“It’s not about tracking or monitoring people, it’s about keeping the bad people out and preventing insider attacks with the right risk management,” says Serra Luck, HID Global's VP End User and Consultant Business - Physical Access Control Solutions, on the issue of privacy in our increasingly connected built environment. While this may sound good for all, it still requires trust from the end user on who will handle their information and how.
HID Global recently released a product that tracks assets as they move to and from a space. In late 2016 HID Global acquired Bluvision, a Bluetooth-based real time location services provider. That acquisition led to the establishment of HID Location Services, which has now launched in the Asia Pacific market.
Tracking assets, human or otherwise, as they travel through a facility can provide significant safety and security benefits. The key step in the process is to ensure that the identity of the place, thing or person can be trusted. Not only trusted by one system but across multiple platforms in order to gain the efficiencies as well as the security from these systems.
“An identity can be provided to anyone but it’s extremely important that the identity is trusted so you don’t need to introduce it to multiple systems again and again. It is authenticated, authorised and trusted by different systems, so it can be re-utilised,” said Luck in an interview with Security Brief New Zealand.
The system also has significant implications for physical access control, which until recently has held back somewhat from IT integration. According to our Recent Security Report, the physical security industry has become more resilient and robust and is in good shape to meet the full force of some very disruptive technologies that will start to change the supply structure and competitive landscape over the next 5 years, and Luck agrees.
“We see a lot of changes happening in IT. With smart buildings and smart cities coming in, and other changes happening in the marketplace, we see the change is coming to physical access control security. The evolution is there,” she added.
HID Global has been preparing for this “evolution” since 2014, and has spent those three years working with mobile access technologies, such as the technology gained through the Bluvision acquisition. The company is also taking advantage of the broad adoption of smartphones across the general population. These personal mini-computers offer security firms a range of options beyond simple door entry systems.
“A traditional card reader company would be issuing and personalising a card, managing it with different services and sending it to the user. Now with mobile access, a smartphone can do exactly the same thing as a card, and more.”
The key to making the most of our trusted identities for access control is convergence. Needing a new introduction for each and every new physical access control system does not provide the convenience that our IT evolution promises. Luck believes they must be brought into alignment but it is not that simple.
“The challenge is how to put these things together. With smart building and building management systems coming in, trusted identities would be able to serve IT services, physical access security services. This is why we suggest that organisations consider combining technology such as SEOS," she explains.
Then comes the issues of privacy. With all the data associated with specific trusted identities being shared across multiple networks, which involve a variety of stakeholders, there is rightly significant concern from industry voices protecting the end user.
“Privacy is extremely important. We see different laws and regulations around the world. There’s no single model but people, governments and organisations care about privacy. In a service environment such as location-based services, it’s more important to focus on the service without necessarily attaching it to the ‘who’. How do I do it and what type of benefits does it bring. For example, do I have everyone that needs to be outside actually outside in case of fire,” says Luck.
“We can make data anonymous – we don’t even need to know who is accessing the system as long as you as an enterprise decide that. It’s important for financial and government customers that we secure those environments," she added.
However, “you as an enterprise decide that” may not be reducing end user concerns as much as Luck would hope. Whichever way we look at it trust over the management of personal data is needed, be it for the enterprise, the system integrator, or a government body, but that trust is lacking. Luck maintains that the decisions will come down to the enterprise in the end, and concludes that this evolution will be driven by the young generation.
“The younger generations will be pulling it, especially the people who move a lot in larger organisation. There’s the convenience of it. As a security officer issuing multiple cards, virtual identities are more convenient and sustainable. It’s up to the enterprise what risks they want to take and how they want to manage that risk.”
[contact-form-7 id="3204" title="memoori-newsletter"]