Posts Tagged :

Access Control

Global access control market to hit $14.43bn by 2025

960 640 Stuart O'Brien

The global access control market was valued at $8.23 billion in 2019 and is expected to reach $14.43 billion by 2025, representing a CAGR of 9.8% over the forecast period.

That’s according to a report from Mordor Intelligence, which says cloud-based access control and video management solutions are in trend. Each access card, fob controller, calendar permission, and technology upgrade is integrated via cloud security, so updating secure access changes are both mobile friendly and globally scalable. New doors, offices, and users can be added to the system at any time for greater convenience, with benefits provided, such as quicker installation time, automatic software updates, flexibility and mobility, and managed services with increased cyber security.

Deployment of wireless technology in security system is also a key driver for the market studied. Wireless access control sends data to system control panels via a wireless radio signal, where wireless sensors are easy to move, which keep track of all sorts of unique occurrences, with real-time alerts that keep aware of what is happening. Moreover, the report says wireless intrusion detection and prevention systems also enable protection of a wireless network by alerting the wireless network administrator in case of a security breach.

The report says that due to increasing crime rates globally, public security is a growing challenge. Access control systems play a major role in urban security, by enabling end users to exercise greater control over their domains. The most effective way of protecting personnel and assets from theft or harm is to limit physical and virtual access to only those individuals who can be identified and evaluated. Modern access control systems are automating this process with capabilities, like encrypted communications, which enable authentication by credentials, biometrics, and mobile devices.

However, due to less awareness among users about advanced security solutions and its usage in various applications, the growth of the market might be a challenge in the future.

In terms of the end-user industries, the healthcare sector is expected to drive technological transformation within the market. The United States accounts for a significant portion of the global demand for access control systems, mainly used to monitor employees who have administrative access to organisational systems.

Key players in the market are listed as 3M Cogent, Inc., Hanwha Techwin Co., Ltd., Honeywell Security Group, etc.

Do you specialise in Access Control? We want to hear from you!

960 640 Stuart O'Brien

Each month on Security Briefing we’re shining the spotlight on a different part of the security market – and in January we’ll be focussing on Access Control.

It’s all part of our ‘Recommended’ editorial feature, designed to help security buyers find the best products and services available today.

So, if you’re a supplier of Access Control solutions and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Ian Jefferies on i.jefferies@forumevents.co.uk.

Here’s our full features list:

Jan – Access Control
Feb – Business Continuity & Risk Management
Mar – Fire Solutions
Apr – Lone Worker Security
May – Perimeter
Jun – SIA Security Training
Jul – Transit, Screening & Scanning
Aug – Biometrics
Sep – IP/IT Security
Oct – CCTV
Nov – Loss Prevention Solutions
Dec – Drones

Fake ID Fabrication: The race to anti-fraud measures

960 640 Stuart O'Brien

By Rob Cook, Senior Analyst at Flashpoint

United States government-issued identification cards are replete with anti-fraud measures such as ultraviolet ink markings and holographics intent on stemming the reproduction of phony IDs. That, however, has not stymied a growing underground economy of sites servicing criminals wishing to obtain and use fraudulent U.S. ID cards.

While only relatively few of these sites can deliver quality fraudulent reproductions, there are some sites with high ratings and positive reviews within illicit communities that can deliver cards that will bypass the security measures protecting legitimate government-issued cards.

This poses a threat to facilities that scan IDs to allow entry, for example, or to businesses such as banks and other financial institutions that rely on Know Your Customer requirements to verify the identity of customers and put up barriers to synthetic identity fraud, for example.

Vendors Advertise Bypasses of Security Features

Legitimate identification cards in the United States not only contain sometimes complex fraud-protection measures including the stars on REAL ID-compliant driver’s licenses or properly formatted scannable barcodes, but they’re also made of specific materials that are durable and transmit light in order to support these measures.

Vendors running some of the highest-rated illicit shops will advertise their capabilities around replicating these security features on identification cards, such as the correctly formatted barcode, certain micro-printing, or laser perforations. A proper barcode, for example, is often enough to allow entrance into access-controlled facilities. This is a significant risk not only to government buildings, but anywhere—such as a school or corporate office—where entry is controlled by some sort of access mechanism attached to an ID card.

The availability of high-end printers is one factor facilitating these fraudulent reproductions by threat actors. A typical office photo printer has the capability to reproduce quality products, while laminating machines and plastic card printers can also facilitate these reproductions. Supplies such as ultraviolet ink are available on the open market as well. It’s unknown whether some fake ID producers are obtaining the actual blanks used by agencies, this likely includes the laminate that contains the holograms.

Some of supplies used by high-end ID manufacturers to create advanced security features are also sold in bulk by vendors within illicit communities. Some forums and markets advertise “holos,” “perf sheets,” “cardstock,” “OVI sheets” and more for relatively low prices; OVI stands for optical variance ink. Transactions are generally carried out via cryptocurrency to maintain a measure of privacy throughout the transaction, and deliveries also relatively quick—anywhere from five days to three weeks. Flashpoint analysts have also seen some advertisements where payment methods such as prepaid credit cards or wire transfers are accepted.

Although even the highest quality fake IDs will likely be detected once checked against law enforcement and-or Division of Motor Vehicle databases, many of these IDs will reportedly pass the inspection of untrained security personnel and numerous off-the-shelf (OTS) barcode readers/verifiers. It would therefore be difficult to identify a professionally crafted fake for commercial retailers such as liquor stores, or office or school building access control systems that aren’t able to verify government IDs against a database. As a result, the threat to physical safety or the risk of fraud is enhanced.

Retailers that sell alcohol and tobacco, for example, may be especially vulnerable to employees accepting fake IDs based on the multiple states and forms of ID they may be presented with during transactions, particularly in locations near college campuses. Fraudsters may also use fake identification to gain entry into student events or take advantage of student discounts.

Those vendors who deliver higher quality products are rated upon not only their product quality (look, feel, durability, and acceptance rate of the ID card), but also upon their trustworthiness, and the security features included in the cards. Customers rank vendors on several advertised security features, including the quality of their templates (similarity between legitimate and phony templates), quality of the hologram and use of optical variance ink, ultraviolet ink, and their ability to incorporate microprint into ID templates. Vendors are also rated on price, discretion of shipping packages, and shipping turnaround times.

Assessment and Mitigations

Entities likely to be impacted by threat actors selling or using fraudulent identification can take some steps to protect themselves.

Organisations operating in sensitive industries, for example, could mandate background checks through a law enforcement agency for new employees, or for employees with access to sensitive materials or data.

Employee training can also help retailers or public-sector organisations spot phony IDs. Various government agencies, for example, offer training that explains security features employed by the different states and how they work off of one another.

On a more granular level, retailers—in particular those selling alcohol and tobacco—could institute a policy where a second form of identification is required, even a credit card or school identification, for example.

In the meantime, threat actors will continue a frustrating cat-and-mouse game with defenders, attempting to bypass new security features as they’re implemented in order to service a growing underground economy built around phony identification documents.

Image by Simeworks from Pixabay

Fujitsu expands PalmSecure biometric security offering

960 640 Stuart O'Brien

Fujitsu has revealed a new, extended range of PalmSecure-based biometric security solutions that it claims ‘consigns passwords to history’.

Available immediately to customers in Europe, the Middle East, India and Africa, the expanded Fujitsu PalmSecure offering comprises four main elements: Fujitsu Biometric Authentication PalmSecure ID Engine; ID GateKeeper; ID LifePass; and ID Login V2 for access to client computing, physical access to buildings or data centres and to all kinds of applications via an Application Programming Interface (API). 

Fujitsu says the new offering enables customers to benefit from a broad range of password-free biometric authentication applications.

PalmSecure enables organisations to ‘step up to the highest level of biometric security’, while increasing convenience for users and avoiding costly service desk interactions to reset forgotten passwords. Integration capabilities allow customers to build ultra-secure biometric control into solutions for physical access to buildings and devices, as well as logical access to specific applications and services.

Based on a new central matching server, it enhances security by eliminating the need for multiple user enrolment across different locations, devices, applications or services. Integration with various kinds of applications and equipment is facilitated using an Application Programming Interface (API), extending biometric ID to use cases from data centre entry to user credentials for industrial machinery, to single sign-on (SSO).

The contactless PalmSecure authentication system uses biometric technology developed based on Fujitsu’s more than two decades of image recognition experience and incorporates technology from BioSec Group to authenticate users based on the unique pattern of their palm veins. Vein patterns are unique to individuals and contain detailed characteristics, allowing a template to be formed for each user.

Oliver Reyers, Head of Biometrics at Fujitsu in EMEIA, said: “Biometric ID and palm vein technology in particular are lifting IT security to a higher level. There’s no need to remember – or regularly change – complex passwords, and this makes it so much more convenient for users to access secure assets and applications. Fujitsu has applied the principle of simplicity to solution development and deployment. This has resulted in an expanded portfolio of biometric security solutions, which make it easier for organisations to implement biometric identification. Fujitsu’s PalmSecure biometric recognition algorithm delivers ultra-low false acceptance rates, while central enrolment processes ensure that users can’t bypass security simply by creating multiple IDs.”

Péter Györgydeák, CEO at Biosec, added: “Until now, biometric technologies have been the unsung hero for enterprises, despite their high levels of user acceptance, and the fact that it’s almost impossible to ‘lose’ your biometric ID – which means a dramatic reduction in helpdesk calls for password resets. By teaming up with Fujitsu, we have a joint opportunity to help biometrics reach their full potential in the workplace. The new expanded PalmSecure portfolio puts biometric ID within reach of just about any use case, and makes great financial sense for any organisation that’s serious about security.”

Image by NeiFo from Pixabay

Voice biometrics demand to hit $2.8bn by 2024

960 640 Stuart O'Brien

The global Voice Biometrics Market size is expected to grow from $984 million in 2019 to $2,845 million by 2024, equivalent to a Compound Annual Growth Rate (CAGR) of 23.7%

That’s according to a new report from MarketsandMarkets, which says the key factors driving demand include an increasing need for robust fraud detection and prevention systems across the Banking, Financial Services, and Insurance (BFSI) industry vertical and a need for reducing authentication and identification costs.

North America is expected to account for the largest market size in the Voice Biometrics Market by region during the forecast period. The region is home to many key vendors, such as Nuance Communications, Verint, and Pindrop.

APAC is expected to grow at the highest CAGR during the forecast period with increasing investments in strengthening security infrastructure. An increasing demand for cloud-based solutions from retail and eCommerce and healthcare verticals is expected to drive the Voice Biometrics Market in the region.

Overall, the report identifies the key market players as Nuance Communications (US), NICE (Israel), Verint (US), AimBrain (UK), Voice Biometrics Group (US), Phonexia (Czech Republic), OneVault (South Africa), SESTEK (Turkey), LumenVox (US), LexisNexis Risk Solutions (US), VoicePIN (Poland), Uniphore (India), Pindrop (US), Aculab (UK) and Auraya (Australia).

60% of multinationals think their access control isn’t future-proof

960 640 Stuart O'Brien

Nedap Security Management presented several key conclusions from its benchmark study at ASIS Europe 2019, including worrying feedback from business leaders when it comes to access control.

The study focuses on the access control challenges and opportunities faced by multinationals – both now and in the future.

One significant finding was that almost 60% of multinationals don’t (yet) consider their access control system to be future-proof.

The results were presented by Martin Wijlens and Timon Padberg, global client sales managers for Nedap Security Management.

Wijlens said: “Our benchmark study gives multinationals useful peer-to-peer insight into the status, challenges and opportunities of their access control systems. It zooms in on topics such as convenience versus danger, infrastructure and map technology.”

Padberg added: “Due to increasing globalisation and constant changes, the international standardisation of security aspects such as access control is becoming increasingly important. We support multinationals with concrete insights based on market research, and also alleviate their concerns, not to mention workload and stress, through our Global Client Programme.”

INDUSTRY SPOTLIGHT: Centralized, multi-site door access control made simple

960 640 Stuart O'Brien

Problem: Most access control systems are site-centric, driven by local databases of staff permissions, so when it comes to trying to oversee or manage building access for sites in different locations, sharing and synchronising access information requires additional appliances and significantly increases system complexity.

Enterprise-class solutions for physical access management require substantial up-front investment and still typically rely on installing dedicated sync-servers at each site to duplicate data across locations.

Solution: Leverage existing enterprise-wide IT access control infrastructure that’s designed to deliver centralized visibility and control, in real-time, across all networked sites. Simply add controlled doors to the network – just like connecting a PC – and have staff-access similarly managed.

The EdgeConnector physical access system addresses door access control in exactly this way – radically simplifying the solution and making it limitlessly scalable, covering all sites, all connected doors, and all users, automatically.

Companies often expand to new sites through acquisition, making it likely that different access control systems are used at each location. Integrating unalike systems to provide organization-wide physical access management then becomes a far greater challenge, requiring ether the rip-out and replacement of a legacy system or comparably expensive development of bridging systems. 

EdgeConnector works with existing credentials and readers (that use the industry standard Wiegand interface) avoiding the need to change much of the hardware for legacy systems. EdgeConnector also works with a range of compatible wired and wireless door controllers – avoiding the need to swap-out these devices in some cases, although installation typically only requires a single network cable supporting PoE+ for wired door control and PoE for wireless door control.

IP network based door access systems can provide real-time control and economical scalability, EdgeConnector takes this further by making use of the existing centralized staff database used for IT-access (typically Microsoft Active Directory) to handle door access permissions. This approach streamlines the infrastructure required, which in-turn facilitates streamlined access administration processes. Taking the the critical process of staff off-boarding as an example – it’s possible to ensure all door access privileges, for all premises, as well as all IT-access permissions,  for an individual are rescinded in just one step.

Unifying IT and physical access infrastructure is consistent with the trend over recent years for IT teams to be involved in the selection and integration of physical access control systems. An HID published survey1found that well over 70% of organizations expect IT departments to influence physical security technology decisions and to integrate physical access controls into the wider IT ecosystem.

IT teams have their own interests in being involved – taking a holistic approach to an organization’s security avoids the risk of physical access, and physical access systems, providing a ‘weak link’ in an otherwise robust cyber-security strategy. By ensuring all elements of critical infrastructure, including door access controls, are properly secured through standard support practises, organizations can avert issues arising from siloed infrastructure that may otherwise avoiding regular scrutiny.

Summary

Building access control systems using contactless identity credentials, such as RFID cards, fobs or mobile phones, are commonly used in all but the smallest of organizations. By being able to easily manage who has permission to use what doors and when, together with the ability to quickly revoke access for lost credentials and former staff, access control systems provide organizations with the control they need without impeding or inconveniencing their personnel. However, the issue that frequently comes-up is the complexity involved in trying to extend a physical access control system to cover sites in different locations.

EdgeConnector makes use of the power of existing IT-access controls, and the scalability of IP-network infrastructures, to minimising the cost and capital expenditure required to control access through connected doors, car barriers and other controlled opening, across all sites and for all staff.

For more information on centralized, multi-site physical access control management contact EdgeConnector:

www.edgeconnector.com

+44 (0)1428 685 861

1https://www.hidglobal.com/doclib/files/resource_files/the_rising_role_of_it_in_physical_access_control_-_final.pdf

Global electronic access control market to hit $13bn by 2023

960 640 Stuart O'Brien

The global electronic access control market will grow from $8.2 billion in 2017 to $13.3 billion by 2023, equivalent to a CAGR of 8.53% during the forecast period.

That’s according to the latest forecasts from Market Research Future, which includes all electromechanical hardware devices that used to limit access into any private premise in its calculations.

That definition encompasses systems that are used in several fields ranging from commercial space, government spaces and private residential space.

A rise in crime rates in key territories, and a growing need to limit individual premise access are cited as the key drivers for the market.

By type, the market is segmented into biometrics reader, card-based reader, multi-technology readers, electronic locks, and controllers.

The biometric reader market segment is estimated to hold the highest market share throughout the forecast period, and it is also expected to register the highest CAGR.

Market research Futures says these categories are more reliable as they provide benefits such as improved identification and authentication process, thereby increasing the access control to physical and electronic resources.

On the basis of application, the study was segmented into commercial spaces, military & defence, government, residential, education, healthcare, industrial, and others.

The forecasts predict the commercial spaces segment will dominate the market going forward, including data centres, banks, hotels, retail stores, malls, and similar other commercial premises.

The key players highlighted include ASSA ABLOY (Sweden), Johnson Controls International (Ireland), dormakaba Holding (Switzerland), Allegion (Ireland), Honeywell Security Group (US), Identiv (US), Nedap (Netherlands), Suprema HQ (South Korea), Bosch Security Systems (US) and Gemalto (Netherlands).

Asia-Pacific is estimated to register the highest CAGR during the forecast period. The growth in the region is attributable to factors including ongoing industrial development, rapid pace of commercialization, and rise in number of security systems implementation across varied commercial spaces.

Furthermore, the rise in crimes rates in the region and growing government spending to enhance security systems in their premises also drive the growth.

North America, however, is expected to dominate the electronic access control systems market from 2018 to 2023 as the region has a sustainable and well-established economy and it is among the early adopter of latest technology.

Furthermore, the presence of the leading manufacturers in the region further drive the electronic access control systems market there.

INDUSTRY SPOTLIGHT: Simpler, stronger access control through identity driven security

960 640 Stuart O'Brien

Physical and IT security work seamlessly together with EdgeConnector door access control software; delivering streamlined permissions administration, a simplified infrastructure that gives central oversight across all sites as standard, as well as cyber-physical protection capabilities that support information security and compliance.

Security professionals can now leverage the power and flexibility of an IT network’s existing access management infrastructure, to protect people and premises, in addition to data. EdgeConnector’s unique approach to physical access management aligns door access control with IT-access control; both driven by a single shared directory of users, identities and permissions (typically using Windows® Active Directory). This radically simplified system architecture provides significant benefits over traditional models:

Streamlined administration –data duplication and separate workflows can be dispensed with, so for critical processes like staff off-boarding, it’s possible to ensure all access privileges, to all premises and for all IT network resources, are rescinded in just one step. Role-based security models can combine door and IT access rights, maintaining consistency between the physical and logical access granted to staff whenever they change job function.

Organisational fit– the rationalised, standards-based infrastructure is inherently scalable and easier for IT teams to support, giving Security teams the flexibility to manage the protection of the organisation as needs change. EdgeConnector’s dedicated physical access administration console provides authorised users with comprehensivecontrol and monitoring tools.  Alternatively, physical access rights can be incorporated into wider security permissions profiles, for allocation to staff through an existing Identity and Access Management platform. 

Central oversight– monitoring physical access across all locations and managing multi-site permissions for personnel are standard features with EdgeConnector, without any need for the complexities of installing additional infrastructure to share physical access information between sites.

Real-time control– changes to physical permissions take immediate effect at all doors, thanks to the online architecture.

SIEM by design– cyber-physical control capabilities can automatically prevent access exceptions that would otherwise require manned monitoring of alerts from additional Security Information and Event Management systems. User-location based controls can easily be applied, restricting digital access to sensitive data to within secure areas. Example usage includes: denial of access to patient medical records, or customer payment card processing, or financial trading applications unless authorised users are in nominated locations, blocking of Wi-Fi access outdoors, and prevention of privileged access to critical server administration functions from outside the data centre.

Straightforward installation– by making use of the existing user directory and IT network infrastructure, minimal effort is required to connect and control any number of doors at any number of sites. Compatible door control hardware from Assa Abloy, Axis and HID can all be used on any standard IP network, including VPN, WAN and Cloud configurations. 

EdgeConnector’s standards-based approach extends to the credential used for door access. As well as mobile phone and biometric options an extensive range of contactless card standards can be used, including existing cards and readers if desired. To protect against the risk from card-cloning, an easy-to-use tool for managing bespoke RFID encryption keys allows organisations to securely encode popular cards for themselves. 

For more information, visit www.edgeconnector.com or call +44 (0)1428 685 861

INDUSTRY SPOTLIGHT: One ID for all access – Secure, convenient & manageable

960 640 Stuart O'Brien

Hybrid smartcards are the most secure and cost-effective solution for providing staff with just one credential for all identity and access applications – making life easier for employees and strengthening security by enforcing desired behaviours. 

Organisations typically have many different  systems that require user identity verification in addition to building access control, such as secure logon to the IT network, the release of documents from printers and cashless canteen vending.

Making it possible for each staff member to use just one ID for all these identity and access applications not only makes life easier for them, which aids their productivity, but also strengthens security across the organisation by enforcing behaviours that ensure protective measures are not circumvented (such as by the loan of door access cards to colleagues, or by leaving logged-on computers unattended).

Furthermore, having just one user identity database for all applications, enterprise-wide, avoids wasteful resource duplication and significantly reduces overall costs.

Why smartcards

Hybrid smartcards can combine a separate contactless RFID interface chip with a contact chip in the same card body. This enables the best choice of standards-based contact and contactless technologies to be selected for an organisation’s specific requirements.

Contactless applications, including building access, can make use of up-to-date technologies, including DESFire, iCLASS and SEOS, which support mutual authentication with card readers before transferring encrypted identification information. It’s also possible for multiple RFID chips to be incorporated, in order to support migration from insecure legacy technologies, or to accommodate completely separate physical access control systems.

Contact smartcard chips are ideally suited to PKI-based 2-factor authentication (2FA) security applications, such as network logon, disk encryption, email encryption and digital signatures. They provide the ‘gold-standard’ in security by utilising private keys that are generated and stored securely in the chip, protected against external access, and never shared. The chip hardware from established manufacturers includes design features that prevent keys from being extracted, even if probed by an electron microscope, and so achieve certification to the highest international standards, such as EAL 5+ and FIPS 140-2.

The actual security of any digital credential ultimately depends on how well its encryption keys are protected. As mentioned already, contact smartcard chips have been certified to the highest security standards. Mobile devices support 2FA by hosting various app and cloud-based implementations of cryptographic algorithms; software-based solutions are at greater risk from malware attack and the security of encryption keys depends very much on the particular mobile device and OS in question.

Mobile device based credentials appear to offer a convenient alternative to having to issue each staff member with smartcards, they do however introduce the burden of managing and maintaining multiple apps and device platforms, a task that becomes even more complex as these proliferate over time.

Issuing employees with smartcards commonly supports wider site security requirements, as they can be printed on for use as an easily recognisable company ID, bearing a photo of the user and worn on a lanyard.

While mobile credentials solutions for an ever widening range of identity and access applications have become increasingly available, their adoption is currently limited by their much greater cost in comparison to well-established smartcard solutions.

Security benefits of converged credentials

Process

Combining the forms of identification required for both logical access and physical access, into a single ‘converged credential’, facilitates streamlined management and administration for critical process like staff on-boarding and off-boarding.

Card Management Systems (CMS’s) help organisations deploy and manage smartcards quickly, efficiently and securely. Hybrid cards can be managed easily with CMS tools that connect to enterprise directories, card printers, certificate authorities, and more.

People

Staff always tend to find the most expedient ways of getting their work done, even if short-cuts may result in security vulnerabilities. Issuing each staff member with a single card for door access as well as IT-access (amongst other uses) naturally compels them to always carry their ID-cards with them at all times, strengthening overall security by:

  • Ensuring credentials with photo-ID are consistently worn by staff moving around a site.
  • Quashing the practise of lending door access cards to colleagues.
  • Automatically logging-off or locking computers whenever left unattended by users, who have to remove their ID card to pick-up a coffee or collect a document from a printer for example.

Technology

Hybrid smartcards allow organisation to mix-&-match established standard contactless and contact technologies to fit their precise needs; providing the flexibility to integrate with an extensive range of identity and access applications using just one ID card.

In addition, fully-online and integrated door access control systems can be used to ensure that users can only log on to their PC, or access other IT resources, if they have badged through a door, thus eliminating most ‘pass-back’ and ‘tailgating’ issues with building access cards.

For more information on converged identity and access management solutions contact Dot Origin:

www.dotorigin.com/smart-card-based-solutions/converged-access/

+44 (0)1428 685 861

  • 1
  • 2