21 May 2018

Examining implementing Mobile Credentials in the Access Control market

There are several that make the widespread adoption now difficult, the first of which is the pitfalls of different phones and the platforms on which they run. Not everyone carries the same type of phone - or even a smartphone. When you have 3,000 people in a company who all need credentials to access a facility, it is rarely feasible to give each person a phone that will run the application needed.

Another consideration is how to handle visitors and contractors that might require short- or long-term access to a facility. Perhaps more obvious is the challenge that emerges when a mobile device runs out of battery, thereby rendering it useless when trying to access a facility.

Considering privacy

Another challenge end users face when considering implementing a mobile-based access control solution is the concern employees may have regarding privacy. When using mobile credentials on a private mobile phone, there's a certain level of access an employer has to the phone. Employees are concerned as to how employers are using their information with regards to location-based data, or where an employee is at any given moment. Naturally, with this level of access to personal information, there's going to be a concern about how that data is used. 

While there is definite movement in the direction of mobile credentials across enterprises, another issue is the proprietary nature of the technology. Since it's still emerging, there are no common standards in place that police its use, so end users that choose to invest in the technology are often locked into a single manufacturer's system without the flexibility that more open-platform solutions allow. 

Addressing these concerns

Many end users are now shifting toward a hybrid approach to access control that utilizes both traditional badges that allow access to a facility, as well as the option to use their mobile device as their credentials. The argument is that many employees will have their phones on them at all times, but might not always remember a badge or ID. Having the option to use either solution is becoming a more widespread use of mobile-based systems. With regard to privacy concerns, it's important for security managers to work closely with human resources and other C-level executives to implement best practices for the use of this technology in an effort to better inform employees and guide implementation. 

Customer point-of-view

We are seeing an increasing customer demand for mobile credentials, so it's important to understand their needs when discussing which access control solutions are “right” for an organization. Many want the flexibility to offer multiple options to their employees, but again, have to consider the privacy implications as well as the technology involved in trying to implement such a solution.

Another consideration is the actual physical implementation. Most mobile-based credentialing systems are built with Bluetooth, which has a long-range capability; and this can be problematic. For example, turnstiles that are in close proximity to each other might pick up credentials that are a greater distance away. Standards such as near-field communications (NFC) that can be found in a lot of devices can address some of these concerns, but NFC’s ability to be used openly in an iPhone environment is not fully established and therefore isn't a viable option unless the same kind of devices is used across an organization.