Top ten things to look for in enterprise access control
It may be one of the toughest projects to encounter while working as a security manager in a multi-national enterprise organization: selecting, procuring and rolling out a new access control system for the entire estate of your organization. Not an easy task: dealing with organizational units in several countries across multiple buildings, equipping large volumes of doors and supporting thousands of users, taking into account the ideas and requirements of many stakeholders, setting targets in an ever-changing environment. Below we are mentioning our top ten of things to pay attention to during the selection process…
10. Global roll-out capacity
Is your supplier technically, organizationally and logistically capable of rolling-out their system in all your office buildings and across all your sites? Do they take responsibility for the roll-out or do they simply refer to their channel of installing partners? Do they have a blueprint for a plan? It is one thing to have good and scalable system. Being able to support a large roll-out in multiple countries is something completely different.
9. Future-proof characteristics
Large organization are in a constant state of change. Mergers, acquisitions and reorganizations are always happening. Is the system capable to deal with those changes? Does is grow with the organization? Is the scalability of the system sufficient to support the organization not only at the current level, but also in a number of years. Access control systems are selected for many years. Better make sure the system is also capable of meeting future demands and requirements.
8. Vendor lock-in or best-of-breed support?
It may sound good if a supplier takes full control and responsibility for the project. But does that also mean that are locked in with that vendor for everything you would like to do in the upcoming decade? Is the vendor open for change? Will they support your future ideas to bring in other technology vendors that may be specialists in their own area? Is the architecture technically supporting a best-of-breed solution? Are industry standards supported or does the vendor prefer their own proprietary protocols? If so, do you know why?
7. Third party integration capabilities
Standalone, monolithic systems do not really exist anymore. Current business practices require collaboration between departments of people and also between systems. Access control systems are expected to collaborate with identity management databases, human resources systems, local intrusion detection systems, office building guidance systems, video management systems, visitor management systems and many other systems. With which industry leading systems has the access control system already been integrated? Exactly how and with what depth is that integration supported? Who takes responsibility for existing and future interfaces? What is the charge for new interfaces? What is the willingness to support those interfaces?
6. Security level agility
Not only organizations change, also the world around them changes. And as a result of that the need for security levels may change. And it may change overnight. How does the system deal with that? Are multiple security level scenarios supported? Is it easy to instantly increase the security level that is supported by the system when there is a sudden threat? Can the system deal with more relaxed situations when openness needs to be supported? When the security level needs to step up, are the entrances and the technology around them immediately aware of the new situation?
5. Online or offline topology?
Running cables to support a complete online topology may be expensive for all the doors in your estate. Is offline access control (with online elements) better for your organization? Does the system support a hybrid topology? Are you aware of the implications of this choice? It might be smart to take both options into account and be aware of current innovation in the industry that is mixing traditional online and offline topologies using wireless communication techniques.
4. Cloud-based or on-premise server?
It is a fact that cloud-based security is getting more popular. For obvious reasons. But is also clear that many security managers worry about the intrinsic security levels of these systems. We usually advise people to approach the idea of cloud-based security with a different mindset. Ask yourself: which portions of my estate could I secure better if I would have a cloud-based system with IoT readers (and cameras) available? Is your supplier capable of offering both options?
3. Release planning availability
The security industry has witnessed many mergers and take-overs. Brands that were once dominating the industry sometimes seem to slip into a state of dormant existence. Have you checked the future plans of your potential supplier with the access control system that you plan to buy? Can they present you with a clear and detailed release planning for the upcoming years? If the use and Agile/Scrum development approach the must be able to share the highlight of their backlog with you.
2. Custom development or standard building blocks?
Every organisation is unique. And the bigger it gets, the more unique it becomes. Many organizations have made the mistake to demand custom development from their supplier. It may seem like a good thing on the short term. The system has adapted itself to the organization instead of the other way around. The two big questions however are: How did your supplier construct that bespoke solution? And what does that mean for future situations? Whenever possible we would always, as much as possible, stay away from custom development in access control. Make sure standard building blocks are used that can be re-arranged for future situations with altered requirements. It helps if the vendor understands the industry that you are in. If you are securing an airport, the right supplier probably will have standard building blocks (modules) available that are used by many clients in the aviation sector. That way you are sure you will profit from future developments by that vendor to its system without having to maintain and improve that bespoke system that was built.
1. Reliable brand and experienced vendor
We are witnessing an era of change and innovation in our industry. Which is great. New opportunities become available to secure your organization in a more effective and more agile way. Those new entrants in the industry may have great ideas. But it may also be good to distinct promising developments from well-developed features. Having the right intention does not automatically mean that the right expertise and the right experience are available to implement that great access control solution for your enterprise organization. It does not mean automatically that start-ups should be avoided, but it may be smart to check references and to make sure that the backbone of your system is realized by a company you feel you can rely upon now and in the years ahead…
These were our ten attention points when selecting an enterprise access control system. Do you agree? Are important points missing? How do your current system and supplier compare to these topics? Let us know below…