“Open” is not a term generally used to describe improvements in security but in this age of highly connected buildings, access control stands increasingly alone with it’s siloed and proprietary technology. Open access control is not particularly new, it has been over six years since Axis introduced its open Network Door Controllers, but they and others are still struggling to make a significant impact on the market. However, driven by increased awareness of open technology, end-user demand for such systems is growing and it is only a matter of time before open access control finds its place within the connected building ecosystem.
All access control systems are made up of various components, which may be made by a range of different suppliers. An open access control system is where components from a number of different suppliers can be integrated to work seamlessly together. However, most access control systems being sold today are proprietary, where all components must be made by the same manufacturer, thereby limiting the choice and flexibility available to buildings. This current status quo is not only restricting the development of buildings, it’s holding back the industry.
“Open systems are good for end customers because they increase choice and are future proof. Long term, open systems are also good for the entire industry as they allow specialization, which drives innovation,” explains Carlo Pompili, CEO of cloud-based access control solution provider Telcred AB. “Compared with IT or telecom, the physical security industry has a long way to go when it comes to openness and standardization, and the question whether a specific access control product is open or not cannot always be answered with a simple yes or no. Instead, it is necessary to evaluate the degree of openness.”
For most access control deployments, the problem starts with credentials. Currently, there is no completely open standard for credential identities, meaning that buildings keen on open access control are limited to credential technologies that are supported by readers from a wide range of manufacturers and available from many resellers, such as NXP’s Mifare DESfire. Once this first limitation between credentials and readers is accepted things start to get more open. Readers must then communicate with controllers, and while some readers remain proprietary in this aspect too, many do support either traditional Wiegand or the more modern and secure OSDP (Open Supervised Device Protocol).
Other more modern open protocols are also emerging but into a proprietary physical security environment that does not support their progressive approach. Most geographical markets are dominated by a few local vendors that have no incentive to open up their systems and risk their market share, thereby sustaining the highly fragmented physical security landscape. In order to move towards open access control systems, more providers of controllers/panels must open them up to external providers of administrative software via open Application Programming Interfaces (APIs).
ONVIF, an open industry forum for standardized interfaces and interoperability of IP-based physical security products, is another example of where access control is heading. Through its profiles A, C, and D, ONVIF provides the framework for developers to use when producing open access control software and other security products. However, until vendors open up their systems, ONVIF and others will have to bide their time and continue to try and drive the open access control agenda.
“Communication between readers and controllers is the area where the access control industry has made the most progress towards open systems. Today, OSDP is a capable and mature standard, which has broad support from major reader manufacturers. It should be a requirement for any customer who is looking for an open access control system,” continues Pompili. “For mobile credentials, there is – sadly – nothing that even resembles a de facto standard with support from multiple reader brands.”
Smartphones are now pervasive across society and in combination with cloud platforms that connect to a variety of other building systems, they provide an ideal platform for open access control. However, all too often we see organizations that follow a mobile-first strategy and open approach to their buildings but still maintain old fashioned cards and badges at the absence of reliable and latency-free mobile access options. One by one, building systems are migrating the data and processes to the cloud to bring about this new level of connectivity and system intelligence, but access control seems stuck in the slow lane.
“While many of today’s applications seamlessly integrate with one another in the office, access control has traditionally stood alone from all other systems. Yet, many businesses rely on a single source of truth to handle all employee administration needs such as Active Directory and G Suite,” said James Segil, Co-Founder of OpenPath Security, during a Memoori webinar in May. “With open, cloud-based access control systems, companies can easily administer or revoke access credentials in real-time. Through strategic integrations, businesses not only improve their overall security and administration capabilities but can provide a better experience to guests and employees alike.”
The potential of access control goes far beyond security but only if it can openly integrate with other building systems. Through Application Programming Interfaces (APIs), organizations can develop apps that utilize the valuable data generated by access control systems. During the webinar, Segil highlights a multi-tenant landlord that used the Openpath API to build an amenity app, which allows tenants to have a more interactive experience. It provided the ability to reserve common areas or assign guest passes, allowing apartment complexes to create a unique value-add for their property.
That untapped value will continue to wear away at the proprietary status quo in the physical access control industry and will drive the innovation required to facilitate mainstream adoption. This shift will begin with big real estate companies who want to integrate access control in their BMS for full automation and large public sector building portfolios whose long-term perspective makes them adverse to single supplier arrangements. Step by step, open access control will follow other building systems to find its place in the increasingly open smart buildings ecosystem.