SMART Access & identity 2024

MOBILE ACCESS CONTROL

carry a card, present a phone, or deal with a flat battery or ‘forgotten phone’, which can be used for intended access breaches, makes the proposition less attractive. It is an appealing option for non-biometric implementations, although our clients still prefer the security and convenience of pure biometrics. The new offerings with biometrics on mobile, as part of mobile credentials, are attracting lots of attention when it comes to PoPIA, where storing biometrics centrally is avoided, especially in corporate environments, and mobile credentials, with biometrics or not, is very attractive for residential estates and member access to, i.e., gyms, sport, and entertainment facilities. SMART Security Solutions: What are the benefits of mobile credentials for physical access control, from simple door access to access to secure locations, as well as multiple locations nationally or even internationally? Blignaut: Using a mobile device as a security credential offers many benefits to organisations, from small businesses to large enterprises. Waving or tapping a mobile device to access a space is convenient for users, particularly for younger generations who have grown up in a world where they can seamlessly use their mobile devices to do anything, from paying for coffee to reserving a yoga class. There are many other benefits, too. Take human resource administrators, for example, who can save time with secure, centralised mobile identity management, fast provisioning, and simple enrolment. Organisations can also efficiently manage multiple locations from a single platform, eliminating the need to ship plastic credentials to various facilities or individual employees. As more companies take action to meet concrete sustainability goals, mobile access offers an environmentally friendly solution that reduces the use of resources. The use cases for mobile access are vast and exciting, going beyond simply opening doors to include providing contactless, seamless access to a wide range of devices and services, such as time-and-attendance terminals, cashless

vending machines, printers, computers, workstations, and even parking locations.

and heightened security. This approach allows users to access both physical spaces (like buildings or rooms) and digital resources (such as accounts or databases) using their mobile devices as authentication tools. Companies are increasingly adopting this method because it streamlines access management, offers better control over permissions, and reduces the reliance on traditional physical keys or access cards, which can be easily lost or stolen. Of course, some industries require physical IDs or badges, even when mobile access control is being used. Such is the case in the healthcare industry or government, where employees are required to visibly display identification badges while at work due to compliance requirements. There is a significant shift in attention towards digital access methods that surpass the limitations of passwords or one-time passwords (OTPs). Passwords are susceptible to being compromised or forgotten, leading to security vulnerabilities and user frustration. As a result, companies are exploring more robust authentication methods, such as biometrics (like fingerprint or facial recognition), multi factor authentication (requiring multiple forms of verification), and token-based systems. These alternatives offer enhanced security layers, while providing a more user-friendly and seamless authentication experience; contributing to a more robust overall access control strategy. Lakin: Combining the physical and digital worlds is a good idea regardless of the credentials used, and anything that can move away from OTP or passwords is good. Mobile credentials bring the focus from physical to digital because of the form factor of the verification method. The security levels, wording and functionality lend themselves to a greater understanding of the process by IT departments. This subtle change in positioning enables more ‘joined-up’ thinking instead of the traditional approach of two distinct budgets, one for security and one for IT. Communication methodology is bringing the two worlds closer together. New European legislation, which demands that the two are closely associated, will speed this process as more businesses seek guidance with their security protocols. Not all European legislation lands in southern Africa, but globalisation will require local specifiers and consultants to be aware of these, at the very least, before making their final recommendations to their clients. Rautenbach: I feel that the logical access applications are limited, and until we find a Continued on page 24

Lakin: Mobile credentials are inherently more secure than their physical counterparts. They reside within a secure mobile device, protected with multiple levels of encryption and can only communicate with other secured devices. As with STid Mobile ID, additional layers of security can be added to a site/s or specific door/s by implementing multifactor authentication or even biometric authentication as a standard configuration option. The flexibility of Bluetooth allows for multiple functionalities within the same credential, depending on the individual door requirements. Issuance and revocation can be managed instantly across multiple users in multiple real time locations with no product redundancy. Mobile credentials also provide users with the ability to implement a completely green solution. Rautenbach: You always have your mobile, you do not need to remember something else, you do not easily lend it to someone else, and you surely report it when missing. It is important to differentiate between online and offline mobile credentials. Offline resides on your device, with some expiry, whereas online is authenticated in real time using your mobile or access terminal. In the latter case, it is a good business case for assigning one-time access on demand for contractors who need to access facilities such as cell phone towers, substations, etc., or any other facilities on an ad-hoc basis. SMART Security Solutions: Combining physical and digital access control would seem like a good idea when mobile credentials are used – is this happening in the real world? Are companies paying more attention to digital access that goes beyond passwords (or the highly annoying OTP)? Blignaut: Integrating physical and digital access control, leveraging mobile credentials, has gained traction due to its convenience, flexibility,

23

www.securitysa.com

access & iden i y 2024