SMART Access & identity 2024

ACCESS & IDENTITY ROUND TABLE

Wouter Du Toit, Tarryn Fortune, Walter Rautenbach.

Continued from page 18

is still climbing. The company has enormous targets for getting more active credentials out in the market, noting that these will not only be for access control. She quotes Omdia, which predicts over 45% growth for mobile credentials compared to a paltry 4,5% for cards; so, it seems the company’s expectations are well based. Mobile access is not for everyone and every situation, and this is where educating the user base is, once again, vital. The new generation of young people is far more likely to accept mobile credentials than any others as they are mobile-first and want convenience, sustainability and everything on their phones. It is also up to the company and each user to determine how much they want on their phone and what information they want to share while protecting their privacy. Cybersecurity, last but not least Any and every electronic device, no matter what industry it is used in, needs to have some form of cybersecurity built in today. It needs to be updatable to newer firmware versions and to fix coding errors and vulnerabilities. As painful as it may be, that is simply a reality we live in and must become as common as locking your car doors. The participants are well aware of their cyber responsibilities, with Fortune noting that cybersecurity is central to everything Gallagher does. She says all Gallagher devices are encrypted, from the reader to the controller and the server. The company’s Command Centre management platform has a security module that scans all Gallagher devices attached to it to ensure they are secure, have the latest updates installed, etc., showing where any vulnerabilities may lie. The catch here is when users mix and match cheaper products that do not focus on cybersecurity with those that do – no matter how secure 99% of your infrastructure is, one vulnerable device can result in a breach. This is not only in terms of cybersecurity but also privacy, as once inside a system, all the information a company has could be exposed. Securing data is especially critical when storing data in the cloud. This goes back to education,

says Meltz. The old problem of default passwords is still an issue despite all the publicity around the danger of these practices. These security processes, which should be standard in every company, are often ignored for convenience. As Russel says, “Common sense is not always so common,” hence the need to educate clients even if cybersecurity is not your speciality. However, Rautenbach notes that the biggest threat is potentially from the inside, which means access and identity security fail when someone with the proper credentials gives criminals a helping hand. Here, we go back to education and helping users understand all the potential risks and do what is necessary to mitigate them. Du Toit notes that IDEMIA ships with security enabled by default, but that does not help clients if the rest of the infrastructure is poorly secured. The industry is no longer technology or product focused. Today, the solution implemented, how it is integrated into the digital enterprise (whether large or small), and what additional benefits or services it can offer garners more interest than ever before. SMART Security Solutions would like to thank all the participants in the round table for their time and input. For more information, contact: • Enkulu Technology, +27 87 551 3005, sales@enkulutech.co.za, www.enkulutech.co.za • Gallagher Security, +27 11 974 4740, • HID Global, +27 66 244 9652, ilze.blignaut@hidglobal.com, www.hidglobal.com • Ideco Biometric Security Solutions, +27 12 749 2300, contact@ideco.co.za, www.ideco.co.za • IDEMIA, +27 83 622 2333, wouter.dutoit@idemia.com, www.idemia.com • neaMetrics, +27 11 784 3952, info@neametrics.com, www.neametrics.com sales.za@gallagher.com, www.gallaghersa.co.za

very least, being developed at the moment, making keeping personal information on people a hassle. The advances in smartphone technology now allow the device to hold an individual’s biometrics and other personal data (encrypted), which the mobile credentials can check for before authorising access (or any additional authorisation required, whether in the canteen or logging into a computer, or even replacing the old medical aid card, and more). The problem is the security of each device and its ability to run the current credential applications – economic reasons are seeing more people holding onto their smartphones for longer, and just because there is a new version isn’t always enough to warrant spending more money. All the vendors at the round table have mobile offerings to support their biometrics, card or PIN access methodologies. Still, one area for improvement in the current mobile credential market is standards. Rautenbach explains that no international standards govern mobile credential use, so each vendor implements their own proprietary solutions. While this may be good as far as security is concerned, it does mean that, for most manufacturers, lock-in is a reality, and you cannot mix and match mobile credentials with ease. Mixing and matching modalities, however, is simpler than ever and quite common. While Meltz believes the use of mobile will grow, he does not see a complete move to this technology, saying, “I cannot see 5000 miners using their phones to go down a mineshaft.” Then there is also the question of user reluctance; many wonder what else their company can see on their phones if they install a corporate access control app on their device. Given the contempt large enterprises have displayed for user privacy (despite ‘privacy washing’), this is a valid question that must be answered. Not so slow, after all Blignaut says that HID is not seeing a slow uptake of mobile credentials, having passed the two million active credentials mark, and it

20

www.securitysa.com