The Ultimate Guide to Access Control
Table of Contents
- What is access control?
- What to consider when choosing an access control system?
- Models of physical access security
- Components of an access control system
- How access control works
- Applications for access control
- How to select my access control system
What is access control?
Access control is a method of restricting access to specific areas of a building at any given time. An access control system helps you maintain, manage, and monitor who passes through an opening while providing quick and convenient access to authorized users and denying access to unauthorized ones.
The following guide will teach you the primary aspects of an access control system and give you the skills you need to select the proper one for your building.
What to consider when choosing an access control system?
This section of our ultimate guide to access control will walk you through what you need to consider when implementing a new system.
Security and ease of use are of the utmost importance when choosing your access control. In terms of security, you have to think about what type of software do you want? Do you want cloud based, server based, or web-based type software? What type of credentials do you want to use? When we are talking about ease of use, we are talking integration with other complimentary security platforms, user badging, hardware configuration, software access, and more. Just about every end user is using some form of video management system (VMS) now days so being able to seamlessly integrate your VMS is key. Most head end software platforms integrate with many different VMS platforms, confirm with the manufacturers ahead of time.
Next you need to think about which openings you specifically want to put on to your access control system. Do you want to only secure the perimeter, or do you want to secure all the interior doors as well?
Models of Physical Access Security
Discretionary Access Control (DAC) – The business owner decides which people have rights to a specific area in the building through some type of control panel. It is the latest restrictive model because business owners are not security experts and may inadvertently provide the wrong level of security access to an individual. Because it poses additional risk, this model is the least popular on the list.
Mandatory Access Control (MAC) – This model is often used in organizations that require a high amount of confidentiality. MAC utilizes a central authority to classify the access given to each employee through established guidelines. Large organizations may find MAC to be suitable for their company by having a Chief Security Officer in headquarters responsible for determining policy across many different locations. MAC enables companies to have consistent access control practices in place without compromising best practices.
Role Based Access Control (RBAC) – The majority of businesses today use this model to segment access based on job titles. The system administrator will use practices such as “least privilege” and “separation of privilege” to ensure each role only receives access to the areas they need. Role based access may incorporate rules such as when a group can enter the building. Some advanced access control vendors allow administrators to create rules for guests using a mobile device. Although RBAC might seem complex, it is relatively easy to implement and most secure.
Components of an Access Control System
- Proximity Cards – These communicate using low frequency fields. Prox typically provides no encryption.
- Smart Cards – The cards contain a smart card microchip and communicate using high frequency fields. The most common protocol for these cards is ISO/IEC 14443-A. Smart cards can provide encryption but not always.
- Magnetic Stripe Cards – A magnetic stripe stores data, which is read by a swipe card reader. These are probably the least used of all of the cards as they are usually not encrypted and are easy to clone.
- Mobile – Mobile credentials let you use your smartphone to unlock entries. In the access control software a user is assigned a mobile credential. Users make the unlock request at the door using their smartphone either by tapping a button on the app, waiving their hand in front of the reader with the phone in range, or holding their phone up to the reader. This request is sent from the phone to the reader via Bluetooth, Wi Fi, or cellular data. Once the mobile credential is authorized, the door unlocks.
- Biometrics – Biometric credentials include fingerprints, eye scans, palm veins, and facial recognition. While biometric readers seem high security they also have their downside in that they can be faulty in exterior applications due to inclement weather. Even something as small as dirty hands can effect how a biometric reader verifies access.
- PIN Code – A PIN reader uses PIN codes instead of physical credentials to grant access. Depending on the model, a PIN reader may operate as a standalone device or it may connect to an access control system where users have individual PIN codes that grant them specific access to an area. PIN codes are not considered high security as they are easily shared and easily forgotten.
Readers are installed at the opening to grant or deny access into a specific area. Readers receive inputs from credentials and then relay that back to the controller. Once the reader is triggered the hardware on the door will release granting access.
Controllers / Panels
Controllers or panels control the readers and decide if a user has access to a specific area or not. The controllers talk back to the software to determine the users access capabilities and then relay this info to the reader which then activates the door locking hardware.
Door Locking Hardware
The door locking hardware will either be an electromagnetic lock, electric strike, electrified lockset, electronic key and core, or an electrified exit device. These are usually wired to the reader which will send it the command to unlock when the proper credential is presented.
All the hardware is managed through the software. This is where you add users, manage access, configure ancillary access control components, set schedules, and generally control the access control system.
How Access Control Works
- The first step is authenticating a credential. After a user presents a credential at the reader, that credentials data is sent to the controller which determines if the credential is recognized by the software.
- Next the controller determines if the user to which this valid credential belongs is authorized for access at this opening.
- Once authenticated and authorized, the controller sends a command to the electrified hardware to unlock the door.
- Managing the access control system typically occurs in the software and would include things like adding users, assigning credentials, adding doors, setting schedules, and setting holidays.
- Administrators can audit the access control system through the software by generating reports. You can do this to see who has been granted or denied access to specific areas or to see if there may be an issue with faulty hardware.
Applications for Access Control
Access control can truly be implemented anywhere you are looking to safely secure openings and control the access to those openings. Below is a list of key verticals and some access control applications that can be deployed in them.
Security is always paramount in the education vertical. Most educational facilities secure the perimeter of the school and limit access to one or two exterior doors at least. Lockdown capabilities are always something to consider whether it’s controlled from a central button in the software or on every classroom door via a fob. You will likely want to consider an enterprise level software due to the amount of credentials that will be issued in the education setting. Wireless locks are a common place in schools as they are the easiest access control to implement in an existing school where hard-wired systems are not feasible. Do you want to control the athletic complexes and fields with turnstile options?
Hospitals generally require many different levels of security depending on the department. You are going to want to find an enterprise level access control system that potentially could operate several buildings. Wireless locks are also a common place in hospitals as they are easier to configure into an existing building as opposed to hardwiring readers back to panels.
Depending on the size of your office you may only have a few exterior doors to secure or you may want to secure every individual office. For smaller offices there are web and cloud based single door access controller (SDAC) options that will run a few doors at a very cost effective price. If you are implementing access control on a larger office building that will require issuing credentials for large corporate team you will want to find an enterprise level software. If you have multiple office locations, you can also segment sites in most software systems so that you are running one access control software that can manage many different offices. Using mobile credentials in the office building setting is becoming a common practice due to ease of issuing and revoking credentials.
In the multi family vertical you will first and foremost want to make sure your head end software integrates with your unit entry locksets. Some access control software platforms integrate well with the unit entry locks and make it easy to control the unit hardware and common area all in one system. This is another vertical where mobile credentials are becoming more popular due to ease of issuing and revoking credentials.
Typically, there are not many access control openings on a retail establishment however, when you combine several retail locations in one software it is key to find a software that lets you segment out each site. If you are wanting to implement access control on a single retail site, there are many cost-effective systems that are built to run a limited amount of doors but have all the amenities you would need in a retail setting. Check out some of the single door access controller options (SDAC). Like many categories before being able to seamlessly integrate VMS could be a deal breaker. When we are talking retail we aren’t just talking big box stores, we are also talking art galleries, marijuana dispensaries, gun shops, mom and pop shops etc. All of the aforementioned need some form of access control.
Like multifamily, you will want to make sure that your head end software system will integrate with the unit entry locks. Sometimes lockdown is also important in a senior living facility depending on whether the facility has a dementia wing or not. There are also several manufacturers of tracking devices that can be used to monitor whether a tenant leaves the building unauthorized or not. These are very similar to the same devices found in maternity wings of a hospital that make sure the babies stay in the maternity wing.
Data centers typically start by securing the perimeter with high security encrypted credentials. Some head end access control systems allow you to integrate data rack locks into the software so that you can see who locks and unlocks the data racks even. The wide-open spaces that data centers have make them ideal environments for wireless locks as well. Wireless locks typically have a relatively long range of site when not obstructed. If you are tying several data centers in to one system you will want to make sure your enterprise level software allows for managing multiple sites.
The government vertical is typically the most secure of all the verticals. You still see a lot of mag stripe cards in government as they have had these access control systems for many years and have yet to replace their credentials. Some government facilities like military bases even tie their mag stripe cards into their meal cards. Most government facilities already have an enterprise level access control system implemented so an easy way to tie into those is through wireless locks. In the dorm settings you see on military bases wireless or hard-wired unit entry locks must be able to tie in to the existing head end software.
Like multifamily and senior living in the hospitality sector having the unit entry locks, head end software, and common area access control all integrate is key. There are a couple of unit entry lock manufacturers with robust software that will also run the common area access-controlled openings. One of the biggest trends for credentials in hospitality has been mobile. This is probably the vertical that has adopted the mobile credentials the quickest. If you have outdoor pool areas, you will want to make sure you are using the proper electrified locking hardware to work in all weather conditions.
How to Select Your Access Control System
Try this checklist to get you started.
- Why do you want access control? What are you trying to secure or limit access to?
- How many users will there be?
- What is the compatibility with third party hardware?
- What type of Factory/Integrator support is available and what is the charge for that?
- Are their yearly or per door fees associated?
- Can you integrate any existing hardware?
- What type of credential security do you want?
- Is the system easy to configure and manage?
- Affordability? How much do you want to spend?
- What type of credentials do you want to use? Card, fob, mobile, etc.
- Is your building new construction or is this a retrofit application on an existing building?
- If it is retrofit to an existing building how old is the build? Can you run wire or does going for a wireless solution make more sense?
- What type of audit capabilities do you need from your system?