Integrated Access Management Steve Wintle, Head of CNI at Abloy UK, discusses integrating smart technology and enhancing physical security for critical national infrastructure. Integrating next-generation smart technology into critical national infrastructure - such as gas, power and heat networks – offers new opportunities for effectively managing the way we live, work and grow, whilst remaining safe and secure. It can also have a positive impact on system functionality and productivity, by combining the physical infrastructure with digital communications and data analytics, unlocking system-wide synergies. One of the areas with the greatest potential to be transformed by smart infrastructure integration is security and management of access, especially framework contractors. What’s more, access technology is increasingly forming part of a greater, fully integrated infrastructure system that links together every aspect of an operational site. We are already familiar with heating and lighting controls being set to activate in areas where staff are working. Building management systems (BMS) already do this, but integrating site access and managing individual’s competencies adds health and safety benefits as well as security. Research predicts that business-to-business spending on IoT technologies, apps, and SaaS solutions will reach €250 billion by 2020, and this is expected to keep growing by around 20 per cent each year. Smart integration Innovative SaaS and cutting-edge hardware can be combined to create locking solutions designed for an organisation’s specific needs. Access rights can be issued, denied and monitored in real time with no need for wires or power, integrated with the organisation’s operational control systems and even staff competencies, offering the very best in both flexibility, security and compliance. There is great potential for an excellent return on investment by combining integrated software and electromechanical hardware. This solution of smart technology paired to a mechanical key now provides much more control and management potential then a traditional key ever did. Operational efficiency is maximised by being able to decentralise access administration, prevent site conflicts and reduce risk of environmental disasters, by managing contractors and staff access rights - ensuring they are fully trained and inducted to attend site. This then also saves on travelling times and the carbon footprint of the organisation. There are many game-changing systems out there already, demonstrating that they are both effective and robust within a commercial office environment. Suppliers of such systems can try to adapt these types of systems for use on National Infrastructure, which require a lot more of its own infrastructure than is practical for use on a remote site, especially if said National Infrastructure is poised on the side of a mountain. In general, commoditised access control systems are not suitable or reliable in dirty, harsh environments. However, there is technology available that has been designed specifically for use on remote sites in harsh locations, which delivers the same benefits as online systems with which we might be more familiar. The big benefit is you don’t need wires, power or data delivered in the traditional way. The value delivered to the organisation is then accelerated when the system administrator and decision-making process uses integrated automation with other operational and business systems. This means that a change made within HR, for example, can make the necessary changes down to an employee's access rights. Employee access rights An integrated automated system can also be linked to a database of employee work permits. When the employee attempts to use their key to open the lock to a work site or dangerous piece of equipment, it can check to see if they have the necessary permissions in place, including competencies to carry out the work. Similarly, it can be used to control access to restricted areas using variable validation, forcing regular checks of the employee’s or contractor’s current competencies for the assigned task or clearance level. Smart integrated physical security also has great potential to help all areas of infrastructure become more operationally efficient and streamlined. The technology needed to achieve this is already out there, such as PROTEC2 CLIQ® technology, proving its reliability and effectiveness every day. The possibilities it offers right now are huge, but so can be the risks – so it’s crucial that as the integration of systems increases, the protection of those systems and the data contained is vital. Data security One of the challenges that integrated IoT technology presents is that of security. Connecting a system to the wider internet creates another potential access point for state sponsored or opportunist criminals and vandals to try and break. Naturally this is a concern for all systems, but it is of particular importance for the integrated technology used within physical security systems. This means that all integrated systems need to not only be physically secure, but also highly resistant to cyber-attacks. There are several ways to increase the security of the system, such as ensuring that data transfers between the different parts of the system are strongly encrypted, using a minimum of AES (Advanced Encryption Standard) so even if the information is intercepted, the wider network remains secure. Automatically creating and maintaining a detailed, reliable audit trail of which keys have been used to access which locks, provides comprehensive traceability, regulatory audit reports and enhancing security. In addition, making sure that lost or stolen keys can easily and quickly have all access rights denied strengthens security. When hosting data associated with the system, it’s advisable to use a highly trusted third party so that it is not stored on-site, and ensure that the mechanical security is just as strong as the electronic system, with reliable cylinders and the latest patented lock technology. Use of three factor authentication is also important, and automation of on-boarding and off-boarding processes, to ensure credentials are active and inactive seamlessly in line with business needs. Integration with existing applications ensures that minimum access is required – access where you need it, when you need it, rather than everywhere at all times.