Everything You Need to Know About Access Control

Access control is the backbone of physical security. As the first line of defense, it protects businesses from theft, vandalism, and trespassing. Physical access control systems are designed to restrict access in and out of an area.

A lock and key design is the most basic form of access control, but over the years the technology for access control systems has significantly grown more secure and sophisticated. A well-designed access control system has the following features:

Convenience: while making no compromises for security, it allows authorized people to go about their daily lives smoothly and move through areas without a hassle, especially for multi-site facilities

Efficiency: access is automated, and information is captured at all access points of all comings and goings, including people’s identities, time of entry, and the like

Flexibility: access can be tailored for each individual based on their role and need-to-know privileges; it can also be customized to time of entry and other parameters (e.g. authorized users can only go in within a certain timeframe)

Components of a Physical Access Control System

A physical access control system is made up of the following components that work together seamlessly to control who can enter, and when they can enter.

1. Personal Credentials

Personal credentials act as the “key” to gain access to an area. Each credential is unique to an individual. Common credentials include:

• PIN number or password: Users will be given a Personal Identification Number (PIN) or password to be able to access the building. This is a less secure option than other typical credentials for access controls, since PINs or passwords can easily be shared with others, written down, or compromised in other ways.
• Key fobs, proximity cards, and smartcards: Although they exist in different form factors, these credentials work through the same radio-frequency identification (RFID) technology. Users have to present these physical credentials to a reader to gain access to a facility. Often, access cards are also used as ID badges that contain the cardholder’s information.
  • While these credentials contain encrypted information inside the card or fob for security, these types of credentials are susceptible to being lost or stolen, which may lead to unauthorized use.

• Mobile Access: With a mobile access credential, users can use their smartphones, tablets, and wearable electronic devices to enter facilities through Bluetooth access and near field communication (NFC), the same technology used by mobile payment applications.
  • Like any other physical credential, phones and other electronic devices can be lost or stolen.
    
• Biometrics: This type of credential uses a person’s unique markers. Biometric readers include fingerprint recognition, iris scans, and facial recognition.
  

2. Reader / Keypad

Readers and keypads are stationed at access points and are used to “read” and authenticate the credentials that are presented. Most modern readers are proximity readers that require the credential to be held within a few inches of the reader.

Keypads have numeric keys that are similar to a touch-tone telephone. Some readers require dual authentication, which often uses what someone has (a physical credential like a proximity card) with what someone knows (a PIN or a password) as an added layer of security.

3. Control Panel

While readers are used for authentication, a control panel is responsible for authorizing the access. Readers and keypads are connected to a control panel, which verifies if the credential is valid or not. It sends a signal back to the reader to unlock the access point if the credential is valid. If the credential is found to be invalid, the user will not be able to gain entry.

4. Access Control Server

The server contains the database for the access control system. It stores user data and access privileges, system activity, as well as audit logs. The server is usually a computer that has the software used to manage the access control system.

Cloud-Based Access Control

Cloud-based access control systems are on the rise and are quickly becoming the latest trend in physical access control. Unlike in traditional access control systems where all the components are hardwired together, cloud-based systems communicate with the server via the internet.

There are two main types of cloud-based access control systems:

• Network-based systems: this system is connected to the organization’s network, and the software that controls it is stored on-premise on the organization’s servers and computers

• Web-based systems: this system is managed by the manufacturer or service provider, using software that is maintained and stored off-site on the manufacturer’s servers. Security coordinators can access the software via the web. Some systems can be completely managed by the service provider and would require the provider to be contacted for any changes needed to be made, such as revoking access for a user.

While traditional systems are less likely to be hacked, cloud-based access control systems offer greater flexibility, allowing authorized users to make changes from their phone or any device that has access to the web.

Planning Your Access Control System

Here are things to consider when planning your access control system:

1. Main security concern
   Your security concerns would dictate the level of security needed for your facilities, and thus the level of complexity and the type of credentials needed for your access control system.

2. Number of entry and exit points
   The number of all exterior and interior doors that need to be secured is important in designing your system, as it will determine the number of readers and panels required.

3. Number of buildings to be secured
   If your facility has multiple buildings, measures need to be taken to streamline access and ensure that an authorized person can move between buildings with relative ease.

4. Access levels
   Do you need different access levels for different users or groups?

5. Visitor management
   Do you need a method to grant temporary access to any visitors to your facility?

6. Integration with other systems
   Access control can be integrated with other security systems such as video surveillance, active shooter systems, and even attendance systems for clocking in and out.

7. Frictionless access during the time of COVID-19
   Frictionless systems are hands-free and designed with contactless technology, reducing the risk of spreading the virus.

Good physical security starts with access control. If you’re looking for assistance in selecting the right technology for your access control system, send us an email at salessupport@abscosolutions.com. Our facility vulnerability experts can help you choose the best solution tailored to your specific needs.

You can also join our joint webinar with Identiv regarding their Freedom and Liberty Access Control product lines. You can sign up here to register for the virtual event to be held on November 9, 2021.