3 important considerations when evaluating an access control system?

Are you looking to upgrade an existing or install a new access control system? In this blog we have a look at 3 aspects of access control that can maximise your return on investment and ensure you have an effective system for years to come.

access

 

Access control can be tricky, which is why with a little bit of planning and consideration, you can maximise the effectiveness of your new system right out of the box. Today we are going to look at 3 considerations that can have a vast impact on the quality of your new system. We'll tell you what they are and give you some important advice on how to ensure you get it right, let's get into it!!

In this post we'll be looking at:

  1. High and low level security
  2. Types of credentials
  3. The database

High level and low level security

If we go back a few years, many readers may remember the concept of the registered key. A registered key was essentially a standard physical key; but it was registered to a property or property owner. This meant that to duplicate the key, a key cutter would need authority to do so. This usually involved a letter of authority or some type of valid document that authorised a copy of the key. This was then added to the "register" for existing keys. This practice is what we refer to as "high level security". "Low level security" is essentially the type of key you might see on the average residential building (house, unit, storage units etc). These are standard issued keys that generally come pre-cut from the manufacturer when you buy a padlock, front door lock and/or internal door handles. Not only can anyone take these to a key cutter and get a copy made with little to no regulation, often the manufacturer uses standard key templates. This means that if you took your front door key and tried for long enough, you would eventually find a door that your key works with. So with that said, it is pretty clear which one is preferable from a security standpoint; but what about access control systems where there is no physical key?

Access control systems replace the typical key with what we call a "credential". This may be in the form of a remote, card, tag for keyring or, more recently, a bluetooth/NFC "mobile credential" (more about these credential types later). Each of these credentials works in a similar way to a key in the sense that you carry it to use to unlock a door. Where they differ is in the technology. A credential is an electronic key that transmits a bit of information via a reader to the security system that tells it whether the holder has access to the door. This data comes in a few formats, with the most widely used format called "Wiegand". The problem is that there are only finite combinations of data to identify the user. This means that the same problem applies (albeit to a much less degree) regarding the ability to find a door that will open given enough time. So how do we solve this issue?

We solve it in the same way we solved the physical key issue.....we register the keys. Via a process referred to as "encryption", another layer of data with sometimes billions of possible combinations is encoded on the credential and also in the reader. This means that the user's details must match to open the door; but the reader will actually ignore the credential if the encrypted data on top does not also match. As an extra layer of protection, the encryption is registered to your security provider and their supplier to ensure that no-one other than your authorised supplier can create, duplicate or add credentials without your express authority. This also means that a good provider will manage the credentials on your behalf, reducing your need to administrate users and simplifying the ordering process.

As you can see from a security perspective, high level security will deliver much better levels of control and will greatly minimise the risk of misuse.

Types of credentials

A very important consideration is what type of credential you want to use. Below is a table which shows the main types of credentials and some of the pros and cons.

credential types

As you can see from the above table, there are quite a few to choose from, all offering different features to suit different applications. Key here is to involve your security provider deeply in the decision making process to ensure that they are advising on the credential that suits your needs.

The database

Possibly the most important aspect of any access control system and, in fact, any security system be it CCTV, Alarms, Access or intercoms. See out 4 part series for more information on what to look for when it comes to data management HERE.

Your access control system will require a database to perform it's functions. This database needs to be accurate and will require significant work to setup and maintain. Many system owners will manage this database them selves; but this is not recommended as managing the data requires a deep understanding of how the security system operates. In the case of an access control database, the main considerations are:

Doors - What are they called? Where are they located? What devices are present on the door (typically locks, readers, open/closed detectors, exit buttons, emergency release buttons etc)

Users - What users have access to what doors? When do they have access?

Devices - What doors are they connected to? Do they function as an alarm device as well?

So what is the best way to manage the database? It all depends on how much management you want to perform. A modern, technology connected provider will offer a database management service or plan which should cover initial install (data collection and entry) as well as ongoing maintenance. It is absolutely vital that the initial install include a full database setup covering all users, their personal contact information, department (or unit if a residential/strata building) as well as a host of other data. This data then needs to be managed on an ongoing basis to keep it up to date and accurate. If you lose track of who has what credential and what doors that credential has access to for instance, you can quickly find yourself in an administration nightmare. When people leave, you need to be able to track their access and credentials to ensure they are removed, or redeployed (depending on the credential type).

Some modern providers offer cloud based services and data management portals that allow you to access your data via a secure internet connection. An even higher end service is a full management function in which your provider can perform real time changes and updates that will be reflected on your system immediately. This is a service that is well worth looking into and can save you significant amounts of time, energy and confusion. It can also save significant amounts of money in liability if something happens onsite as well as reduce callout and labour fees as your provider can remotely make changes on your behalf. Lastly, this type of service allows credentials to be issued and deployed rapidly (often same day for new credentials, or even sooner with pre-purchased credentials).

So there you have it, the main 3 considerations to take into account when looking at a new access control system.
For further information on how to select the best provider for your install, see our top tips HERE.

All the best!!

Kind Regards,

Adam Walsh
General Manager

Brave Security
9 Hall Street, Port Melbourne VIC 3207
13.000.THEFT (1300-084-338)
0423 456 472
www.bravesecurity.com.au