Bryan Jones, Chief Technology Officer, RightCrowd explores the advancements in access control and the workplace.

The past three years have been a time of accelerated evolution for the security industry. An increased focus on health and safety, along with monumental shifts in the workforce, have transformed workplaces into dynamic environments all their own. With its ability to manage time and attendance, maintain safety protocols and keep the right people in the right places at the right times, access control has become a core necessity for modern workplaces.

Setting the stage

For years HR and security teams have battled to tackle the management and access of the people under their care. But workplaces are inherently places of change, complicating workforce management and access. COVID-19 has only accelerated this change. Staff turnovers, travelling sales teams, contractors, department transfers, temporary workers and visitors not only extend an organization’s duty of care but also introduce new risks at record pace. Physical access control systems (PACS) were employed to manage the access of these movers, leavers and joiners and for a while, that seemed to be good enough.

Behind the scenes, however, these PACS operated in isolation, disconnected from both people and processes. Security teams were required to manually update identity records and maintain permission changes within the access control system. Security teams often struggled to keep up with the sheer number and frequency of staff changes, resulting in a backlog of requested permission changes. Manual tasks also introduced the opportunity for human error.

Once backlogs and errors overwhelmed a system, it was difficult to determine with certainty what access permissions were outstanding, expired and simply incorrect. As a result, inaccurate access data became compounded within the access control system, unknowingly creating insider threats that were not always visible to the naked eye. 

These issues were only exacerbated by the worldwide impact of COVID-19. A global pandemic shifted the way people worked, including how, when and where they would do so. The ongoing return to work rightly placed a large emphasis on the health and safety of individuals. It simultaneously created a hybrid workforce that saw some employees working in the office some days but not others, on a set schedule or as they please. Others rejected the return to work completely, some opting to work from home and others creating what has come to be known as “The Great Resignation”.

In the midst of all these changes, traditional PACS and their administrators came face to face with the pitfalls of their current access procedures. HR, facility and security managers were forced to reconsider how they would keep their people safe and how they would deliver secure and compliant physical access when their business needs changed every day.

A new hybrid work model, combined with the demand for a safe, healthful workplace, also uncovered a host of previously hidden safety, security and compliance risks from workers with existing physical access. It was no longer enough just to administer someone a physical credential so they could badge in and badge out. PACS had to evolve beyond their basic functions into a multi-faceted solution that could meet the needs of yesterday, today and tomorrow.

Access control’s time to shine

The good news was that many existing PACS were already well equipped to meet these new challenges with a little upgrading and the addition of back-end applications. For example, touchless access methods were quickly adopted by organizations as a way to reduce surfaces as a vector for virus transmission. Many active PACS were simply outfitted with new biometric modules or mobile credential readers that allowed for quick, frictionless access. While these solutions were not new, their demand has only increased post-pandemic.     

New breakthroughs in security wearables also allowed organizations to enforce social distancing protocols, maintain strict occupancy limits and enable real-time contact tracing. Such a solution utilizes digital badge holders that turn existing building access cards into a digital security wearable. When the wearable detects a colleague within approximately six feet of another colleague, it prompts the users with an alert to establish a safe distance.

In the event a team member or visitor is identified as infected with COVID-19, the system quickly delivers first, second and third degree exposure reporting. Today, the data gathered by such wearables can be fed into occupancy or building management systems for uses beyond health and safety, i.e., business intelligence.

In additional to new physical solutions, organizations also started to take a look at the latest solutions to improve their PACS on the back end. One of the largest issues plaguing PACS and further aggravated by the pandemic, was the inconsistent management of identities and roles within the system. This goes back to the introduction of a hybrid workforce and PACS’ inherent inability to automate and control access permissions at scale.

Many people have never met their colleagues in person and this creates an issue for safety and security as we start to return to the office. Such a problem persists today, as independent research shows that almost 99% of access control systems contain out-of-date data. The good news is organizations can implement smart software solutions to ensure every employee, contractor and visitor has exactly the right physical access 100% of the time.

Behind the scenes solutions

Advanced software developments address a traditional PACS’s need for back-end solutions that make administering access control even easier. By automating access control processes for employees and contractors across their lifecycle, organizations are empowered to get in control of physical access, safety and compliance. The best part? There is no need for organizations to undergo a rip and replace of their current system. Leading workforce access management software seamlessly integrates with many physical access control and enterprise systems.

As new employees are on-boarded, change roles, move to other locations, or leave the organization, identities require various levels of physical access for a specific period of time. Innovative software modules automatically handle these movers, leavers and joiners to streamline the process of requesting and replacing credentials. This includes provisions for self-requested access and related approval workflows as well as visitor and contractor management. The software automatically ensures that the PACS stays in-sync with real-time workplace changes. Thus, a task once reliant on error-prone manual processes is now accurate and automated.  

Many of these software solutions also include modules for the continuous monitoring and enforcement of security, safety and health policies. In this way, security teams can mitigate risk by automating the identification of policy compliance across a facility. For example, many industries necessitate a number of external requirements that must be met before physical access is granted, including health screenings, NDAs, safety certifications, drug and alcohol tests and more. An innovative software platform can guarantee that access will be denied if those requirements are not met via integration with existing PACS. Such a solution both mitigates health safety risks while reducing administrative burdens.

Getting the most out of access control

Access control systems are effective, longstanding solutions for physical security – but it is critical to make sure PACS are supported with the right technology to enable the appropriate level of safety. Back-end developments have unlocked a trove of automated tools for the betterment of an organization’s administration, staff and visitors. Automation itself increases efficiencies and reduces human error found across a business. Labor resources that were once relegated to tasks such as conducting health checks or approving offsite access can now be redirected to more mission-critical tasks. Over time, this leads to lower operating costs and greater consistency.

Similarly, access control support software provides tangible ROI in the form of added business intelligence and risk reduction. There is inherent value in knowing who entered a facility when and at what time, but this information can also be fed into building management and planning systems to determine better workflows or layouts.

The large-scale availability of access data also helps organizations comply with strict regulatory standards, such as HIPAA or FISMAS. Previously, mandatory user access reviews were conducted manually, with any errors subject to costly fines. Now, user access reviews can be conducted automatically within seconds using advanced software solutions.

And while the most difficult days of the COVID-19 pandemic may be in the past, the threat of an ever-changing workforce is not. As the velocity of personnel changes in today’s workplace increases, the complexity of health-safety risks only stands to increase as well. Returning to the office and the complexities of hybrid work across multiple offices means this is an ongoing issue.

To reduce risk, you first need to identify it and then have a plan in place to quantify it and monitor it. That is why now is the time to see physical access control solutions as more than simply readers and credentials. By unlocking even deeper levels of access control capabilities via intelligent back-end solutions, organizations benefit from a smarter, more secure system.  

For more information, visit: www.rightcrowd.com

This article was originally published in the October edition of Security Journal Americas. To read your FREE digital edition, click here.

Return to Security Journal Americas NEWS INDEX