With flexible and hybrid work culture likely here to stay, organizations need access and monitoring systems that are as dynamic as the ever-changing flows in occupant identities.
These access systems need to “know” who can get in and when, and capture a record of employee and visitor presence over time.
Having access privileges synced to the official staff directory (for example an HR roster) makes this possible and enables administrators to immediately revoke privileges the moment an employee leaves the company, thus removing the risk of former staffers re-entering after they're no longer with the company.
“The biggest change is the dynamic fluctuation in office occupancy by day – you may see low attendance on Monday and Friday, but then at very high levels Tuesday through Thursday,” explains Kastle CMO Jake Heinz.
With these fluctuations, occupants may frequently be different people on different days, and they may also be scheduling visitors to come in for meetings.
He says the challenge is knowing who is coming in when, and if they are approved -- which can be a challenge when administrators may not be on site all the time either.
“Access systems need to be able verify the access rights granted to occupant identity and those of approved visitors by day even when authorities aren’t on premises,” Heinz said. “They are also a data record of the ever-changing activity, not only for security, but just to understand space use patterns for planning purposes.”
However, not all access systems have this ability to assign dynamic identity-based access privileges or the intelligence to record and categorize access data patterns by user, time and place.
“This increases security risk in a hybrid workplace with ever-changing occupants if they are not identifiable,” he said.
Business Benefits of a Single View of Access
Forrester vice president and research director Merritt Maxim says having an up-to-date system of record of who has access to the facility is essential.
“Despite the fragmented and complex array of physical security controls in today's digital businesses, new solutions and continued acceleration of SaaS delivery models have the potential to provide significant value in the coming years,” he said.
Firms will derive much of this value from the ability to consolidate data from disparate sources into a single view that they can use to gain insights into individual behaviors and operations.
This could be from something as simple as "What is the highest traffic period at a given access point on a given day?" to "How can we combine badge scans with video feeds and other sources to retrace the path of a given individual?"
“It will take time and effort for security teams to consolidate the data across all sources and locations, but the business value is clear,” Maxim said.
Security, IT, Office Management Among Key Stakeholders
Responsibility for an office security roadmap inevitably varies by organization, but in the end, multiple departments have a stake in this responsibility -- especially in an era of smart buildings and offices where the realms for physical and cyber security merge.
“With the advent of hybrid work, these systems are becoming not only security-related, but also the tools of measuring and optimizing office engagement and space use as offices encourage staff to work in-office more frequently,” Heinz said. “This falls into the category of office management and administration, not merely security or IT.”
Maxim notes many organizations are re-evaluating traditional card-based contactless access control in exchange of credentials that might be on a mobile device.
“Physical badges are still very much part of access control, but the continued proliferation of smart phones, and users' increasing loyalty to those devices, is driving interest in smartphone-based apps that can be used for access control into facilities,” he says.
In addition, organizations are looking at Emergency Command Center and alerting type systems to provide centralized communication solutions and manage incident response to various critical events.
“These solutions provide security teams with a centralized mechanism to track and respond to security events and help keep employees connected and safe,” he said.
Heinz notes for office visitors, there are access management systems capable assigning and scheduling temporary access privileges by the meeting host through the office calendar system that can be emailed to the visitor in advance of the meeting as part of the online scheduling process.
“The visitor can only enter using the temporary credential, frequently presenting a dynamically generated QR code, at their assigned time and location,” he said. “Additionally, there is a data record of their invitation in advance of the meeting and the actual entry occurrence on the meeting date.”
Addressing Employee Monitoring Concerns
Maxim says monitoring of employee movements is a growing concern, but the digital analytics that can be generated by new physical security technologies can deliver additional benefits and increase employee safety which helps offset some of these monitoring concerns.
For example, thermal temperature screening via cameras at the start of a shift could indicate people who may be developing fever or other contagious conditions.
“Using that data to send that employee home to avoid spreading symptoms helps keep other employees safe and reduces absenteeism,” he said.
Heinz points out access data does not have to be revealing of individual identity – the key data can be anonymized to tie users by departments, or floors, or office locations, so that the data does not point to any one person, but rather overall audience behaviors.
“A major goal of modern access technology is to make delivering access protection of workspace more effortless to the users and the administrators so that the tools of security are seen as enablers rather than barriers,” he said.
