Many businesses have complex facilities for their activities, and often they can be in multiple locations, or even across the globe. Each facility has a mix of employees and visitors that enter and egress the facility on a daily basis, and at larger facilities this can easily number in the thousands each day. Access control needs often extend further out than just the physical building of the facility. A common example of this is the parking lot, which often is designated separately for visitors and employees. Furthermore, as business occurs continuously, it is quite common for these facilities to need to be open on a 24/7 basis.
- We've put together a list of the best security camera systems (opens in new tab) for your business
- These are the best secure routers (opens in new tab) on the market
- Also check out our roundup of the best security keys (opens in new tab)
Keeping in mind the above, this quickly creates a bit of a security challenge, or even a nightmare. It is not like upgrading the locks to a more hardened version with a better key, or just making sure that the front door gets locked at night is a reasonable solution at any of these types of locations. The security concerns also exceed what can be protected with a traditional alarm system, that will alarm and can call the police should an egress occur. Even a standalone video camera system, while potentially useful, will not secure much as it will only create a record of the breach, and the odds of knowing that a breach is occurring may not be particularly high without some luck involved.
Rather, these complicated facilities, which range from sport stadiums and airports at the upper end, to a small office or retail establishment at the lower end, take a more comprehensive approach to their security. Instead of having standalone locks for doors, and a video surveillance system, and a third separate system for an alarm, integrate all of this into a single system. Under the umbrella term of access control system (opens in new tab), these disparate functions get synthesized and interwoven into a single system.
Implementation and security
Implementation of an access control system needs to be done via a process. The initial step is to take an accurate assessment of the needs of the facility. Start with counting the number of entry points to be protected, and be sure to include both external and internal doors and entry points. Also figure out the number of users that should encompass both the employees, and also the visitors. Knowing both the number of doorways to protect, and the number of users will allow the system to be sized appropriately. Also be sure to allow for some growth as there is no point in installing a system that the facility outgrows in a short time period.
Once the size of the system is sized, another consideration is the security level of the system. In some cases, a higher level of security makes sense, such as a defense facility, or financial institution. However, this increases the cost, and complexity of the system. Therefore, not every place ends up needing, or can justify such a high level of security. In those cases, a simpler, lower level of security from the access control system can be the way to go, and keep the project on budget.
When a higher level of security is needed, plan on there being some biometric (opens in new tab) component. Along with the access card, having a second biometric method to accurately identify the individual is known as multi-factor authentication. If there is a limited area that requires more protection, then biometric technology can safeguard that specific area. A common example of this is a bank vault area at a financial institution. In other cases, the entire facility may need that level of security, such as with a research lab. Also, keep in mind that generally only a small subset of employees will need access to these higher security, more restricted areas.
Examples of biometric security devices include fingerprint, facial recognition, retina, iris and hand vein scanning. In some cases there can also serve as a requirement for ‘Proof of Life’ as an assurance that the user is alive (to prevent what you see in a movie plot when a finger is removed to get past a biometric scanner).
While each type of biometric has its advantages and disadvantages, the fingerprint scanner is the simplest to implement, and also the most cost effective. However, from a security standpoint, the eyes have it, and an iris scanner is considered the most secure as the iris is considered even more unique than a fingerprint to identify an individual. Examples of iris scanning deployment include protection for Google’s data centers, the United Arab Emirates IrisGuard's Homeland Security Border Control, and at the Amsterdam Airport Schiphol, Netherlands for passport-free border security.
Other things to consider
Once the needs are accurately assessed, choosing a system gets a lot easier. Also plan for the installation of the system, along with a service plan as access control systems are complex, and need ongoing service when determining the Total Cost of Ownership, that goes beyond just the initial hardware costs.
Once the system is in place, another step is to issue security credentials to the employees. This often starts with access cards, which often are combined with an employee ID Card. This can range from a generic access card at a smaller organization, such as a retail establishment that the card is used by the employee for the day. In more complex facilities, this involves assignment of security credentials to employees with different tiers, with higher security credentials for various employees, or time limited credentials.
Ideally, the access control system should interface with the Human Resources (opens in new tab) department. In some cases, this can be accomplished via software, so that as employees are added or separated, their access cards can be updated. This facilitates the employee database to easily be kept current, rather than having two databases.
A final consideration is the architecture of the server. For firms that have a robust IT department, it may make sense to keep the server local, with in house support. For smaller firms with less support, then it is preferable to go with a cloud server (opens in new tab) option.
- We've also highlighted the best access control systems (opens in new tab)