KeShia Thomas, Brand and Solutions Manager at Allegion, highlights key questions organizations should be asking to help ensure they are heading down a road of interoperability and access control freedom.

Thinking of interoperability

The security industry has spoken and there is a drive to evolve access control that is focused on open platforms and interoperability.

As technology continues to progress, organizations often find themselves managing a diverse array of access control solutions, creating a need for traditional access methods to be evaluated.

As a result – say hello to freedom, control and possibility with credential interoperability.

In the rear-view mirror – say goodbye to being locked into fragmented systems reliant on proprietary technologies that can hinder effective collaboration.

Achieving interoperability – seamless integration between different systems – is crucial for implementing effective security systems.

One critical aspect of interoperability is ensuring compatibility with credentials.

By now, the benefits of an open access control system might be crystal clear, but what about the path to getting there?

Here are some key questions that organizations should ask themselves to help ensure a seamless transition to access control interoperability.

Unlocking the road to access control freedom

Is the platform open?

Open platforms are a must for modern businesses and facilities managing a wide variety of security solutions.

With easy integrations and seamless access in mind, open platforms allow credentials, readers, locks and software to work with each other, regardless of brand or manufacturer being used.

Proprietary solutions limit interoperability and confine users to the manufacturer’s hardware or ecosystem.

Forward-thinking organizations are avoiding getting locked into these proprietary traps and instead looking to open solutions that allow for more freedom to customize vendors, solutions, investments and scalability.

Are the credentials secure?

Security is of paramount concern when it comes to access control.

Contrary to the belief that “open” systems might compromise security, interoperability can enhance it.

This is because the storage and communication of data and secure information remain protected using similar robust encryption methods to a closed solution.

When credentials and hardware use custom encryption keys, the levels of security go up even further.

Look for smart or high-frequency credentials such as MIFARE DESFire EV3.

These credentials are offered by several manufacturers under various product brands and utilize “authentication and encryption,” creating more secure transactions between the credential and the card reader or lock.

This helps to mitigate the cloning risk associated with older card technology like magstripe, proximity and early-generation MIFARE.

By establishing a universal standard for credential exchange, security protocols can be uniformly applied, reducing vulnerabilities associated with disparate systems.

Can credentials go beyond access control?

Interoperability simplifies the user experience by eliminating the need for multiple credentials for different systems.

This allows users to worry less about which credential to use and enjoy a seamless transition between physical and digital spaces without the hassle of managing numerous access cards, PINs or passwords.

One single credential can go far beyond access control when they are built on interoperable, open technology.

Office staff may want to use the same credential for parking, printing, cafeteria or vending machines and accessing high-security areas.

A college campus may want to use the same credential for public transit, libraries, fitness centers, meal planning and other types of financial transactions.

Can credentials be customized, owned and shared?

To successfully go beyond access control, extending credential utility to other application providers or hardware providers is necessary.

Custom encryption keys enable credential interoperability.

Unlike proprietary solutions, custom encryption keys assign ownership where it belongs: with the end user.

The encryption key possession rights and key sharing are determined by the end user – not the manufacturer.

This provides the customer with a greater level of control, security and flexibility.

Proprietary business and technology relationships typically limit end user options in terms of what card reader, lock and other hardware a credential will work with and should be avoided.

Look to interoperable options that open new levels of options, control and confidence.

Are the credentials user-friendly?

Typically, stakeholders look at a credential from a security perspective and choose one based on the security details.

However, a user’s perspective can be much different as most people want a convenient, easy way to enjoy seamless access throughout their office, school or any type of facility with a physical access control system in place.

Growing in popularity due to the combined convenience and ease of use, mobile credentials allow users to be granted access with their smartphones.

Users find value in having their credentials protected and stored on their mobile devices rather than needing to remember their keys or ID badges.

Administrators find value in easily managing user permissions remotely and utilizing contactless distribution.

Additionally, mobile credentials are more secure, thanks to improved security technology like multi-factor authentication.

Is there freedom to choose vendors?

A successful access control solution likely relies on a range of products and vendors.

Interoperable solutions put the end user at the center of the decision-making process.

They provide freedom to choose best-in-class solutions that meet the unique needs of different markets and applications, no matter the brand.

Interoperability means greater choices of technology, hardware and manufacturers.

It means a more convenient path to adopting new technology as it becomes available.

Organizations should try to avoid proprietary technology that tends to limit choices to only a select few vendors controlled by the manufacturers.

The lack of vendor choice could also warrant a heftier price tag and vulnerability to supply chain issues.

Is it easy to walk away?

When the business or technology relationship no longer serves the end user’s needs, requesting and gaining access to the key will often be denied.

When the investment and scale is sizable for the organization, disengaging from a proprietary relationship can be disruptive and expensive.

Custom keys alleviate this challenge by empowering the end user with ownership of the key.

This enables end users to evaluate, align with other manufacturers, share their keys and enable configuration to alternative credentials and hardware. 

Does the access control system play well with others?

Organizations often have invested in existing access control infrastructure.

It’s essential to evaluate whether a new system can integrate seamlessly with the current credential infrastructure.

Compatibility with legacy systems minimizes disruptions, reduces costs and enables a phased migration approach, ensuring a smooth transition without compromising security.

Is the system forward thinking?

As businesses evolve, so do their access control needs. It’s crucial to inquire about the scalability of an interoperable system.

Organizations should choose a solution that can easily accommodate growth and additional access points without causing disruptions.

Interoperability empowers customers with the freedom of choice to grow and protect existing investments in the future.

What standards does the system adhere to?

Standards are fundamental to interoperability. In the realm of access control, key standards include:

• Physical Security Interoperability Alliance (PSIA): PSIA develops specifications for interoperability between physical security devices and systems
• Security Industry Association (SIA): SIA provides standards for various security technologies, including access control
• Connectivity Standards Alliance (CSA): to make the internet of things (IoT) more accessible, secure and usable, the CSA creates and promotes universal, open standards that enable products to securely connect and interact
• Aliro: a new effort by the CSA to make mobile devices and wearables central to a digital access future

It’s important to make certain the chosen access control system adheres to industry standards to ensure compatibility with other compliant solutions.

Conclusion

The road to access control freedom is paved with the potential of interoperability with credentials.

As organizations consider making the transition to interoperable access control systems, asking the right questions up front is crucial.

By addressing key concerns related to openness, security, scalability and standards, businesses can embark on a journey that not only simplifies access but also fortifies the foundations of security in our increasingly interconnected world.

This article was originally published in the Special February Influencers Edition of Security Journal Americas. To read your FREE digital edition, click here.