Two recent reports from Gartner Inc. have the security industry buzzing as they predict a rapid migration to cloud-based physical access control systems (PACS) and mobile credentials.
The Predicts 2017 report suggests that by 2020, 20% of organizations will use mobile credentials for physical access in place of traditional ID cards. A second report, Technology Insight for physical access control, predicts that within a similar timeline, 20% of large organizations will use cloud-based PACS head ends to simplify deployment.
Most organizations use legacy physical access technologies that are proprietary, closed systems and have limited ability to integrate with IT infrastructure, says David Anthony Mahdi, research director at Gartner and co-author of the reports. “Today, the increasing availability of mobile and cloud technologies from many physical access control system vendors will have major impacts on how these systems can be implemented and managed.”
It’s a dichotomy. On one side we are doing all these amazing things with our phones but then we are still using 20-plus year old technology to get into our buildings.
“There is an increasing desire to move to more user friendly methods, which align well to mobile and as a result, we are hearing that these new approaches to physical access are wanted,” Mahdi told SecureIDNews.
“Mobile has already disrupted so much in both our personal lives and the enterprise, but we are still tapping an old school badge on a door access reader,” he says. “It’s a dichotomy. On one side we are doing all these amazing things with our phones but then we are still using 20-plus year old technology to get into our buildings.”
Many companies still perceive that they are safer with a card, he notes, but if done correctly the mobile can be a far more secure option with many more features to be leveraged. Handsets deliver biometric capture and comparison as well as an array of communication capabilities from cellular and Wi-Fi to Bluetooth LE and NFC.
Mahdi draws comparisons to the digital identity realm.
User authentication on the logical security side is embracing adaptive authentication, which he says is turning authentication into a risk analysis process. “Feed in all the info and adapt to the situation. If it’s a commonly used and low risk scenario (i.e. a common door for all employees), the user might not have to do anything other than walk in, but if it is a server door at midnight the system could increase the access requirements,” he explains.
Mobile technology is already common in logical access control where phone-as-a-token authentication methods are the preferred choice in new deployments as an alternative to traditional one-time password hardware tokens. Gartner projects that the same kinds of cost and user experience benefits will drive increasing use of smartphones in physical access.
So back to the quote that has the industry buzzing …