Gartner says a fifth of all organisations will use smartphones in place of traditional physical access by 2020
"A significant fraction of organisations use legacy
physical access technologies that are proprietary, closed systems and
have limited ability to integrate with IT infrastructure," said David
Anthony Mahdi, research director at Gartner. "Today, the increasing
availability of mobile and cloud technologies from many physical access
control system (PACS) vendors will have major impacts on how these
systems can be implemented and managed."
PACS technology is widely deployed across multiple
vertical industries and geographies to secure access to a wide range of
facilities (buildings, individual offices, data centres, plant rooms,
warehouses and so on), ensuring that only entitled people (employees,
contractors, visitors, maintenance staff) get access to specific
locations.
Mobile technology is already widely used for
logical access control. Phone-as-a-token authentication methods continue
to be the preferred choice in the majority of new and refreshed token
deployments as an alternative to traditional one-time password (OTP)
hardware tokens. Gartner projects that the same kinds of cost and user
experience (UX) benefits will drive increasing use of smartphones in
place of discrete physical access cards. Smartphones using technologies
and protocols such as Bluetooth, Bluetooth LE, and Near Field
Communication can work with a number of readers and PACS technology.
One of the easiest ways to use a smartphone's
access credentials is to integrate them — via a data channel over the
air or via Wi-Fi — into the access control system (ACS) and "unlock the
door" remotely (just as an ACS administrator can). This approach
requires no change to reader hardware.
Using smartphones can also simplify the integration
of biometric technologies. "Rather than having to add biometric capture
devices in or alongside readers, the phone itself can easily be used as
a capture device for face or voice (or both), with comparison and
matching done locally on the phone or centrally," said Mahdi. "This
approach also mitigates the risks from an attacker who gains possession
of a person's phone."
The technology's limitations remain a challenge.
For example, there's significant disparity in functionality between
smartphones, and some security and risk management leaders should be
aware that their physical card readers and PACS might require a
significant upgrade to use smartphones for physical access.
"Nevertheless, replacing traditional physical access cards with
smartphones enables widely sought-after cost reductions and UX
benefits," said Mahdi. "We recommend that security and risk managers
work closely with physical security teams to carefully evaluate the UX
and total cost of ownership benefits of using access credentials on
smartphones to replace existing physical cards."
0 comments:
Post a Comment