Preventing intruder access at the front door; halting hacker access at the back
The rapid evolution of access control technology, specifically its shift from a closed, proprietary system to an open, IP based architecture, has unlocked a new set of possibilities for end users. Modern access systems offer open communications architecture, designed to allow access controllers to be deployed as IoT devices. The benefits are obvious; Access control technology can connect to other devices on a network and interact to easily form useful solutions. Perhaps that is why it has become the fastest growing physical security technology in recent years, with security teams and the wider business achieving something they never thought they could from a simple physical security solution; intelligence.
An example of this is closely integrating an access control solution with video surveillance technology; this can help verify that the person trying to access your facility is in fact the person on the ID card. Beyond physical security, inter-operation with other systems such as HR software can help organisations detect potential intruders by identifying that the credentials of an employee currently on annual leave are being used to attempt entry. So far so good, but what are the wider implications of transitioning from traditionally offline technologies to IP-enabled access control solutions?
Letting hackers in the back door
The problem with adding any technology to an IT network is that it can offer hackers or other threats, a backdoor access point to a company’s confidential data, if not deployed correctly. That is why, as IoT technologies have become more commonly used, cybersecurity has become a boardroom issue. So much so that a firm’s future could depend on its ability to protect Personally Identifiable Information (PII) that is generated and stored within the database of an access control device and system. With the General Data Protection Regulation (GDPR) on the horizon, ensuring security policies are up to date has become a top priority.
When a technology, be it access control, physical security or any other IP device, is connected to a network the cybersecurity risks are without doubt increased. For example, last year it was discovered that nearly 200,000 security cameras connected to the internet could allow hackers to control them remotely. Sitting on an IT network, they could also act as an entry point to other systems within a business, meaning data protection policies are essential.
Securing any device that sits on a network is vital to ensure the protection of data. Not only could hackers access and steal data related to the system they infiltrate, but they could also access other IT systems within a business. A ‘secure by default’ design ethos is essential to any technology utilised today. The cybersecurity element of a modern business is a process, however, and extends far beyond a product-led approach.
True security requires collaboration between user and manufacturer – no device, despite being secure by default, will remain so with default passwords unchanged, for example. Any company looking to install IP connected devices, be it access control, video surveillance or audio systems, should also ensure the vendor and supplier they are dealing with are prioritising cybersecurity. In short, if your processes, systems and suppliers aren’t secure, your business won’t be either.
Learn more about our access control technology: https://www.axis.com/products/access-control