At a very basic level, access control is a means of controlling who enters a location and when. The person entering may be an employee, a contractor or a visitor and they may be on foot, driving a vehicle or using another mode of transport. The location they’re entering may be, for example, a site, a building, a room or a cabinet.
We tend to call it physical access control to differentiate it from access control that prevents people from entering virtual spaces – for example when logging into a computer network. And, although one of its primary uses is to increase security, a physical access control system can offer many other benefits too. Including the improved efficiency of your business processes and site or building management.
What is an access control system?
When we talk about a physical access control system, we’re usually referring to an electronic security system. They typically use an identifier such as an access card to authorise people to enter certain areas. And, as they’re capable of logging who accessed where and when, they can provide valuable data to help you track how your buildings and sites are being used.
Why use an access control system instead of keys?
Mechanical keys are the simplest form of physical access control and the method many smaller organisations use. Even for a small company, however, using mechanical keys has several flaws and limitations – especially as an organisation gets bigger. Below are just some of the problems presented by using keys.
- People lose keys
If someone loses a key, you need to replace the lock to make sure the lost key can’t be misused. You then need to distribute new keys to everyone who needs access to that door. - Keys don’t leave an audit trail
You can’t see if and when someone’s used a key, so you don’t know who’s entered or at what time. - Keys are difficult to manage
If someone needs to enter many different buildings and rooms, they’ll need a large number of keys, which are inconvenient to carry and use. It can be difficult to remember which key is for which door, but it’s too much of a security risk to label them.
Increased control and security
By using an electronic access control system, you can avoid the downsides of using mechanical keys and also gain much more control.
It will manage:
- Who has access
You may, for example, only want to allow automatic access to employees. Whereas you’d like visitors and contractors to report to the reception desk on arrival. - Which doors they have access to
You may want only some people to enter certain areas. For example, you only want technicians to be allowed in your labs. - What times they can gain access
Contractors and junior staff may only be allowed access during their standard shift pattern, whereas senior staff can enter the building at any time. - Under which conditions they’re allowed access
For example, you may set your system so contractors are only allowed access if it shows they’ve presented their certification.
What gives you even more control is that a good access control system lets you set these parameters for each individual. And you can quickly and easily update them whenever you need to.
It will also show you who’s accessed where and when so that, if there’s an incident, it’s easier to determine who might have been involved.
A variety of identifiers for access control solutions
Access cards are still the most common identifiers used in access control systems. You present your card to a reader and, if all the conditions stored in the system are met, you’re allowed to enter.
There are other options to cards, however, and some offer higher levels of security.
The key identification methods are:
- Something you have – such as an access card or badge or another type of identification tag.
- Something you know – for example a PIN or password.
- Something you are – biometric identifiers such as your fingerprint or iris.
Each identification method has pros and cons, so the method to choose depends on the situation. You might choose one method for external doors, for example, and another method for internal doors.
You can also combine two identification methods to increase your security standards. This is called verification – you use the first method to identify yourself and the second to verify that it’s you. So, for a room that holds valuable goods, you might ask people to use their access card for identification and then ask them to supply a PIN or present their fingerprint for verification.
Improve efficiency with integration
When it comes to deciding who has access to what, various departments are usually involved. This can include HR, facilities management and IT, as well as security. Often, these departments each have their own system that operates independently. This is inefficient though and can lead to mistakes that present significant security risks.
For optimum security and efficiency, all systems should be aligned. An access control system that has the ability to integrate with other systems can have the power to link everything together.
An online access control system
AEOS, developed by us at Nedap, was the world’s first software-based access control system. It’s operated via a web-based dashboard, so you can log-in from anywhere to control and monitor access. To add more functionality to your system, you simply select extra options from our access control software.
As AEOS is built on open standards, it integrates with a wide range of technologies, including video monitoring and biometric readers. And it has the flexibility to scale easily, so you can build and grow your access control system to suit you.
End-to-end security for AEOS
More recently, we’ve also introduced end-to-end security for AEOS to protect it from the threat of cyberattacks. It combines the latest IT principles of encryption and strong authentication to achieve secure communication between all elements of the system. Without this kind of protection, an access control system can become the weakest link in your network, enabling people to gain access to valuable assets such as company data.
Watch the video to learn more about the flexibility of AEOS Access Control
To discover more about what access control can do for your business, see our blog on the often-overlooked benefits of access control. We’d love to help, so get in touch.
Frequently asked questions
The key reason for installing an access control system is usually to secure physical access to your buildings or sites. You want to control and log who is entering which area and when. But choose the right system, and the access control benefits can stretch far beyond protecting people, places and possessions.
Read more…
The basics of access control. Let’s take a step back though and look at the fundamental principles and techniques behind access control systems.
It manages:
- Who has access.
- Which doors they have access to.
- What times they can gain access.
- Under which conditions they’re allowed access.
Read more…
To be truly valuable, today’s physical access control must be intelligent and intuitive, and offer the flexibility to respond to changing needs and risk. The answer to these needs is adaptive access control and its stronger relative, risk-adaptive access control.
Read more…
If you decide to use anaccess controlsystem, it’s probably because you want to secure the physical access to your buildings or sites to protect your people, places and possessions. That’s just the start for access control systems though. The right system, used well, can add value in a range of ways.
Read more…
Draw up a risk analysis. When preparing a risk analysis, companies often only consider legal obligations relating to safety – but security is just as important. A good security policy will protect your critical business processes and your company’s environment as well as your assets and, most importantly, your people.
Read more…
FAQs
What is access control security management? ›
Access control is a core element of security that formalizes who is allowed to access certain apps, data, and resources and under what conditions. Protect your assets.
Why is access control important in security? ›Access controls limit access to information and information processing systems. When implemented effectively, they mitigate the risk of information being accessed without the appropriate authorisation, unlawfully and the risk of a data breach.
What is the main purpose of access control? ›Access control's purpose is to secure confidential information, and it pertains to both the physical and digital realm. Physical access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons.
What is security management in simple words? ›Security management covers all aspects of protecting an organization's assets – including computers, people, buildings, and other assets – against risk.
What are the types of security access control? ›Three main types of access control systems are: Discretionary Access Control (DAC), Role Based Access Control (RBAC), and Mandatory Access Control (MAC).
What is an example of access control? ›Access control is a security measure which is put in place to regulate the individuals that can view, use, or have access to a restricted environment. Various access control examples can be found in the security systems in our doors, key locks, fences, biometric systems, motion detectors, badge system, and so forth.
What are the 4 steps involved in access control? ›The typical access control process includes identification, authentication, authorization, and auditing.
What are the basics of access control? ›The basic concept of Access Control is a system that either grants or denies entry to a lock or door by determining the identity of the person; this can be done by biometrics, passwords, key cards, and everything in between.
What are the two types of access control? ›- Discretionary Access Control (DAC) A discretionary access control system, on the other hand, puts a little more control back into the business owner's hands. ...
- Rule-Based Access Control. ...
- Identity-Based Access Control.
Security Manager responsibilities include:
Developing and implementing security policies, protocols and procedures. Controlling budgets for security operations and monitor expenses. Recruiting, training and supervising security officers and guards.
What are the 4 types of security controls? ›
One of the easiest and most straightforward models for classifying controls is by type: physical, technical, or administrative, and by function: preventative, detective, and corrective.
What are the 5 types of security? ›- Critical infrastructure security.
- Application security.
- Network security.
- Cloud security.
- Internet of Things (IoT) security.
- Burglar alarms.
- Fire alarms and smoke detectors.
- Carbon monoxide detectors.
- Video surveillance.
- Environmental sensors.
- Monitored home security system.
- Inventory and Control of Hardware Assets. ...
- Inventory and Control of Software Assets. ...
- Continuous Vulnerability Management. ...
- Controlled Use of Administrative Privileges. ...
- Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers.
Door openers, door releases, intelligent locks, barrier arms, swing gates, single-entry access equipment and door control accessories, for effective access control. An access control system needs a combination of door control equipment to ensure secure access to buildings.
How do you maintain access control? ›- Visual Inspection. The first step of access control maintenance is to simply look at your system's mechanisms. ...
- Cleaning Components. ...
- Check Power. ...
- Software Maintenance. ...
- Access Control System Maintenance with Four Walls Security.
Mandatory access control systems are the strictest and most secure type of access control, but they're also the most inflexible. In order to change permissions, the administrator has to reprogram the specific user's access, not just the security lists at the entry point.
What is access management process? ›Access management is the process of granting authorized users the right to use a service, while preventing access to non-authorized users. It has also been referred to as rights management or identity management in different organizations.
What are the seven functions of access control? ›What are the seven major classes of access control? The directive, deterrent, preventative, detective, corrective, compensating, and recovery.
How does access system work? ›The control panel receives the encrypted tag number from the reader, decodes the number, then compares the ID number to ID numbers already loaded onto the system. If the numbers match, and the user is authorized to access the door at that time, the door will unlock. This all happens in the matter of seconds.
What are the three functions of system access? ›
- Identification: For access control to be effective, it must provide some way to identify an individual. ...
- Authentication: Identification requires authentication. ...
- Authorization: The set of actions allowed to a particular identity makes up the meat of authorization.
Identification is the first step of access control.
What is called access control? ›Access control is a fundamental component of data security that dictates who's allowed to access and use company information and resources. Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data.
What are the four 4 main access control model? ›Currently, there are four primary types of access control models: mandatory access control (MAC), role-based access control (RBAC), discretionary access control (DAC), and rule-based access control (RBAC).
What are the six 6 benefits of access control? ›- Increase Ease of Access for Employees. ...
- Get Rid of Traditional Keys. ...
- Save Money and Energy. ...
- Keep Track of Who Comes and Goes. ...
- Protect Against Unwanted Visitors. ...
- Give Employees the Freedom to Work When They Need To. ...
- Prevent Against Data Breaches.
There are two types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to computer networks, system files and data.
What are the six main categories of access control? ›- Mandatory Access Control (MAC) ...
- Discretionary Access Control (DAC) ...
- Role-Based Access Control (RBAC) ...
- Rule-Based Access Control. ...
- Attribute-Based Access Control (ABAC) ...
- Risk-Based Access Control.