The concept of door locks means something totally different in our current age of smarter buildings that house data-driven businesses. Hardware locks and keys are still around, but they co-exist with a brave new world of electronic locks, wireless locks, networked systems, and smarter access control. Locks can also increasingly be a part of a smart building’s flow of data. The opportunities of these new technologies and approaches are significant, but there are also pitfalls. I heard an interesting discussion about these topics presented by several business leaders from lock company Allegion at a press event at ISC West earlier this year. Here are some highlights from that discussion.


Q: What new developments in emerging technologies do you see in the coming years?

There’s opportunity for implementation of the technology to solve real problems"

Mark Jenner, Market Development Director: Connected locks, other types of sensors and all the data being aggregated inside buildings provide opportunity for data analytics. The buzzwords around technologies can cause confusion for integrators and end users, such as artificial intelligence, deep learning and machine learning, and what’s the difference among all of them? My opinion is that they are important, but the big theme across them all is opportunities for new business models for the integrator, and opportunities to solve problems for end users. And it’s not just technology for technology’s sake. There’s opportunity for implementation of the technology to solve real problems.

Devin Love, Market Development Manager: You can’t just have a solution looking for a problem. You see a lot of people who understand technology in their own lives, and they want to translate that into their businesses. That’s where I think it’s exciting. You now have all this technology, and people understand it to the extent that it improves their daily life. They go through their day with less friction, with more ease, and technology fades to the background. There are two levels of value. One is the longer, bigger, broader scope of what the technology can bring to a company using it, but on an immediate basis, there is the value of tracking how a business is running. These sensors are collecting data. For example, if you are a multi-tenant property, you can look at how amenities are being used. What do my residents really care about? That informs future decisions.

Robert Gaulden, Project Based Business Leader, Electronic Access Control: I have been studying the multi-family space for the last couple of months. The customer experience is really driving a lot of that technology adoption. What you’re seeing today, whether it’s a mobile device or some other device, is the ability to move throughout the property, and gain access to the perimeter and to your tenant space. All of this adoption is around that experience. There’s multiple players coming into the space, from Amazon wanting to deliver packages into the tenant space to residents who don’t want the inconvenience of using a key. Technology adoption to solve problems, and also to drive experiences, is where a lot of the balance will play out.

It’s important that we look at how integrators can use the technology to do business more effectively and efficiently"

Brad Aikin, Channel Led Business Leader, Integrator Channel: From an integrator perspective, there are two things. One is how they can approach end users, and the scope of what integrators consult with them about is wider. I think we as an industry are getting beyond those high-traffic, high-security applications. Those are still critical, but the value we bring around security and convenience is opening a new incremental opportunity. Also, the experience of the integrator and how they conduct their business is important, from generating quotes to communications to proactive servicing. It’s important that we look at how integrators can use the technology to do business more effectively and efficiently.

Gaulden: We as an industry, and we as manufacturers, need to understand what data we are generating so we can run our businesses more efficiently from every aspect, whether you’re the property manager, the building owner, the integrator, or whether you’re the manufacturer. These devices and technology are being pushed out everywhere and will generate the data. How we learn from that – especially when you apply security to it to be more proactive – provides huge opportunities.

Jenner: What data is important and what’s not? Folks get overwhelmed with too much data at some point. What’s important for an application at the end user level? What do they really need to solve the problem?

Love: Privacy gets involved as well, especially with consumer products. The attitude is “stay out of my private business.” But if you’re an employee now, all bets are off. Now you have a professional relationship with the people you work with, so there is a different lens that you look through when tracking data. You use the data to everyone’s benefit, and it’s a different paradigm than in your private life.

Aikin: Also, where does that data create a better experience for the person? That’s what drives the money and value: What level of information sharing makes my experience better? The technology is also getting smarter in terms of “how do we sort through the valuable information?

Hardware locks and keys are still around, but they co-exist with a brave new world of electronic locks, wireless locks, networked systems, and smarter access control

Q: As facilities connect more devices and sensors, the cybersecurity threats increase. We have already seen Internet of Things (IoT) devices being used as the attack point of cyber breaches. What are the vulnerabilities that make those attacks possible, and how can integrators protect their customers?

Love: Certainly, this is an extremely – maybe the most important – piece of our industry. What is the point of everything we do if we can’t instill that trust? But what we need to solve here also comes with opportunity. There’s certainly hope. You’re not seeing a frontal attack on the technology. It’s usually some loophole, or some older device that hasn’t been updated, or wasn’t installed correctly, or it was social-engineered. The opportunity is, not that it can’t be solved, but that it absolutely needs to be solved – and it can.

Gaulden: Integrators need the ability to understand that cyber layer and what it means. Nowadays, everything runs on the network, and you won’t even get past the IT department to get on the network if you don’t have the right staff, the right credentials. From an integrator standpoint, you need the ability to add to your staff, to understand everything from the product level to the firmware and the software level, all the way to the deployment of the holistic system. You can’t just say, “That’s not part of our responsibility.” All these devices are now riding on the network. They can be protected from a cyber perspective, or you will have vulnerabilities.

As manufacturers and business consultants to integrators, we should facilitate the conversation, that it is one ecosystem"

Aikin: Everything is a communication device. With the concern and need comes an opportunity for the integrator. But it’s also in making sure integrators are having that conversation with end users and setting the expectations up front. What I’m providing you on day one is the best in the industry at this time, but tomorrow it may not be. My accountability and service are to maintain that environment and keep it running. I may not physically change the device you see, but the service I’m bringing to you is that security, and that comprehensive dialogue. The IT stakeholders already have that expectation, but there is a chasm in some organisations between the physical security and the IT stakeholders, and the integrator is facilitating that conversation. As manufacturers and business consultants to integrators, we should facilitate that conversation. It is one ecosystem.


Q: Aside from cybersecurity, what are some of the other threats that integrators should be aware of as they work with customers to implement the new trends and technologies we have mentioned?

Aikin: It is diversifying, all the options and the capabilities. With that comes confusion and misapplication. If I look at the trends around just wireless; I go back 10 years ago, there were even questions of whether wireless was a secure technology. That has progressed and continues to be part of the cyber conversation, just like any hardwired product. It’s something you have to maintain and be aware of. Wireless has really diversified. There is still a need for education within the channel, and most importantly, to the end user. There are still end users that assume a WiFi widget is the same thing as a Bluetooth widget is the same thing as a low-frequency widget. But they are all different. There are reasons there are different technologies. Nothing stifles the adoption of technology more than misapplication.

We have different architectures within our lock base and among our software partners to allow a mix of technology"

Gaulden: Integrators understand the differences in how various doors are used and how those applications will work. In the K-12 school environment, you want the ability for an instant lockdown, and a WiFi deployment probably isn’t your best option. You need a real-time deployment. However, my office door at headquarters doesn’t necessarily need real-time communication. I can pull audits off it once or twice a day. You have to mix and match technologies. For a high security door, you would proactively monitor it. But for a door where convenience is the goal, we can put electronic security on it but we don’t need to know what’s going on at any moment in time. We have different architectures within our lock base and among our software partners to allow that mix of technology.

Jenner: End users want the latest technology, but it may not be for their applications. Those things drive more costs into it, when end users need to be putting money into cybersecurity and some other things. That’s part of the misapplication. Another risk is interoperability. That’s a big piece of the technology and as things change. How do we do a better job of supporting open architecture? It may not be a standards-based protocol, although we use a lot of standards, but we just need to make sure whatever protocols we use are open and easily accessible so we can continue to work with them in the future. We know that when our devices go in, they will support other parts of the ecosystem from an interoperability perspective. That’s important for integrators to know: How is this going to be applied and integrate with something in three, four or five years from now? It’s an expensive investment, and I want to make sure it will work in the future.

Main photo: Business leaders from Allegion discussed new trends in electronic and wireless locks at a recent press event: (L-R) Robert Gaulden, Devin Love, Brad Aikin and Mark Jenner.

Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Unifying the mobile experience: cloud, IoT and the AI evolution of access control in 2019
Unifying the mobile experience: cloud, IoT and the AI evolution of access control in 2019

The industry faces numerous challenges in the coming year. Physical and cyber security threats continue to become more complex, and organisations are struggling to manage both physical and digital credentials as well as a rapidly growing number of connected endpoints in the Internet of Things (IoT). We are witnessing the collision of the enterprise with the IoT, and organisations now must establish trust and validate the identity of people as well as ‘things’ in an environment of increasingly stringent safety and data privacy regulations. Meanwhile, demand grows for smarter and more data-driven workplaces, a risk-based approach to threat protection, improved productivity and seamless, more convenient access to the enterprise and its physical and digital assets and services. Using smartphone apps to open doors Cloud technologies give people access through their mobile phones and other devices to many new, high-value experiencesEnterprise customers increasingly want to create trusted environments within which they can deliver valuable new user experiences. A major driver is growing demand for the ‘digital cohesion’ of being able to use smartphone apps to open doors, authenticate to enterprise data resources or access a building’s applications and services. Cloud technologies are a key piece of the solution. They give people access through their mobile phones and other devices to many new, high-value experiences. At the same time, they help fuel smarter, more data-driven workplace environments. With the arrival of today’s identity- and location-aware building systems that recognise people and use deep learning analytics to customise their office environment, the workplace is undergoing dramatic change. Improved fingerprint solutions Cloud-based platforms and application programming interfaces (APIs) will help bridge biometrics and access control in the enterprise, overcoming previous integration hurdles while providing a trusted platform that meets the concerns of accessibility and data protection in a connected environment. At the same time, the next generation of fingerprint solutions will deliver higher matching speed, better image capture quality and improved performance. The next generation of fingerprint solutions will deliver higher matching speed, better image capture quality and improved performance Liveness detection will ensure that captured data is from a living person. Biometrics authentication will also gain traction beyond access control in immigration and border control, law enforcement, military, defence and other public section use cases where higher security is needed. Flexible subscription models Access control solutions based on cloud platforms will also change how solutions are deployed. Siloed security and workplace optimisation solutions will be replaced with mobile apps that can be downloaded anywhere across a global ecosystem of millions of compatible and connected physical access control system endpoints. These connections will also facilitate new, more flexible subscription models for access control services. As an example, users will be able to more easily replenish mobile IDs if their smartphones are lost or must be replaced. Generating valuable insights with machine learning Machine learning analytics will be used to generate valuable insights from today’s access control solutionsEducation, finance, healthcare, enterprise, and other niche markets such as commercial real-estate and enterprises focussed on co-working spaces will benefit from a cloud-connected access control hardware foundation. There will be a faster path from design to deployment since developers will no longer have to create an entire vertically integrated solution. They will simply add an app experience to the existing access control infrastructure. New players will be drawn to the market resulting in a richer, more vibrant development community and accelerated innovation. Data analytics will be a rapidly growing area of interest. Machine learning analytics will be used to generate valuable insights from today’s access control solutions. Devices, access control systems, IoT applications, digital certificates and location services solutions, which are all connected to the cloud, will collectively deliver robust data with which to apply advanced analytics and risk-based intelligence. As organisations incorporate this type of analytics engine into their access control systems, they will improve security and personalise the user experience while driving better business decisions. 

What characteristics do salespeople require in the physical security industry?
What characteristics do salespeople require in the physical security industry?

A basic tenet of sales is ABC – always be closing. But it's a principle that most professional salespeople would say oversimplifies the process. Especially in a sophisticated, high-tech market such as physical security, the required sales skills are much more involved and nuanced. We asked this week's Expert Panel Roundtable: What unique characteristics are required of salespeople in the arena of physical security systems?

Can microchip implants replace plastic cards in modern access control?
Can microchip implants replace plastic cards in modern access control?

A futuristic alternative to plastic cards for access control and other applications is being considered by some corporate users in Sweden and the United Kingdom. The idea involves using a microchip device implanted into a user’s hand. About the size of a grain of rice and provided by Swedish company Biohax, the tiny device employs passive near field communication (NFC) to interface with a user’s digital environment. Access control is just one application for the device, which can be deployed in lieu of a smart card in numerous uses. Biohax says more than 4,000 individuals have implanted the device. Using the device for corporate employees Every user is given plenty of information to make an informed decision whether they want to use the deviceCurrently Biohax is having dialogue with curious corporate customers about using the device for their employees. “It’s a dialogue, not Big Brother planning to chip every employee they have,” says Jowan Österlund, CEO at Biohax. Every user is given plenty of information to make an informed decision whether they want to use the device. Data capture form to appear here! “Proof of concept” demonstrations have been conducted at several companies, including Tui, a travel company in Sweden that uses the device for access management, ID management, printing, gym access and self-checkout in the cafeteria. Biohax is also having dialogue with some big companies in the United Kingdom, including legal and financial firms. Österlund aims to have a full working system in place in the next year or so. A Swedish rail company accepts the implanted chip in lieu of a paper train ticket. They accept existing implants but are not offering to implant the chips. Österlund says his company currently has no plans to enter the U.S. market. The device is large enough to locate easily and extract if needed, and small enough to be unobtrusive Access control credential The device is inserted/injected below the skin between the index finger and the thumb. The circuitry has a 10-year lifespan. The device is large enough to locate easily and extract if needed, and small enough to be unobtrusive. The only risk is the possibility of infection, which is true anytime the skin is pierced, and the risk is mitigated by employing health professionals to inject the chip. Use of the device as an access control credential or any other function is offered as a voluntary option; any requirement by an employer to inject the device would be illegal, says Österlund. It’s a convenient choice that is made “based on a well-informed decision by the customer.” Aversion to needles, for example, would make some users squeamish to implant the device. More education of users helps to allay any concerns: Some 10% of employees typically would agree quickly to the system, but a larger group of 50% to 60% are likely to agree over time as they get more comfortable with the idea and understand the convenience, says Österlund. Protection of information The passive device does not actively send out any signals as you walk. It is only powered up by a reader if a user has access rightsIn terms of privacy concerns, information contained on the device is in physical form and is protected. The passive device does not actively send out any signals as you walk. There is no battery. It is only powered up by a reader if a user has access rights. With use of the device being discussed in the United Kingdom, there has been some backlash. For example, Frances O’Grady, general secretary of the Trades Union Congress (TUC), has said: “Microchipping would give bosses even more power and control over their workers.” A big misconception is that the chip is a tracking device, says Österlund. It isn’t. “We love people to get informed,” says Österlund. “If they’re scared or apprehensive, they can just read up. It’s not used to control you – it’s used to give you control.”