Mobile Credentials: Why Should You Adopt Them and What You Need to Know
According to a report from App Annie, people use nine applications daily, and in a month, they use 30. Why is this relevant? Brivo’s study, “3 Key Drivers to Technology Adoption in Physical Security”, reveals 81 percent of survey respondents are reliant on mobile applications to manage their facilities and people and 62 percent of them are using one to five mobile applications for work. However, only 25 percent have adopted mobile credentials to manage security, revealing opportunities for enterprise security professionals to tap into using mobile applications to improve physical security practices, such as access control, video and alarm management and more.
Although mobile credentials are in early stages, they are set to take off in the market. How can they make an impact in your enterprise’s physical security practices? Steve Van Till, President and CEO of Brivo, answers common questions surrounding mobile credentials.
Mobile Credentials and Their Benefits
“Mobile credentials are a type of digital key stored on a mobile phone. They are used in the security industry to open doors via an electronic access control system,” says Van Till. “There are many benefits of using mobile credentials. For administrators, mobile credentials are easier and less expensive to issue and administer because there is no physical card involved. The entire process of credential issuance can be handled via email, for example. Users are also much less likely to lose or forget their phone than to lose or forget an access control card, decreasing special requests to the administrator,” he says.
He notes, “For users, a mobile phone is more convenient than a card because everyone carries a mobile phone already. Some mobile credential apps may also offer additional services, such as security alerts or mustering, to cite two examples.”
How secure are they? “Mobile credentials can be implemented with equal or higher security compared to access control cards. They are much safer than prox cards, for example, and on par with smart cards. Mobile credentials can also be paired with biometric capabilities on the phone to be even more secure than cards alone,” Van Till says.
In an IBM survey, more than 5,000 C-level executives were asked which technologies will be important in the next three to five years. Their answer? Cloud computing and mobile solutions. Security enterprises can benefit from reduced costs that come with a lower total cost of ownership, advanced situational awareness by using real-time access to manage security and keep people safe when threats arise. One more benefit is improved efficiency when smartphones are used as the key to facilities, as issuing and revoking of credentials can provide added protection since screen unlock pins or biometrics do not require updates to door hardware.
More paramount, a cloud-based solutions only costs 54-percent less over five years than your average on premise systems, according to Brivo. The cloud offers to make business apps, data storage, communication and management more convenient and cost-effective. Mobile technology is built on the cloud, so when mobile solutions are combined with the effectiveness of cloud computing, it allows for an improved security attack plan when physical threats arise.
Aside from making the most out of cloud-based operations, mobile credentials can help with mass notification systems, visitor management systems, access management systems and more.
Although mobile credentials provide many benefits as discussed, challenges remain with using mobile for security, such as how they are integrated with existing IT platforms and OS device updates and a large installed base of legacy readers lacking Bluetooth support or the security app being used on a user’s personal smartphone and privacy concerns.
Some of the challenges of using mobile for security are due to a large quantity of BYOD employees who are becoming more privacy conscious and are using more business applications.
Van Till says, “The privacy concerns and protections are very specific to each mobile credential provider and how they have implemented their system. At one end of the spectrum, they can be completely private with no personal information shared outside the system, and biometrics stored locally in the user’s phone. At the other end, they might be shared across multiple provider organizations with different levels of security at each point. A self-contained, built-in credential from the access control provider is therefore easier to protect.”
Nonetheless, there is a new trend emerging: the need to integrate mobile credentials to control access. Mobile facilitates the new digital identity, it attracts a mobile-centric younger generation, creates growth of cloud-based systems with mobile experiences and eases updates and replacements.