SecurityWorldMarket

22/06/2026

Access control must extend beyond the building

Groenlo, The Netherlands

For many organisations, access control is still centred on the building. But operations and the majority of physical risk often are not.  Jeroen van Os, Commercial Lead - Global Technology Partnerships at Nedap is urging companies to think more deeply about their access control systems to avoid risking gaps in their corporate security structure.

In the past, access control was designed around fixed locations, users, and credentials. But that model doesn’t work when assets are distributed.

Even if sites are visited infrequently, they still need to be protected. Especially as remote, often unmanned, locations are being targeted more frequently. And access needs to be easy for those authorised.

Without the right setup, issues can include technicians having to collect keys or be escorted onto site. Keys can be lost, shared or copied. Access isn’t time-bound. Sites can be left unsecured. And visibility is limited, making it difficult to track who accessed what, when, and why.

The impact can be significant

Focusing only on buildings for access management leaves gaps that, however small, can have a big impact. This includes:

  • Increased security risks: Unauthorised access becomes more likely when remote sites lack proper protection.
  • Operational inefficiencies: Time can be wasted and costs incurred in a range of ways, from credentials being issued manually to delays getting started on site.
  • Compliance challenges: Regulatory demands are increasing. NIS2, for example, requires physical access logs for all locations, not just connected sites.
  • Reporting is difficult: If there’s no record of who accessed what or when, audits are incomplete and investigations lack traceability.

A shift to identity-based access

According to Van Os, for access control to operate efficiently and effectively across distributed assets, it must start with the individual. Access control then moves from ‘Who can enter this building?’ to ‘Who is this person and what can they can access – why, where, when and how?’

Shifting from purely location-based decisions to identity-driven access. With that approach, access authorisations can stay in line with policies and regulations at every access point, and follow users across locations, asset types, access methods, and identifier types.

An example of how this might when the right, identity-based access management in place follows:

  • A contractor requests access to a substation at a specific time.
  • The manager responsible approves this request remotely, online.
  • Access is issued instantly to the contractor’s smartphone and is stored as a mobile key.
  • They arrive in driving rain and use this mobile credential to quickly gain access through the perimeter gate, into the storeroom and to the equipment they’re authorised to use.
  • Every access event is logged automatically.
  • Their access to this substation expires in line with the company’s policy, or the time and date set by the manager approving access.

This approach eliminates physical key management, reduces delays, and ensures every access event is controlled, time-bound and fully traceable.

The right platform to make it work

The move to identity-centric access control requires the right platform. Particularly when assets are distributed. Ideally, it should enable all of the following:

  • Centralised governance: One place to manage people, permissions, assets and events.
  • Coverage beyond doors: Control that extends, without compromise, to cabinets, gates, remote infrastructure, and more, in online and offline environments.
  • Real-time control: Instantly grant or revoke access.
  • Full visibility: An end-to-end audit trail showing who accessed what, when and why.
  • Works in all environments: Including harsh weather and remote locations without power.
  • Works with a range of identifiers: From badges to mobile keys.

One platform, every access point

As an example, the AEOS-ILoq platform is designed to manage access centrally across every location and environment. It takes an identity-first approach and is built on a best-of-breed partnership between Nedap AEOS access control and Iloq’s smart locks.

AEOS enables centralised, online access control that’s easy to use, manage, integrate, and scale. And Iloq’s smart locks extend the access control system to every location – from power plants in remote areas to gates in extreme climates. They’re opened via a mobile key on your smartphone and powered by NFC from the phone. So they don’t need batteries, cables, or a signal.

This streamlined platform approach enables operational costs and efficiencies; high levels of security; easy compliance; flexibility and scalability; and it allows for sustainability improvements such as no need for batteries and lower travel costs for maintenance etc.

Extend access control beyond the building

The building is no longer the centre of access control. Organisations that continue to treat it that way risk gaps in security, inefficiencies in operations, and a lack of visibility where it matters most.

Organisations that extend access control beyond the building gain control that reflects how access actually works – across every location, asset, and environment.


Tags
News from the startpage
Go to "Business News"  

Product Suppliers
Back to top