recognition is currently a hot and controversial topic, using facial recognition to authorize access can comply with current legislation regarding the use of facial recognition technology.

That’s because the issue with facial recognition in public spaces is that people don’t consent to being identified by a camera. The fact that some companies have used facial recognition data improperly by collecting and selling data without consent has led to the current controversy. It has also led to legislation such as the Illinois Biometric Information Privacy Act (BIPA), the GDPR in the EU, CCPA in California and others, to limit the use of non-consensual face recognition to protect the privacy of citizens.

Like any other access control method, employees and others can opt-in to a facial authentication program, making it completely transparent, ethical and legal, as long as the collected data is kept private.

Your Face is Your Badge

The primary benefit of facial authentication is its high level of security. That’s because your face is likely the most secure biometric for access control. Tina D’Agostin, CEO of Alcatraz AI, a leading provider of access control technology, says, “Facial authentication is a much-needed element in access control because it’s more secure than many other authentication options, more convenient for end users, and more efficient for businesses.”

Facial authentication is also familiar to iPhone users, as it uses facial recognition to provide access to the smartphone.

Facial authentication systems combine the functionality of access control management software and a facial recognition camera to recognize multiple people as they approach an entrance. Lights or an audible welcome/deny message let people know if they’ve been authenticated. Since your face is your badge, there’s no need for cards or other credentials.

Tailgating is eliminated because each face is scanned before entry. Nobody can squeeze in behind another without being recognized. If an unauthorized person does gain entry, the system can send an alert in real time and provide a photo. Compare this with legacy systems, where a physical breach can take days or weeks to discover.

Preparing the workplace for the return of employees can be stressful. But you can alleviate some of that stress by considering an upgrade to your current access control system. By upgrading from legacy systems to a more modernized solution, organizations can significantly reduce human contact around access control while also addressing employee concerns.

By working with an experienced integrator that leverages proven solutions from top security technology providers, organizations can get ahead of the demands for better security and help ensure a healthy work environment without burdening employees with friction in the form of cumbersome, outdated access control.

Modernized touchless access control for improved safety and security

With the return to work on the horizon, contactless access control has become a hot topic. Post-pandemic, access control solutions will be expected to support a safe working environment along with continuing to provide secure access to physical spaces.

The main safety benefit of touchless access control is to minimize touch points, which will go a long way in helping stem the spread of infection. The good news is that beyond health benefits, modernized contactless access control also has security benefits. But according to a recent study by HID Global, a manufacturer of secure identity products and an IST technology partner, many organizations are having difficulty justifying the ROI of modernization.

The study gives us great feedback from security professionals in the field about their plans to upgrade access control. According to the survey, the biggest driver for upgrading is for workplace safety in the post-pandemic world. Other key drivers include better security and easier administration.

Aging Infrastructure is Eroding Confidence in Security
As expected, the survey indicates that there’s a hodgepodge of legacy technologies still being used for access control that have aged beyond their ability to protect against modern threats, and may or may not help stem the spread of infection. In 2017, more than 70 percent of organizations said their physical access control solution met or exceeded requirements. This year and last year, the percentage dropped to 50 percent.

As threats evolve, aging infrastructure is eroding confidence in security. More than a third of those surveyed are using 125-kHz low-frequency proximity cards, which are convenient and reliable but are limited in terms of security and privacy. Other organizations are using magnetic-stripe cards or barcodes, which are even less secure. Use of these technologies going forward exposes organizations to the risk of bad actors spoofing or cloning credentials, something that was perfected by the criminal community years ago.

What Security Professionals Want
Organizations are not only looking for improved workplace safety, they want modernized security and convenience for employees and visitors, which is why many organizations have installed or are considering touchless access control using mobile credentials stored on users’ smartphones.

Those surveyed also want easier administration and simplified processes. With cloud-based mobile access control, security teams can provision, customize and revoke credentials over the air quickly, and there’s no need to purchase and manage badges, cards and other credentials.

Security teams also like the advanced security features of modern touchless access control, including enhanced encryption and biometric solutions, which help eliminate credential spoofing and cloning. Modern systems also support new standards such as the Open Supervised Device Protocol or remote credential management.

Forty-one percent of those surveyed said the biggest obstacle to modernization is cost. But the cost of a security breach can easily exceed the cost of modernized access control, especially when measured in dollars and brand erosion. Yet, 22 percent said the lack of strong ROI was a primary obstacle to upgrading.

Justify the ROI
One way to justify the cost of upgrading is to better understand the full benefit of a modernized solution. Today’s touchless technologies do more than just open and close doors. Reducing common touch points is key to stemming the spread of infection. Streamlined administration saves money and gives security professionals more time for other activities. And real-time building occupancy data helps enforce social distancing and contact tracing in the event of an infection.

Last but not least, modernized touchless access control solutions can go a long way in restoring confidence in security and safety. How much is that worth?

Rely on a Trusted Partner
While security budgets will continue to be tight, communicating the full value of a modern touchless access control solution to executives is key to motivating action. If you need help, IST is here for you. We can help assess your current environment and recommend ways to upgrade to meet today’s safety and security challenges, and even help you build a case to justify ROI to executives. We may also be able to upgrade your access control using some or all of your current installed infrastructure. It may not be as expensive as you think, and with cloud-based solutions that reduce maintenance costs and can provide a basis for automating processes, you may get more than you bargained for.

SIA 2019 Security Megatrends 9 & 10 – What You Need To Know

This post wraps up our series that took a deeper dive into SIA’s comprehensive 2019 Security Megatrends report. Megatrends 9 & 10 both bring the future home with high technology devices that will allows us even greater security, both in our homes and offices.

Megatrend 9: Going Biometric for Access Control
We are on the edge of the tipping point with biometric access control. Voice recognition and sound are increasingly integrated into physical security. The residential market is embracing this change, and the commercial market will soon follow.

Going biometric for access control brings with it the same questions that the IoT, AI and other new technologies pose: how do you effectively balance security with privacy and convenience? For the residential consumer, ease of use continues to outweigh concerns about security. On the commercial side, the perspective shifts, as security safeguards are put in place to achieve compliance, meet regulations and follow standards. Convenience often falls by the wayside. A balance must be struck.

The good news is that biometrics are becoming more reliable and cost-effective. For years, smart phones have unlocked through facial recognition. And since everyone likes to keep their phones on them at all times, the smartphone has the potential to be the credential of choice, a virtual certificate identifying who you are.

Smarter Smart Phones
Smart phones have a number of advantages for seamless “frictionless access control,” free-flowing, yet secure access to a space. This system is almost instant. It requires little interaction and doesn’t interfere with users unnecessarily. It also negates the need for tokens like badges and PIN numbers. Biometrics, radio frequency and Bluetooth technology can all be frictionless. However, this type of access also opens up cybersecurity concerns; if your phone is compromised for instance, your entire identity can be at risk.

Recent facial recognition improvements may make this a reality sooner than we think. One survey respondent noted that “A single digital identity that transcends logical and physical environments via sensor fusion (software that intelligently combines data from several sensors for the purpose of improving application or system performance) may emerge. It’s not a question of if anymore, it’s just a question of when biometric access control becomes our credential of choice.

Megatrend 10: 3 Ways DIY is Revolutionizing the Security Space
In the last megatrend of the report, change in the physical security space continues at unimaginable speeds. Consumer electronics companies are taking the physical security industry by storm by introducing new DIY systems into the residential market. Not only are consumers more aware of the technology, but big names like Amazon make them more comfortable jumping into their own DIY security systems.

The Move to DIY
Consumers usually start by implementing video and then grow their network from there. They often choose to forgo professional monitoring, choosing to do that DIY too. As Amazon expands with its purchase of the Ring Protect system and acquisition of Blink, which produces wireless cameras, this market will continue to expand. In 2016, Statista research recorded $107.1 billion spent in the U.S., which is the largest consumer electronics market on the planet, especially when it comes to connected smart devices. Convergence is the largest trend in the country in this regard, as more connected devices and telematics in the IoT come onto the scene.

When asked how much of an impact the consumer technology giants will have on the industry’s bottom line in residential market, most SIA surveyed respondents agree that this trend will change the security market significantly.

Who will win this high stakes competition? Big companies with the infrastructure already in place, like Amazon and Google, are poised to claim the largest market share. Consumers already rely on their smart speakers and voice control devices, Alexa and Google Home; these will become the main points of entry into their homes and serve as the main interface with the residents.

As Mike O’Neal, President of Nortek Security & Control, explains, “This isn’t a space anymore for small companies to dominate the industry. We have huge players with large infrastructures who have the ability to invest in technology and change the models. Comcast’s Xfinity Home is a disruptor having a major impact on the smaller companies.”

Here are three ways that this DIY trend is revolutionizing the security space:

  1. Opening Up Opportunities: ADT and Amazon have a strategic partnership that integrates the new Alexa Guard feature with ADT Pulse’s security system. Alexa can listen for breaking glass and smoke or carbon monoxide alarms and alert ADT.
  2. Providing a Disruption or an Opportunity: This DIY change is viewed two ways. Many see the opportunity for the subscriber to gain more valued services or a new level of service, while others feel that this rapid change may be hard to manage and the industry may not be able to keep up effectively.
  3. Delivering Disruption: Since smart phones are such easy interfaces, early adopters rely on them to check on their pets and kids, monitor their homes and even provide remote caregiver services. They’re not thinking about handing these tasks over to professional security experts. However, as the population ages, they may leverage professionals for connected health services and personal emergency responses.

Both biometrics and DIY security devices continue to shake up the industry and create a large paradigm shift. Both will have us relying on our ever-present, indispensable smart phones even more. As the year unfolds, it will be interesting to note how this plays out. Will smart phones be our sole credential? Will physical security move fully to a Google/Amazon DIY model, or even a new one? And how will the current security market adapt to these changes and continue to thrive?

We’ll check back later in the year and let you know.

This completes our dive into the SIA 2019 Security Megatrends report. We’ll continue to monitor these trends throughout the year as they play out in real time. If you have any questions about how they affect your business, please let us know!