Integrating access control in the age of IoT
As the complexity and power of access control devices increase to a level seen on IP cameras, their security becomes more important. According to Mike Sussman, Technical Director at TDSi, modern access control solutions are moving from simple embedded real-time operating systems to systems such as Linux, which have their own security risks as well. Couple this with open standards and IP access than the risk of attack increases significantly.
“In this instance, the access control device is part of the IoT and security should be designed in from day one,” Sussman said. “All too often this is added as a last resort and when this occurs it is very difficult to fully secure the device. Businesses should check whether the device has undergone any level of penetration testing and provide secure communication such as SSL.”
“The integration of physical and logical access control is a perfect example of the IoT in real-world practice,” Rob Martens, Futurist at Allegion said. “The process of bringing smart, connected devices together to deliver a better, more holistic experience for the end user, and a more cost effective and productive platform for owners to manage is a core aspirational vision for the domain. You are only as secure as your weakest link, so it is important to understand and test areas of potential vulnerability with regularity when it comes to any connected network or ecosystem of devices.”
According to Julian Lovelock, VP of Strategic Innovation at HID Global, as one example of this trend, smartphones carrying trusted IDs for multiple physical and logical access control applications are enabling a growing range of other secure, on-the-go smart building management capabilities that connect the world of people with the world of things.
“Consider the new class of security solutions that add trust to NFC tags, which are then affixed to mechanical keys and also positioned at locations throughout a facility so that, as an example, key check-out can be automated and guards on patrol can log their presence at a security checkpoint using cloud-based authentication,” Lovelock said. “Another ideal application for trusted NFC tags in the smart building is for implementing Computerized Maintenance Management Systems (CMMS) that protect company assets while extending the life and performance of capital equipment. With a solution based on a combination of trusted tags and cloud authentication, CMMS users can easily monitor and track service events locally, regionally or globally, and securely authorize service technicians or inspectors through strong authentication credentials. Field inspection teams can tap their phones to a tag on a piece of equipment to verify their identity and that of the equipment, they can acquire the equipment service history and repair manual, they can open a service ticket, and they can confirm the time, duration and status of the service call upon completion.”