Securing Your Access Control Door Entry System
Secure door entry is a core part of access control systems. Today, there are a variety of solutions for door access security, each with its own advantages and disadvantages. What follows is a detailed overview of the various methods for securing door entry. Use this guide to evaluate the most secure, cost-efficient solution for your own organization.
On its surface, door security might seem straightforward. Yet these systems go beyond just doors, ID cards, and readers. Doors require wiring that can be difficult and expensive to install. Managing users with keycard access is another important consideration, one that can grow quite complex depending on the size and scale of a given deployment. Finally, authentication methods vary in complexity, cost, and security.
Unfortunately, most of today’s common door entry security solutions come with significant vulnerabilities. Many door access cards and fobs, for example, use unencrypted technology that open them up to copying (cloning) and unauthorized access. Managing multiple locations can present its own complexities and security blindspots, especially for organizations still operating without a centralized, IT-based access management system.
While most people are likely familiar with keycard access systems (most people have used one at one time or another), it’s useful to provide a brief overview of the basic components that comprise these access systems.
Jump to each section to learn more:
• Key Card Systems
• Tradition Lock and Key
• Mobile Access Control
What is a Key Card System?
A key card is some form of “readable” card that is issued to a person to grant (or deny) access to a building, floor, lot, room, and so on. Access is determined after a person inserts into, swipes through, or taps the card on a reader mounted outside of an electronically secure door. Each card contains an embedded security token that can be read by the corresponding reader.
Examples of key cards commonly in use today:
- RFID Proximity Cards
- Key Fobs
- Magnetic Strip Cards
- Mobile Access Cards
Advantages of Key Card Entry Systems
Key card entry systems are still used widely due to a number of distinct advantages:
- Flexibility: Key cards can be provisioned for access to multiple doors through a building or across locations. Many key cards can also open the same lock and access the same reader.
- Customizability: Key cards can be customized to meet the structure and complexity of user access across your organization. You can, for example, restrict certain cards or card groupings during a particular time of day (after hours, for instance), or by user group.
- Remote configuration: Unlike a traditional key, or even some legacy key card systems, modern key card entry systems make it easy to configure and reconfigure a card remotely. You can even deactivate a card or revoke access, which is especially handy when offboarding employees or responding to an active security incident.
Disadvantages of Key Card Entry Systems
There are still many potential limitations to key card entry systems, which you should keep in mind as you evaluate your next solution. Primarily:
- Security vulnerabilities: Many key cards can be hacked, copied, or otherwise compromised using cheap, rudimentary devices. Also, building security remains compromised between the time an employee loses their key card, to when they report it (and the card is actually deactivated). Having a system that can identify and alert you to these vulnerabilities is essential to proactive response.
- Location requirements: Key cards still require a physical token, and they must be in close proximity for a reader to be read. Key cards cannot, for example, be used for mobile access to a protected cloud environment.
Must-Haves in a Secure Key Card Entry System
While no system can guarantee 100% invulnerability, there are a few must-haves that differentiate more secure key card entry systems:
- A physical credential granted to each end user that is difficult to duplicate and the only way of gaining access for that user.
- A fast way to deactivate physical credentials should they be stolen, misplaced, or compromised, ideally from a remote administration console available anywhere, and on any device.
- Access from unauthorized third parties should be nearly impossible, thus blocking a common attack vector for hackers, criminals, and other bad actors.
Alternatives to Key Card Entry Systems
There are two primary alternatives to key card entry systems:
- Traditional lock and key
- Mobile access control
Both of these systems have advantages and disadvantages in certain use cases.
Traditional Lock and Key
Though the traditional lock and key system might seem like a legacy solution compared to other access control systems, they’re still quite prevalent. That’s because, despite its shortcomings, the lock and key system is simple, affordable, and easy to use. This is especially true for smaller shops with fewer locations, doors, and employees.
How a Traditional Lock and Key System Works
Each lock has a combination of locking pins that can only be locked or unlocked by a matching key. These solutions are by and large analog, with no electrical or IT components. Keys are typically issued with each lock and copied/distributed as needed.
Advantages of Lock and Key
No electrical configuration required, making installation quite simple and inexpensive. Should a building’s electrical source go offline, or be disabled, lock and key systems will still keep doors secure and allow access to anyone with the correct key.
Wide availability. Lock and key systems are still ubiquitous. We find them in most homes. We still use them to get into and start our cars (though most modern automobiles do use some form or access security system). It’s one of the most simple and inexpensive door access control systems available.
Disadvantages of Lock and Key
- Can be picked: Most locks can still be picked or breached. This kind of breach can go unnoticed until personnel arrives at the physical door, or reviews security footage, since most traditional lock and key systems are not centrally managed and monitored.
- Can be copied: Keys are very easy to duplicate, making it difficult to keep track of who does and doesn’t have a key.
- Lacks flexibility: A physical key cannot be deactivated when an employee is offboarded, only reclaimed. Likewise, users cannot be provisioned the way they can be with a key card system, which makes user access management and control more difficult.
- A lost key is a security vulnerability: Because keys cannot be deactivated, locks must be rekeyed or replaced any time a key is lost or stolen. This can be costly, both in terms of time and money.
- Scalability is an issue: When only one key opens one lock, a lot of keys need to be issued, carried around, and kept track of for the various doors throughout every location.
- Lost keys are time-consuming and costly: It takes time to find misplaced keys, replace lost keys. This, coupled with high turnover of keyholders, can make keeping access to traditional locks a significant resource and cost drain.
Mobile Access Control
Rather than assume the cost and resources needed to issue, reissue, and replace physical keys or key cards, why not turn a user’s smartphone—something most people have—into their access card? This is the idea behind mobile access credentials, which use smartphones instead of cards as the medium for carrying identification information and granting/denying access to doors. Some solutions also offer additional security features such as multifactor authentication.
Advantages of Mobile Access Control
- Prevent lost or shared credentials: By their very nature, keys and key cards are easily shared (passed back), traded, or misplaced. This presents notable security issues, as an unauthorized person could gain access to sensitive or restricted spaces. By tying access control to peoples’ smartphones, you greatly reduce the risk of this happening.
- More convenient for the end-user: For better or worse, people are more inclined to grab their smartphones before leaving the house than they are key cards or badges. With mobile access control, users have one less thing to worry about carrying with them (and one less thing to lose).
- Lower total cost of ownership (TCO) for multi-factor authentication: A smartphone has the three parameters commonly used to authenticate someone for access: a remote access capability, such as Bluetooth; a PIN or password; and some form of biometrics (fingerprint or face scan, for instance). In this way, smartphones are inherently a form of multi-factor authentication.
- Simplified user provisioning: Access control is an important part of onboarding and offboarding employees. Like with keycard systems, with mobile access control admins can credential new users, revoke access, and adjust access groups almost instantly, typically from a web interface. No need to go around hassling people to give their keys back, or tracking them down to pass out keys or key cards.
- Less waste: At scale, the issuance and disposal of plastic key cards can create a significant amount of waste and costs. Consider how many plastic key cards are thrown away in a hotel environment—mobile access control provides a simple answer to reducing plastic waste.
Disadvantages of Mobile Access Control
- Requires a mobile device: While the majority of people have some kind of smartphone or mobile device, not all devices are created equal. Models, platforms, and technology differ from phone to phone. This might require, for example, a vendor offering different versions of a mobile access control app available in several different app stores. Sometimes, organizations must provide the mobile devices themselves if that will be the sole user credential.
- Badges might still be needed: In office environments, specifically, many admins find that physical badges with photo identification are still required to distinguish between employees, visitors, and contractors—despite the mobile access control solution in place.
- Beholden to phone battery life: Battery life is a constant struggle for smartphone users. Since most mobile access solutions require Bluetooth to be turned on at all times, the battery drain can be significant, leading to access issues and unnecessary IT tickets/contacts.
- Cybersecurity concerns: Having all of our personal and work matters centralized on a single device can be both a blessing and an attack vector. Inherently, mobile devices have some limitations in terms of security: are employees running the latest software and app versions on their smartphones? How is each individual device secured (passcode, fingerprint, etc.)?
Moving to More Secure Door Entry Solutions
Door entry security systems are certainly evolving. However, the latest and greatest technology is not always the best fit. As a best practice, organizations and IT buyers would be wise to evaluate the advantages and disadvantages of each system against their own security needs. Can a given solution answer your questions of access, ease of use, security, and cost-efficiency?
The answer is often different for each organization.