Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Access Management

Migrating from Keys: It’s All in the Journey

When “Do Not Duplicate” is not working as a key control strategy, perhaps it’s time to consider switching to electronic access control solutions.

November 5, 2013
Trans

Among the worst things to hear: “I can’t find the master key.” Whether lost or stolen, that situation triggers a long and expensive process of rekeying.

Still, when migrating from keys and locks to electronic access controls, enterprise security leaders and their integrators agree not to dwell on the problems of what they are walking away from, but to concentrate on the security and business benefits being unlocked with the improvement.

No doubt, the historic Lake County Court House in Crown Point, Ind., faced a big “key” challenge. There were four main doors but more than 200 keys in circulation. Among the many business benefits was a leap to electronic access control that now allows staff to provide access and audit use at any time, essential when the Court House transformed itself into a multi-use facility.

For the Aubie athletes at Florida’s Auburn University, access now centers on iris recognition. In addition to eliminating any chance of a lost key or access card, the new technology combines convenience and better identity authentication for student athletes more focused on training and winning games.

In a different higher education transition, Miami University in Oxford, Ohio, had five different types of mechanical locks among its many buildings. Being a residential institution, it first focused on converting to contactless smart cards for dorm rooms, for example. One business advantage: Students now have a one-card point-of-sale credential for dining, laundry and vending. In addition, there is monitoring of door props electronically and managements of lockouts with short-term access. There is more technical information on the Miami University project at Security magazine’s website at
www.securitymagazine.com.

 

Forget ‘Do Not Duplicate’

With many schools first built in the 1950s and 1960s, it’s no wonder that today’s electronic access control solutions are a solid choice for safety and to fight vandalism. A case in point: Access to schools in the Cobb County (Georgia) School District, until a few years ago, was controlled only by mechanical keys and locks. “Keys were marked ‘Do Not Duplicate.’ But there were thousands of keys out there,” says Executive Director, Maintenance Services James Carlson. Migrating to electronics, the district now can accommodate school schedules; and, on the business side, there are significant maintenance savings.

Using these examples, it is obvious that there are myriad benefits when migrating from keys and locks to electronic access control systems. The key, no pun intended, is to pay clear attention on what today’s and tomorrow’s business and security goals are. At the same time, there are decision-making, design and installation challenges in the change-over.

For instance, at the Lake County Court House, elements include the facility’s historic demands as well as its very mixed use, with public venues, city offices, an active courtroom, retail and office spaces. Then there is the challenge of a lean building staff, under the direction of the Lake County Court House Foundation, and which are not necessarily technology savvy.

After the town of Crown Point built a new courthouse complex, the historic courthouse was transformed into that three-story mixed use facility. Security for the remodeled historic courthouse remained standard lock and key, and that’s where the problems began.

 

Mixed Use Challenge

“It really got out of control,” says integrator Allen Pante of Phil and Son. “Once retail and event rental operations started up, there were so many people coming and going but somehow access had to manage for all these different and growing needs. Clearly, the Foundation needed a better, more efficient way to manage access for the many and varying demands of all the building’s tenants, visitors and customers.”

The Foundation, in conjunction with its integrator, spent front-end time considering electronic access control needs.

The Foundation Board members wanted access card control, add and delete capabilities, remote access and the ability to provide specific access privileges. And the retail shop owners wanted more such as door scheduling and the ability to change and add system features. Another twist: the building’s internal network is outsourced, so a solution was needed that wouldn’t compromise the network. The choice also lets the Foundation expand for further needs.

Among advantages is remote management by Court House staff. But, even better, the integrator can assist Foundation staff in managing the system and provide important back-up resources for any of their needs or questions. “It’s been a pretty big change going from keys to something this sophisticated,” Pante explains. “So being able to help the staff along the way and provide a comfort level have been tremendous advantages.”

The system is used to manage the four main doors located on the north, south, east and west sides of the building, as well as two bathroom entrances. Two of the main entrance doors lead to the first floor and the retail shops, and the other two doors provide access to the upper floors, where the offices, ballroom and courtroom are located. The system manages access for more than 100 users a day and upwards of 200 users for after-hours events and/or office access.

 

Programmed Openings, Closings

As compared to keys, main doors now automatically unlock each morning and relock in the evening; they are programmed for specific access on the weekends, and to provide different access for each special event in the ballroom after hours.

For the historic site, there was also the need to blend the technology into the building’s look and feel. So wireless gear was installed. And recently, the Foundation Board came to its integrator with a problem. They needed to limit retail customer access to the upper floor offices on the weekend. “We integrated the system with the elevator controls, and we were able to close off access to the offices as needed.”

Auburn University went way beyond keys with a unique iris recognition system to protect access to the university’s athletic facility. “We wanted a solution to control access to secure locations, and we needed an authentication device that was easy to use and easy to integrate,” says Jeff Steele, associate athletic director – facilities & operations at Auburn.

Users look at the system from a short distance without having to place their eye close to a camera. The system identifies people in less than a second and processes up to 12 people per minute. It captures iris images even if a user is wearing eyeglasses, contact lenses or sunglasses.

 

Beyond Keys and Cards

The beauty of the technology is that the student athletes “don’t have to have a card in their pocket,” points out Steele. The athletic facility’s previous identity verification system allowed students and faculty to enter using swipeable access cards. Inevitably, some cards were lost or stolen, potentially allowing unauthorized personnel to enter the building.

Once registered, students, faculty and guests can enter the building using only their eyes, eliminating the need for keys or access cards.

Miami University took a different turn when migrating from door keys to electronic access control for its students.

It replaced an assortment of mechanical locks on more than 4,000 residence room and other doors with electronic locks and smart card credential that could provide a “secure handshake” between the card and reader with the added ability to handle one-card POS functions.

In addition, if a student misplaces or forgets to carry his or her credential, a text message from the student’s phone can be used to receive instant room access using a feature called “Open Door.” This eliminates the need for middle-of-the-night visits by campus residential staff. During the first nine months of operation, this texting feature was used approximately 138,000 times.

The migration also has business benefits for Miami University. Before, there were between four and six keys issued for a typical door, and the university was generating some 1,200 locksmith work orders per year under the mechanical key system. The re-coring and rekeying costs associated with a lost master key could run as high as $15,000, and it could take several days to complete the rekeying and re-establish security control.

 

Testing, Adjusting Doors

Another migration success is at the Cobb County School District (CCSD), located in the northwest suburbs of Atlanta, and the second largest school system in Georgia. It serves more than 106,000 students with a total of 114 schools.

In order to determine whether electronic access control was feasible, CCSD maintenance services ran a pilot test at one elementary school, installing card readers and electric latch retraction exit devices. These were installed at the five most-used entrances, including the main doors, bus entrance and exit doors, and playground doors. All other exterior doors were locked and monitored. A special-option sales tax helped provide funding to encompass all the elementary schools in the district.

There was an initial hitch. Carlson explains, “We visited other school systems and universities and realized that the doors, frames, closers and hardware all have to be in perfect condition for an access control system to work. Then we made a determination of what was needed to bring every door up to standards and be sure it would close securely. In some cases we replaced wood doors with metal doors.”

Once this was completed, proximity card readers and electric latch exit devices were installed to control the major entrances identified by the school’s principal. To control visitors during school hours, school offices are located adjacent to the front entrances.

Monitoring plays an important role in ensuring door security. Carlson explains, “In order to make sure the doors really are secure, we realized we needed to monitor the door to be sure it is closed and the latch to be sure it is latched. We could have the door closed and the latch taped, or the latch in the locked position with the door blocked open, so we monitor both functions. If either is faulty, an alert is sent to the school office, and if nobody responds in 15 minutes, public safety is notified. “

Door security also was enhanced by upgrading double doors to include key removable lockable mullions. These allow the mullion center post in the doorway to be easily removed to provide sufficient space for moving large items, yet it cannot loosen or be tampered with like bolted mullions.

Overall, there is a strategy to successful implementation of electronic access controls, according to Steve Porter with South Carolina-headquartered HTC, the nation’s largest telecommunications cooperative and the 18th largest telephone company. At Porter’s headquarters building, there are 187 doors and about 1,700 badges for employees and contractors. “We first view our needs for elements such as time schedules and security levels.” There is also a multi-tech approach with proximity, mag stripe and keypads.

 


“Firsts” in Development of Locks

 

The first mechanical locks, made of wood, were probably created by a number of civilizations at the same time. Records show them in use some 4,000 years ago in Egypt. Fastened vertically on the door post, the wooden lock contained moveable pins or “pin tumblers” that dropped by gravity into openings in the cross piece or “bolt” and locked the door. It was operated by a wooden key with pegs or prongs that raised the number of tumblers sufficiently to clear the bolt so that it could be pulled back. This method of locking was the forerunner of modern pin tumbler locks.

The first all-metal lock appeared between the years 870 and 900 and is attributed to English craftsmen. They were simple bolts, made of iron with wards (obstructions) fitted around the keyholes to prevent tampering.

The first use of wards (fixed projections in a lock) was introduced by the Romans who devised obstructions to “ward off” the entry or turning of the wrong key. Wards were notched and cut into decorative designs, and warding became a basic locking mechanism for more than a thousand years. The first padlocks were “convenient” locks as they could be carried and used where necessary. They were known in early times to merchants traveling ancient trade routes.

New concepts for locking devices were developed in Europe in the 17th century. Early Bramah locks utilized a series of sliders in a circular pattern to provide exceptional security. Bramah is the oldest lock company in the world and is continuing to manufacture its famous mechanism years later.

 


Still Have Keys? Manage Them Better

 

There are sophisticated key management systems that can electronically track and audit keys and their use as well as alert to missing keys.

For example, the Tohono O’odham Nation’s three Desert Diamond Casinos & Entertainment locations in Arizona use key control and management systems. According to Jim Boudreau, access control manager for Tohono O’odham Gaming Enterprise, to meet state and tribal gaming commission regulations for key control and management, all transactions must be recorded including time, date and authorized user. The system automatically records all transactions and provides a “notes” feature for users to indicate why unscheduled drops may have occurred.

Boudreau says, “Because of its compatibility, we have been able to utilize the same employee proximity ID badge on the system as we do with our access control system. The software has also made it easy to input ID badge numbers. This is particularly essential for a casino that operates 24/7 because we can keep administrative access to the database limited to as few employees as necessary.”

In another example, BT tracks keys at its flagship International Data Centre in Cardiff Bay, Wales, occupied by 250 staff, who manage the diverse requirements of BT’s hosting and managed service customers worldwide.

Philip Richards of BT Security says that the “International Data Centre in Cardiff stands as a globally inspiring ‘hub’ of creativity and development.  It has a multi-layer security mechanism, both physical and logical, enabling us to provide the extremely high levels of security demanded by many of our customers.”

Traditionally, keys had been stored in a key box and managed manually through use of a log book. But management access to crucial IT equipment can be a time-intensive process with exposure to possible security breaches through lost keys or unauthorized staff mistakenly gaining access. The key management solution means all keys on site are permanently attached (using a tamper-proof security seal) to a metal iFob so as to effectively “electronically tag the keys with unique identities.” 

The iFob, with keys attached, locks into a receptor strip within a key cabinet until released by an authorized user via a fully automated and audited process.

 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Bill Zalud

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.