The panelists in the discussion were Simon Wallén, Director Nordic Sales at Nexus Group. Robert Jansson, Director of sales at Stid Security, Nordics and Eastern Europe, Magnus Olsson, Head Of Business Development at Seriline, and Tore Brænna, Lead, Business Development EAD, Scanbalt Dormakaba.
A grey zone
Robert Jansson, from Stid Security, is convinced that we will see a more international access control market. Even Sweden, the home of the global market leader Assa Abloy, will be affected. The increasing import of access control products will also contribute to more open systems.
“The entire market in Sweden has been proprietary for a long time. The customers around the world that we serve, they are global and interested in having a platform that they can smoothly run anywhere: in Sweden, Denmark, Norway, Germany, USA and so on. We will see lots of this when the larger international companies are consolidated,” Robert Jansson says.
Simon Wallén at Nexus adds that the standards must also be open for that to happen.
“It’s a question of levels, it will never be completely open or completely closed. A 40 percent transparency would result in large cost gains and gains in the ecosystem as such. It is never the case that it is completely proprietary or completely open, but there will be different layers, there will be different situations, different users, and equipment for it,” says Simon Wallén.
Robert Jansson states that manufacturers have their driving forces, and buyers and end users have their driving forces. Sometimes they agree, sometimes not.
“There are two fairly clear ways to go, proprietary or open. I think the open will win in the long run,” he says.
Identity of everything
Simon Wallén claims that one of the strongest trends in the market for access control is increased focus on identity.
“I think we are starting to see an awareness of how to secure the identity of the first link in the chain, we talk quite a lot about card technologies, about how to protect an identity and so on. But if one cannot be sure that the specific credential is used by the specific person it is intended for, then the protecting technology doesn’t matter anymore.”
Simon Wallén compares it to a passport: it is not worth anything for the technology itself, but because everyone knows that the police and a number of authorities guarantee that the person is what the passport shows.
Robert Jansson agrees that the issuance of identities for people and things will be more and more important.
“We have to have an identity in almost everything, from light bulbs to cars and access control and readers,” he says.
Magnus Olsson at the IAMcompany Seriline emphasises the importance of identity management from another perspective.
“When we talk about identity, it is important to make sure that you only have one identity in your system, not several. It makes it much easier when a company needs to remove a user from their IAM-system, for example, when someone leaves their employment and should no longer have access to the facilities of the company,” he says.
Simon Wallén stresses that identity management is linked to the IoT.
“It is already a part of it, when you look at smart buildings and flexible access to a safe entry into buildings. IoT is a pursuit of automation, intelligence, and big data, then the access to the information collected by different systems must be protected. There the access control system with its extension is important”, he says.
Another trend is that standards are becoming more important, and the introduction of GDPR was for sure a game changer.
“Standardisation will help end customers, and also installers who will help end customers to be safe when the identity is forced over from the card carrier via the reader into the system. Also for mobile ID, these trends are very clear,” states Robert Jansson.
Outdated technologies still linger on
The panelists were also in agreement that the choice of card technology sometimes reveals lack of knowledge and security awareness. It still happens in public procurements that consultants request Mifare Classic, which was hacked already in 2007, according to Robert Jansson.
“Many have transferred over to Mifare Desfire but we continue to see, that some of the old technologies installed in the late 1990s still remain. We would have liked the development towards safer card technology to be faster,” comments Magnus Olsson.
Simon Wallén thinks that digitalisation in access control isn’t really going smoothly.
“For obvious reasons, it takes a long time to replace a complete ecosystem to find more modern and user-friendly alternatives. There is always a trade-off between whether it is for sure, what it costs and how easy it is to replace it. And it is also a matter of whether the customers are aware that the existing systems need to be replaced,” he says.
Tore Brænna at Dormakaba thinks one should be careful about switching from short to mobile solutions.
“In any event, customers should be aware of the standards relating to the use of mobile phone solutions, and in particular, companies that feel there could be a security risk.”
More and more apps
Robert Jansson is positive about mobile solutions and believes that there is always a balance between convenience and security.
“People often want a convenient system rather than a secure system. If you can obtain both a comfortable and secure system, then you should of course have it. However, we use the phone for everything in our lives today, we send bank transactions and sign with both qualified and unqualified certificates, we email, and read sensitive details from the tax authority – the technology is there to build a comfortable and safe solution, but you have to be very clear about what you are doing.”
Robert Jansson also points out that Apple “blocks” the use of NFC and therefore many are more or less forced to run with Bluetooth or BLE to be able to have a mix of both Iphones and other phones.
Magnus Olsson believes that solutions for using the mobile phone as a credential in an access control system are often proprietary.
“In that way, it becomes a step back: if you go to one company, you get a solution, you go to another you get another solution and that means that there will be many apps in the phone”.
Simon Wallén believes that NFC is a factor of uncertainty because Apple is big enough to do what they want.
“On the other hand, I believe it will be more standardised in the future: which carrier we will use. Whether it is Bluetooth or not, we will focus on identity and how we protect it, regardless of whether it is a card or a mobile phone that is used,” he says.
Biometrics too slow
Biometrics is something that has been discussed for a very long time in access control. Here, too, a balance is struck between convenience on the one hand and safety on the other.
“You can make it very safe and not allow access to someone who has a dirty thumb, for example, or you can do it more conveniently. Most people come to a compromise somewhere in the middle. GDPR is a sensitive point here, you must not store biometric data anywhere, anytime or anywhere,” claims Robert Jansson.
For day to day applications, many companies find that PIN codes are too slow to combine with cards and even for biometric solutions, time is a factor.
“We sell biometrics equipment, but due to convenience and speed, biometrics has become less of a success than the market thought it would be,” says Tore Brænna.
Cloud solutions are growing
Magnus Olsson thinks that the industry has been quite slow in moving towards cloud solutions, but that it has gained some momentum and is ongoing right now.
“It’s clear that cloud-based solutions offer great benefits, as well as there being other benefits to having them “on-site”.
Tore Brænna emphasises the benefits of cloud services and access control as a service is a growing part of the industry.
“Some have an old PC with an operating system that is no longer sold, and it is clear that you avoid the problems there if you have a cloud service that is updated automatically ‘on the fly’, but at the same time, there are some high-security customers who do not want data to be in a cloud service and want it on-site.”
Simon Wallén states that while an access control system should prevent unauthorised persons from entering, companies today, should primarily want to protect information.
“Honestly, it´s not what is in the premises, but what the company owns in the form of information, that is important. I don’t think many people have trade secrets physically printed in binders anymore, they are stored somewhere else, for example in the cloud. We meet companies that are opposed to having their access control system in the cloud, but at the same time, they might have all their businesscritical information already in the cloud,” he concludes.