Download PDF version Contact company

Gregor Schlechtriem has worked in the access control market for over 20 years and is now responsible for the Access & Intrusion Business Unit at Bosch Building Technologies. In this interview, the expert talks about key industry trends, the impact of the COVID-19 (Coronavirus) pandemic, technical innovations and his company’s strategy.

Mr. Schlechtriem, you have many years of experience in the security technology market. What is your background and what are your responsibilities as Senior Vice President at Bosch Building Technologies?

Gregor Schlechtriem: I am a trained engineer and electrical technician, and have been involved with access control in the broadest sense, since I started my career in the late 1980s. I started in the field of parking garage technology and then switched to security technology in 2001, as Managing Director of micos GmbH, which specialised in traditional access control.

micos GmbH was known for its highly available and highly secure access control systems, for critical infrastructure and government applications. Many systems from that time are still in use today and continue to be supported and upgraded.

Bosch is continuing micos’ business here?

Gregor Schlechtriem: Exactly, micos was taken over in 2004 by Bosch Security Systems, now known as Bosch Building Technologies. Since then, we have continuously been developing the access control business.

Being part of the Bosch Building Technologies division, we benefit a lot from international cooperation with colleagues

Being part of the Bosch Building Technologies division, we benefit a lot from international cooperation with colleagues and from overlap with other product lines, such as intrusion detection technology and video security. This gives us the opportunity to implement outstanding project solutions for demanding customers in an international environment.

In developing this business, I rely on my experience from other interesting roles at Bosch that I took on, after micos was bought in 2004. For a time, I worked in the European System Integrator Business, which I also had the privilege of managing for several years, as well as being directly responsible for business units.

In Fairport, USA, I had the overall responsibility for intrusion detection technology for many years, as I later did in Eindhoven for video systems. Since 2018, the global access control and intrusion detection business has once again been my direct responsibility.

At Bosch Building Technologies, we have in the meantime assigned sales to the respective business units, so that we can develop our product and solution portfolio, in close cooperation with sales and our regular customers. Our main task now is to make our access control portfolio accessible to a broader market. We want to make Bosch much better known, as an access control provider, in the international market. After all, with our own access product portfolio, the power of the Bosch Group and over 40 years of experience in this sector, we have a lot to offer.

As an expert in access control, how do you see the industry developing? In which direction is it currently evolving?

Gregor Schlechtriem: First of all, I see that security requirements are constantly increasing. Whereas there are currently still simple ‘key replacement systems’ that merely record card numbers, such an approach, to a large extent, no longer meets today’s security and user experience requirements.The core task of access control has not changed over the years

In the beginning, access control was more or less a kind of key replacement. Later, there was the possibility of increasing security via a pin code, i.e., via verification through simple data inputs. The next step in this direction was biometrics, which is another key step up, because it allows verification by means of unmistakable characteristics.

However, the core task of access control has not changed over all the years and has basically always remained the same: access control means determining who has an access request and checking whether this request can be fulfilled.

What’s next on this path to greater security?

Gregor Schlechtriem: Biometrics-based access control is becoming increasingly powerful and user-friendly through the use of artificial intelligence (AI). Here, data protection plays a major role, as wherever identities are established and movement data is recorded, it is necessary to reconcile the evolving technology with data protection.Biometrics-based access control is becoming increasingly powerful and user-friendly through the use of artificial intelligence

The question of data protection is becoming even more significant, as systems increasingly migrate to the Cloud. Bosch puts particular emphasis on ensuring that, even in the cloud, the data generated in access control is always in line with data protection rules, regardless of where it is located.

In my opinion, this trend towards the Cloud will continue, because companies are increasingly looking for complete service offerings, so that they can focus on their core business. Also, a system in the Cloud is easier to maintain and always up-to-date with the latest software, which makes cloud solutions even more attractive for providers and users.

How can higher security be reconciled with a good user experience?

Gregor Schlechtriem: Today, the card still plays a central role in the user experience, as the essential credential. Another current trend is ‘one card for everything’: with the increasing availability of secure multi-function smart cards, the possibility arises to use cards beyond the pure access function, for example, for payment in the canteen, at the catering and coffee machines, and in the parking garage, as well as simple access to other properties and so on.The security of cards has evolved significantly and kept pace with requirements

The security of the cards, the reading and encryption processes, has evolved significantly and kept pace with requirements, although we are also facing an installed base that no longer meets these requirements, due to outdated systems.

Today, it is standard for communications between reader and card to be encrypted. In some cases, the keys are also only held centrally to further increase security.

The security systems industry was also affected by the COVID-19 (Coronavirus) pandemic. How do you think the industry has changed? What technical solutions have emerged during this time?

Gregor Schlechtriem: First of all, there is a certain need for retrofitting in the industry due to changes in how buildings are used. For example, American retailers used to be open around the clock and always had staff on site. Now, due to COVID-19, stores are also closed, and this results in a whole new need for intrusion detection and access control systems to protect the buildings.

For access control, an obvious task has arisen as a result of the COVID-19 pandemic, namely to track contacts, as far as this is compatible with data protection. We actually expected more to happen here, but in our observation, many companies did quite little, despite clear and simple steps that could have been implemented relatively quickly. The installed access control systems clearly lag behind the technical possibilities.

Another topic that the COVID-19 pandemic has brought into focus is hygiene

Another topic that the COVID-19 pandemic has brought into focus is hygiene. Companies should actually have invested in contactless systems here and retrofitted speed gates or motorised doors. But in many cases this was not put into practice.

The door opener is still often used, which has to be operated manually and therefore, is touched multiple times. But, if everyone presses the same button, that doesn't help hygiene. Surprisingly, this is different in North America.

Here, ‘request-to-exit’ proximity detectors are used almost everywhere, which avoids this problem completely and releases the door, when an authorised person approaches it.

Mobile access and smartphone-based access control are also growing markets. What kind of developments do you see in these areas?

Gregor Schlechtriem: I already mentioned that users increasingly want to be able to use one card for several applications. But, what we are seeing here is that even with the most modern cards, which have a lot of applications loaded on them, we are reaching performance limits and the user experience suffers.

If you compare the card with the smartphone as a credential, you have a much more attractive integration platform there, which is significantly faster and delivers much better performance. For us, the mobile credential or the smartphone is the future, because it simply offers more possibilities that the card will not be able to provide in the long term.

What is the specific direction Bosch is taking here?

Gregor Schlechtriem: We are currently working on a broad implementation. A whole team is working on the user experience around the smartphone, because it’s understood that smartphone-based access has to work just as easily, as it currently does with a card.A whole team is working on the user experience around the smartphone

In theory it does, but if you look at some of the actual implementations, this topic is still relatively complex. In terms of user experience and automation, we still have quite a way to go, and we are working hard on that at the moment.

The user experience is one side of the coin, the other side concerns establishing security in the smartphone as a whole. In other words: How do I make the smartphone secure enough as a mobile credential, to meet my access control requirements? We are also working intensively on this.

That's actually an IT task. Do you do this yourself at Bosch or do you work with external experts here?

Gregor Schlechtriem: We have our own powerful Bosch IT, which also manages our company smartphones. If our company smartphones are lost, the data on them is automatically deleted.

The devices use biometrics to identify users, before they can access the data. It is a sound security concept that a card cannot offer. Moreover, we are working with other partners in the IDunion project, to create the additional infrastructure around mobile credentials as well.

What exactly is the IDunion and what role does Bosch play?

Gregor Schlechtriem: Digital identities must be openly accessible, widely usable, interoperable, and secure. This applies not only to access control, but to the digitised economy in general. The IDunion project has set itself the task of creating the infrastructure for this, in the form of an independent wallet, i.e., secure identity storage on smart devices.

The project is funded by the German Federal Ministry for Economic Affairs and Energy (BMWI), because digitisation is also a critical social issue. We are intensively involved in the ‘Physical access to the building’ work package in this consortium. Through this involvement, we want to ensure that our access control systems benefit from this infrastructure and are open to future digital business models.

Does ‘digital identity management’, which includes biometrics and mobile access, also play a role for Bosch?

Yes, it plays an important role for us, and I wouldn’t consider these topics separate

Gregor Schlechtriem: Yes, it plays an important role for us, and I wouldn’t consider these topics separate. For me, a mobile device has the advantage that it has already ensured and verified my identity from the moment of interaction. That’s the fascinating thing about it. If I only allow the device to communicate with the access control system, if I have identified myself first, I have implemented biometrics and access control together in a widely accepted process.

From my point of view, this is a very interesting perspective, in terms of security and user experience, because the biometrics procedures in smartphones are, I think, the best currently available. In my view, the smartphone has the potential to take over central functions in access control in the future.

What are your goals for the access control business of Bosch Building Technologies in the near future?

Gregor Schlechtriem: We will continue to focus on specific solutions for large customers. That is the continuation of our current strategy. In these projects, we will introduce new topics as I have just described, i.e., primarily new technology elements. I believe that, precisely because of the longevity of access control, a long-term migration capability is also of particular importance.

We want to reach out to the broader market and make more widely available, what we have developed in terms of technology and innovation. We are currently in the process of setting up and optimising our sales organisation, so that it becomes much more widely known that we at Bosch have our own powerful access control portfolio, which can be used for all kinds of applications.

In addition, we want to differentiate ourselves in the market with our systems, in line with the motto of our founder, Robert Bosch: ‘Technology for life’. The user experience with Mobile Access should be simple, straightforward, and secure: You hold your smartphone in front of the reader and the door opens.

Download PDF version Download PDF version

In case you missed it

What change would you like to see in security in 2022?
What change would you like to see in security in 2022?

Here’s a news flash: 2022 will be a pivotal year for the security industry. As we enter the new year, continuing change is a safe prediction for any fast-moving, technology-driven marketplace. Recent history confirms the ability of the security industry to shift and adapt to changing conditions and to provide an ever-expanding menu of technology solutions to make the world a safer place. Given that the new year will bring change, what will that change encompass? More to the point, what should it encompass? We asked this week’s Expert Panel Roundtable: What is the biggest change you would like to see within the security industry in 2022?

2021’s most popular expert panel roundtable discussions
2021’s most popular expert panel roundtable discussions

Topics that dominated our website’s Expert Panel Roundtable articles in 2021 included the effects of COVID-19, the benefits of mobile access, the upcoming potential of deep learning, and the future of access control cards. Our website’s Expert Panel Roundtable discussions in 2021 reflected some of the most timely and important topics in the industry. The very most clicked-on Expert Panel Roundtable discussion in 2021 considered the positive and negative effects of COVID-19. The second most popular was trends in perimeter security technology. Smart video solutions Here is a roundup of the Top 10 Expert Panel Roundtable discussions posted in 2021, along with a ‘sound bite’ from each discussion and links back to the full articles. Thanks to everyone who contributed to Expert Panel Roundtable in 2021 (including the quotable panelists named and linked below). The pandemic has impacted security in many ways, some we are just now realising" What are the positive and negative effects of COVID-19 to security? “The pandemic has impacted security in many ways, some we are just now realising. On the negative side, integrators were limited in their ability to access customer locations, posing significant challenges to supporting customers. Innovation was also halted in many sectors – such as AI and edge computing in healthcare. However, the pandemic increased awareness regarding the need for smart solutions that can aid in these types of crises. Smart video solutions have been identified repeatedly in the media as a potential pathway to better customer experience and increased safety.” – Alexander Harlass. Reducing false alarms What are the latest trends in perimeter security technology? “What’s really important in perimeter security is the minimisation of false alarms, not simply the potential detection of what might be an unauthorised person or object. In light of that, many systems now include alarm validation that can confirm an alarm event using a camera. The utilisation of AI-based technologies can further validate the accuracy of the alarm, making it as accurate and precise as possible. I anticipate seeing more cross-technological integrations to reduce false alarms, so that personnel in an alarm center spend as little time as possible in validating an alarm.” – Leo Levit. What will be the biggest security trends in 2021? “2021 will see artificial intelligence (AI) become more mainstream. There will be increased deployment in edge devices, including cameras, thermographic cameras, radar and LIDAR sensors, entry point readers, etc. Additional algorithms will be developed, greatly expanding the use and function as video surveillance transitions from a forensic tool to real-time analytics. This increases the value of these systems and helps create ROI cases for their deployment.” – Tim Brooks. Access control solutions Investments in tools and platforms to drive digital interactions have accelerated" What will be the security industry’s biggest challenge in 2021? “The security industry is traditional in the sense that it relies heavily on face-to-face interaction to do business with customers and partners alike. COVID-19 has put a hold on in-person meetings, trade shows, etc., and this trend is likely to extend throughout 2021. Virtually recreating these personal touchpoints, while cultivating and strengthening internal and external relationships, will continue to be both a challenge and opportunity for the security industry. Investments in tools and platforms to drive digital interactions have accelerated.” – Robert Moore. What are the challenges and benefits of mobile access control? “Mobile access control solutions are an exciting innovation in a market where the day-to-day user experience hasn’t changed much in the last 20 years. One area that has clear benefits and challenges is in improving the user experience. On one hand, physical credentials are expensive and a hassle to administer; however, they work reliably, quickly, and predictably. Mobile credentials are convenient in that everyone already has a smartphone, and you don’t have to admin or carry cards; however, when you’re actually standing at the door they need to work as well or better than physical credentials, or the benefits are lost.” – Brian Lohse. Attacking critical infrastructure What are the security challenges of protecting critical infrastructure? “It seems so often we hear about a new threat or cyber-attack in the news. Because of the rapid growth in technology over the last few years, cybercriminals are getting bolder and discovering new ways to attack critical infrastructure. One of the biggest challenges boils down to the capabilities of the operating security system and whether the organisation is aware of the current risks they face. Because there are so many points of entry for cybercriminals to target within critical infrastructure, it is vital that the security solution be prepared for attacks at every level.” – Charles (Chuck) O’Leary. They are more aware when they make physical contact with doors and interfaces" Which security technologies will be useful in a post-pandemic world? “People have become more sensitised to crowds and personal space. They are more aware when they make physical contact with doors and interfaces. As the pandemic subsides, these habits will likely remain for a majority of people." "Utilising AI-based cameras to accurately monitor the number of people in a room or in a queue will enable staff to take action to improve the customer experience. For example, AI-based analytics can quickly notify security or operations when people are waiting at a door and initiate 2-way audio for touchless access.” – Aaron Saks. Central monitoring station What is the potential of deep learning in physical security and surveillance? “Deep learning, a subset of artificial intelligence, enables networks to train themselves to perform speech, voice, and image recognition tasks." In video surveillance, these networks learn to make predictions through highly repetitive exposure" "In video surveillance, these networks learn to make predictions through highly repetitive exposure to images of humans and vehicles from a camera feed. That ability is ideal for use with drones patrolling perimeters seeking anomalies or in software that significantly reduces the number of false alarms reported to central monitoring station operators. Through use, the software continues improving its accuracy.” – Brian Baker. Valuable audit trail How soon will access control cards become extinct and why? “Access control cards will go the way of the dinosaur, but they still have some life left in them. For the short term, they have plenty of utility in minimum security use cases and leave a valuable audit trail. But for companies that are more technology-centric, particularly those with high value assets, we’re seeing demand for next-generation access control, which includes increased integration with video surveillance systems and professional monitoring services.” – Sean Foley. Which security markets are embracing touchless and contactless systems? “Touchless technology is not a new trend, but contactless systems and transactions have surged since the COVID-19 pandemic. Even after the pandemic is over, it is likely public perception of what is hygienic and acceptable in public spaces will have changed. [We are] seeing an uptick in touchless access control systems in the education and flexible office space markets.” – Brooke Grigsby.

Identity and access management in 2022 - what will the future look like?
Identity and access management in 2022 - what will the future look like?

As we enter into 2022, there is still a level of uncertainty in place. It’s unclear what the future holds, as companies around the world still contend with the COVID-19 pandemic. Remote working has been encouraged by most organisations and the move to a hybrid working system has become ‘business as usual’, for the majority of businesses. Some have reduced their office space or done away with their locations altogether. Following best security practices With all this change in place, there are problems to deal with. According to research, 32.7% of IT admins say they are concerned about employees using unsecured networks to carry out that work. Alongside this, 74% of IT admins thought that remote work makes it harder for employees to follow best security practices. This need to manage security around remote work is no longer temporary. Instead, companies have to build permanent strategies around remote work and security. The coming year will also create a different landscape for small and mid-sized businesses (SMBs). Here are some key predictions for next year and what to start preparing for in 2022: The reality of SMB spending around security will hit home SMBs had to undertake significant investments to adapt to remote working SMBs had to undertake significant investments to adapt to remote working, especially in comparison to their size. They had to undertake significant digital transformation projects that made it possible to deliver services remotely, during the COVID-19 pandemic. We’ve seen a shift in mindset for these companies, which are now more tech-focused in their approach to problem solving. According to our research, 45% of SMBs plan to increase their spending towards IT services in 2022. Around half of all organisations think their IT budgets are adequate for their needs, while 14.5% of those surveyed believe they will need more, to cover all that needs to be done. Identity management spending to support remote work For others, the COVID-19 pandemic led to over-spending, just to get ahead of things and they will spend in 2022, looking at what they should keep and what they can reduce their spending on. Areas like identity management will stay in place, as companies struggle to support remote work and security, without this in place. However, on-premise IT spending will be reduced or cut, as those solutions are not relevant for the new work model. Services that rely on on-premise IT will be cut or replaced. The device will lead the way for security We rely on our phones to work and to communicate. In 2022, they will become central to how we manage access, to all our assets and locations, IT and physical. When employees can use company devices and their own phones for work, security is more difficult. IT teams have to ensure that they’re prepared for this, by making sure that these devices can be trusted. Wide use of digital certificates and strong MFA factors Rather than requiring a separate smart card or fingerprint reader, devices can be used for access using push authentication There are multiple ways that companies can achieve this, for example - By using digital certificates to identify company devices as trusted, an agent, or strong MFA factors, like a FIDO security key or mobile push authentication. Whichever approach you choose, this can prevent unauthorised access to IT assets and applications, and these same devices can be used for authentication into physical locations too. Rather than requiring a separate smart card or fingerprint reader, devices can be used for access using push authentication. Understanding human behaviour Alongside this, it is important to understand human behaviour. Anything that introduces an extra step for authentication can lead to employees taking workarounds. To stop this, it is important to put an employee education process in place, in order to emphasize on the importance of security. The next step is to think about adopting passwordless security, to further reduce friction and increase adoption. Lastly, as devices become the starting point for security and trust, remote device management will be needed too. More companies will need to manage devices remotely, from wiping an asset remotely if it gets lost or stolen, through to de-provisioning users easily and removing their access rights, when they leave the company. Identity will be a layer cake Zero Trust approaches to security Identity management relies on being able to trust that someone is who they say they are. Zero Trust approaches to security can support this effectively, particularly when aligned with least privilege access models. In order to turn theory into practical easy-to-deploy steps, companies need to use contextual access, as part of their identity management strategy. This involves looking at the context that employees will work in and putting together the right management approach for those circumstances. For typical employee behaviour, using two factor authentication might be enough to help them work, without security getting in the way. How enterprises manage, access and store identity data There will also be a shift in how enterprises manage, access, and store that identity data over time For areas where security is more important, additional security policies can be put over the top, to ensure that only the right people have access. A step-up in authentication can be added, based on the sensitivity of resources or risk-based adaptive authentication policies might be needed. There will also be a shift in how enterprises manage, access, and store that identity data over time, so that it aligns more closely with those use cases. Identity management critical to secure assets in 2022 There are bigger conversations taking place around digital identity for citizenship, as more services move online as well. Any moves that take place in this arena will affect how businesses think about their identity management processes too, encouraging them to look at their requirements in more detail. Overall, 2022 will be the year when identity will be critical to how companies keep their assets secure and their employees productive. With employees working remotely and businesses becoming decentralised, identity strategies will have to take the same approach. This will put the emphasis on strong identity management as the starting point for all security planning.