Two recent reports from Gartner Inc. have the security industry buzzing as they predict a rapid migration to cloud-based physical access control systems (PACS) and mobile credentials.
The Predicts 2017 report suggests that by 2020, 20% of organizations will use mobile credentials for physical access in place of traditional ID cards. A second report, Technology Insight for physical access control, predicts that within a similar timeline, 20% of large organizations will use cloud-based PACS head ends to simplify deployment.
Most organizations use legacy physical access technologies that are proprietary, closed systems and have limited ability to integrate with IT infrastructure, says David Anthony Mahdi, research director at Gartner and co-author of the reports. “Today, the increasing availability of mobile and cloud technologies from many physical access control system vendors will have major impacts on how these systems can be implemented and managed.”
It’s a dichotomy. On one side we are doing all these amazing things with our phones but then we are still using 20-plus year old technology to get into our buildings.
“There is an increasing desire to move to more user friendly methods, which align well to mobile and as a result, we are hearing that these new approaches to physical access are wanted,” Mahdi told SecureIDNews.
“Mobile has already disrupted so much in both our personal lives and the enterprise, but we are still tapping an old school badge on a door access reader,” he says. “It’s a dichotomy. On one side we are doing all these amazing things with our phones but then we are still using 20-plus year old technology to get into our buildings.”
Many companies still perceive that they are safer with a card, he notes, but if done correctly the mobile can be a far more secure option with many more features to be leveraged. Handsets deliver biometric capture and comparison as well as an array of communication capabilities from cellular and Wi-Fi to Bluetooth LE and NFC.
Mahdi draws comparisons to the digital identity realm.
User authentication on the logical security side is embracing adaptive authentication, which he says is turning authentication into a risk analysis process. “Feed in all the info and adapt to the situation. If it’s a commonly used and low risk scenario (i.e. a common door for all employees), the user might not have to do anything other than walk in, but if it is a server door at midnight the system could increase the access requirements,” he explains.
Mobile technology is already common in logical access control where phone-as-a-token authentication methods are the preferred choice in new deployments as an alternative to traditional one-time password hardware tokens. Gartner projects that the same kinds of cost and user experience benefits will drive increasing use of smartphones in physical access.
So back to the quote that has the industry buzzing …
“By 2020, 20% of organizations will use smart phones in place of discreet physical access cards up from less than 5% today,” says Mahdi.
He adds that while there is a lot of interest in leveraging mobile devices across the enterprise, we still face significant barriers as an industry.
By 2020, 20% of organizations will use smart phones in place of discreet physical access cards up from less than 5% today
One of the reports highlights barriers to mobile credentials. NFC, as an example, is hampered or enabled differently by various vendors and handsets. There’s also a significant disparity in functionality between smartphones. But as these barriers are removed, it changes that landscape and expedites adoption.
He predicts that cloud and big data back ends will be crucial to realizing the potential of these next-gen PACS. Combining adaptive authentication, video, and user behavior analytics, requires massive processing power, and he says that will happen in the cloud.
“You will go through the motion of tapping your phone, but the risk engine will have already determined if it is you. That will be in the cloud via big data back ends,” he says.
Replacing traditional physical access cards with smartphones can enables both cost reductions and end user benefits. So too can the deployment of cloud-based physical access control systems. “We recommend that security and risk managers work closely with physical security teams to evaluate the user experience and total cost of ownership benefits,” concludes Mahdi.