The evolution of access control
EITN had a chat with Gustavo Gassmann, Vice President & Head of Emerging Markets, Physical Access Control Solutions, HID, where he talks about the findings of a survey HID conducted. One key takeaway? The workforce is still changing and that means ways of working that have to adapt to them.
EITN: One of the highlights of your recent survey is how the workforce is still changing. When do you think this change will stabilise at least, and what will it culminate in?
Gustavo: The COVID-19 pandemic had compelled enterprises to adjust rapidly to remote working, which had also contributed to the acceleration of digital transformation and the migration of access management capabilities to the cloud. The transition was essential and enterprises were quick to adapt to the new model of working.
We think the change has stabilised and that hybrid work is here to stay, as evidenced by our survey in which more than 80 per cent of organisations have some form of remote/hybrid work structure in place. This shift is clearly the future of work in the new normal, and we expect more organisations to follow suit in order to attract and retain their best talent going forward.
With that, the big push will be for organisations to ensure their physical and IT security infrastructure is in place to meet this need.
EITN: How will HID prepare for this eventuality?
Gustavo: The access control industry underwent a seismic shift due to the global pandemic. In addition to its traditional security role, the industry had to rapidly adapt to new health and safety mandates, which resulted in the adoption of many new technologies. These new technologies include touchless access control solutions, open standards and increased integration and evolving access control outside of physical security.
According to our global study, 67 per cent of respondents indicated that multi-factor authentication or password-less authentication are the most important technologies in the future of work transition.
For hybrid or fully-remote work models to work effectively and seamlessly, putting multi-factor, password-less authentication, data strategy, digital identities, Zero Trust security approach and contactless solutions in place is essential.
At HID, we offer a comprehensive suite of access control and identity management solutions to help organisations enable identity governance and administration capabilities across different environments.
We expect more organisations to adopt identity management “as a service” rather than via on-premise infrastructure in 2023. Organisations across industry verticals, such as financial services, healthcare, real estate and the government sector, are planning to utilise IDaaS in the future, according to our study.
We will continue our shift and focus towards providing more digital identity experiences and serving as advisors to our partners and end-users in how best to deploy technologies and solutions to meet the needs of the new normal of hybrid work.
EITN: How does a disrupted supply chain influence the workforce of the markets HID serves? Is there a disrupted supply of chips that power the identity solutions that HID offers? If yes, please share more details.
Gustavo: We reacted swiftly to the global chip shortage by pursuing several countermeasures, including pursuing alternative sources through broader distribution networks, instituting heightened inbound quality controls, leveraging direct contact with our semiconductor providers, executing significant PPV, purchasing components at massive price increases and ultimately pursuing multiple redesign efforts. These have been a team effort involving every part of the HID organisation.
Since mid-2022, we have been anticipating better chip supply. As a result, we have been working with our contract manufacturers and distribution centres to ensure capacity is available to handle the increased flow of product also ensuring we have ample supplies of other components beyond the IC’s.
In our distribution centres, we have doubled our provisioning workstations and added headcount so there are capacities equal to or even better than our contract manufacturers. We are working very hard to get scheduled dates on all of our backlog now and are starting to see improved supply lines.
EITN: Could you give top examples of Identity-as-a-Service, and what a fully matured implementation looks like? What is holding back organisations from going all the way?
Gustavo: Identity-as-a-service or IDaaS in short, is an application delivery model (such as software-as-a-service or SaaS) that enables users to connect to and use identity management services from the cloud.
Take for instance, our HID WorkforceID Digital Credential Manager solution, which enables enterprises to roll out IDaaS easily by providing a suite of services that manage the lifecycle of authentication devices and high assurance credentials, while automating identity and access management and replacing costly complex password policies and legacy systems with more secure and efficient authentication models.
It offers a complete IDaaS solution, including PKI certificate authority, credential management system and high assurance multi-protocol authenticators to help enterprises create, manage and use digital credentials easily.
According to our State of Security and Identity 2023 study, commercial real estate companies are outpacing other verticals in the use of IDaaS as large commercial real estate firms are leveraging mobile access as part of their tenant experience apps.
For instance, New York City-based Silverstein Properties offers secure contactless access to its office buildings through employee badges in Apple Wallet. Organisations with more than 10,000 employees also tend to have the highest use of mobile and digital IDs.
We expect digital IDs to outpace physical ones and digital servitisation will play a crucial role as suppliers organise around service models and service-led growth.
Notwithstanding, there are still issues or barriers that are holding organisations back from embracing IDaaS fully. They include misperception of the technology and security concerns arising from that misperception as the user experience between physical identity access management and cloud-based access management can be quite different.
Another barrier is complex government regulations and privacy laws, especially for a global organisation which needs to figure out how these regulations play out across different markets and regions, and how to find the sweet spot or create a common denominator for deployment globally.
EITN: How does digital ID and mobile authentication propel mobile access deployments? What are mobile access deployments anyway, and why should we want to have mobile access deployments (if it is what I think it is), especially with so much cyberthreats starting to appear on phones?
Gustavo: The increased adoption of digital wallets and mobile IDs helps propel mobile access deployments as users are more comfortable with this technology.
Mobile access is the use of a mobile device (smartphone, tablet or wearable) to gain access to secured doors, gates, networks, services and more.
With the ubiquity of mobile devices, mobile access offers significant advantages and benefits, including increased convenience as there is no need for users to carry separate physical access cards; increased efficiency for organisations as they can easily create, manage, issue and revoke credentials through the cloud; increased security as the credential technology is delivered through a highly secure and reliable cloud platform; as well as increased safety for users through over-the-air provisioning and native touchless functionality.
Sustainability and cost saving are among the benefits of implementing mobile access as it eliminates the need to fabricate and issue plastic access cards which in turn helps enterprises to reduce their carbon footprint.