Since the advent of the smartphone and its subsequent proliferation among consumers around the globe, there has been a simultaneous push to make access control systems compatible with mobile credentials. There have, of course, been several fits and starts when it comes to mobile access technology—and with good reason.

Access control is one of the fundamental building blocks of any security technology deployment, and end-users are naturally hesitant to adopt unproven, bleeding-edge technologies that could flounder when they are needed the most. One only must look at the slow migration from analog to IP video surveillance technology to see how hesitant security leaders can be to warm up to new methodologies.

Technology can and does advance, however, and so has the access control market during the past decade. Many of the barriers that once stood in the way of adoption have largely been addressed—be it a lack of standardized, secure communication modalities between phones and readers or a lack of standardization between readers and the access control system.

Access control is also more streamlined than ever before and can reach a wider audience. A recent study by the Pew Research Center showed that 85 percent of Americans 18 and older in 2021 had a smartphone, and 97 percent had a mobile phone. Not only are the vast majority of the readers capable of reading a mobile credential alongside a traditional card or key fob, but they are Wiegand and Open Supervised Device Protocol compatible. They can also plug into almost any physical access control system.

But even with some of these historic obstacles being addressed, many challenges remain for organizations that want to dip their toes into mobile access. First and foremost among these is getting IT and the C-suite on board with allocating the necessary financial and technical resources required to make a mobile migration a reality.

Obtaining Internal Buy-In  

On the surface, it may seem like a no-brainer to upgrade your enterprise access control system to one that is mobile compatible or even mobile-first. After all, the pitfalls of proximity cards and key fobs are well-documented. From the ability of malicious actors to clone credentials to the fact that employees routinely lose them, there are good arguments to be made as to why an organization should move away from prox cards.

The problem is that while these credentials may be insecure or present an ongoing financial burden, organizations have already spent hundreds of thousands or even millions of dollars—particularly in the case of enterprise end-users—to standardize their systems on this tried-and-true technology. Ripping and replacing card readers or other back-end infrastructure won’t be palatable to most businesses, especially considering security is still primarily seen as a cost center.

Fortunately, many of today’s access control platforms and their associated hardware come mobile-ready. If you have upgraded legacy solutions during the past several years, then there is likely little that would need to be done to make the switch to support mobile credentials.

When companies consider all the costs around managing and dispersing physical credentials, some can recognize cost savings. Basic calculations can be done to see if this is the case. With current supply chain constraints, there is no better time to trial mobile credentials if your current readers support them.

With IT playing an ever-increasing role in security technology purchasing decisions, given its responsibility for managing such solutions on the corporate network, there is also the likelihood that you will have to sell the CIO and CISO on the benefits of such a migration. Suppose your IT department has already been heavily involved in managing the day-to-day aspects of your access control system, such as provisioning user credentials or removing employees that have left or been fired from the company. In that case, the IT team may not have the staff ability—or appetite—to learn a new platform.

Here again, however, advances in technology are helping to address these challenges. Today, many access control systems can automatically send cloud-issued credentials to users who are already enrolled in the platform, simplifying and streamlining the onboarding process.

Once the user has been issued a mobile credential, he or she can access all the same areas within the business’ facility or campus as he or she did before without any additional effort on the part of IT. This kind of simplicity within the office environment simplifies access control for the organization and helps to show new and potential employees that they are forward-thinking when it comes to technology. 

Key Mobile Features

Mobile credentials have numerous benefits, but a few standout features are worth noting. Mobile is cost-effective, representing that most employees, students, and residents within an organization already have a smart device that would allow them to utilize the access control system along with or instead of physical keys and cards, saving the organization money.

Mobile credentials can also provide a more straightforward and better-protected solution. Credentials are sent to smart devices digitally, meaning the data is encrypted to protect each individual’s identity and credentials. Finally, mobile credentials are incredibly scalable; with them, the need for additional keys or cards is unnecessary. Organizations can simply assign more credentials to the new individuals that require them.

Improving the User Experience     

While providing a good user experience to employees and visitors may not have been a significant consideration for businesses in the past, it has become a much more substantial part of the conversation about technology solutions leveraged by organizations in more recent years and physical security is no exception.

In a day and age where many companies are switching to remote and hybrid work paradigms, getting employees to come into an office has become a significant challenge. This can be made all the more difficult when the technology systems workers interact with on a daily basis cause increased frustration and headaches, rather than making their lives and jobs easier.

One of the ancillary benefits of migrating to a mobile access control system for end-users is no longer having to replace lost prox cards, which can add up to a tidy sum on a yearly basis depending on the size of the business. A common refrain throughout the industry is that people will not think twice about leaving a credential at home or on the subway, but they wouldn’t dare take the same blasé attitude when it comes to their phone.

---

Mobile will become the de facto standard for the industry.

---

In addition to this sentiment, however, workers themselves would also much rather open the door to their office without having to fumble around in their pocket or purse to find their access credentials. It is also not uncommon to have people locked out of their building or office because their ancient magnetic card’s data has been wiped.

The ability to issue mobile credentials can also streamline the visitor management process in facilities. Instead of taking the time to provide an ID and other information to a guard or input it manually in a kiosk, mobile access gives organizations the ability to issue credentials to potential visitors for a set period—thereby eliminating some of the hassles of traditional visitor management.

The Future is Touchless

One of the long-lasting impacts of the Covid-19 pandemic on security will likely be the industry-wide shift in the push toward touchless access control and other solutions that reduce physical touchpoints for users within a building. Eliminating the number of places a person has to touch to enter a facility reduces their chances of coming into contact with viruses transmitted through physical contact on door handles and the like.

Leveraging mobile access credentials in conjunction with automatic door openers and other solutions is a logical outgrowth of this increased emphasis on health and safety in response to the COVID-19 pandemic. It will only continue to grow in prominence as other pathogens rear their ugly heads. However, organizations will be much better prepared to deal with these threats via the adoption of mobile access and other technology offerings.

Creating a Migration Path

So, how do you create a viable migration path to mobile access within your organization? You must start by having the aforementioned conversations with fellow leaders in your organization to ensure you have the necessary backing. This should be followed by a comprehensive review of the systems and devices in place throughout the business to determine if—and where—upgrades would be required prior to adopting mobile credentials en masse.

If an enterprise-wide migration is not feasible, perhaps start on a much smaller scale within a single facility or campus, being careful to note the benefits and challenges that were realized throughout the process. There’s no denying that mobile will become the de facto standard for the industry at some point in the future. It’s not a matter of if but rather when, and it is best to start taking the necessary steps to ensure the process will go smoothly when the time does eventually come.

Brian Matthews is the director of sales, ACRE, for the Feenics product and brings close to 20 years of experience in forward-thinking, customer facing roles. Prior to ACRE, Matthews spent seven years working with system integrators, consultants, and end user customers to evangelize the value of cloud-based access control as Feenics’ director of sales. Before that, he spent 11 years at Lenel in various leadership roles—including overseeing Lenel’s consultant program and the sales support organization. Additionally, he was involved in several on-site end user projects in the EMEA and Asia Pacific regions.