Access Control Basics: Cards and Readers

This primer on magnetic stripe, proximity and smart card access control technology will help you select the right system for your institution.
Published: May 26, 2015

There are a number of reasons why healthcare and educational institutions wish to keep their campuses secure, including student, patient and employee safety and document security. No organization wants to be on the evening news because there was a breach, and sensitive information was stolen or leaked. That kind of catastrophe can sink a brand. More importantly, no one wants to be responsible for any violence that could be avoided by monitoring and restricting individuals who are in the building.

One of the first steps in keeping unauthorized visitors out of your office is installing an access control system. Access control systems are quickly becoming a staple on many campuses around the country for reasons other than just safety. Of course, their primary function is to allow access only to those designated for access. However, many systems offer supplementary benefits that may not be obvious at first, such as monitoring the times that people are in and out of the office for payroll purposes. It comes in handy to know who is in your building and when they are there.

RELATED: Policies, Staffing and Lack of Buy-in Pose Biggest Problems in Campus Access Security

Whatever your reason for purchasing an access control system, you’ll need to determine the extent of your system’s coverage. Access control ranges from relatively simplistic fob swipe systems to multifaceted employee recognition systems. Not every institution is going to need every aspect of access control. You want to ensure that you are providing a sufficient level of security without purchasing a bunch of bells and whistles to augment the system that provide little real benefit.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

More Sophisticated Systems Increase Security
A layered security approach provides multiple obstacles for a would-be intruder to traverse before a breach is possible. Take your home for example. A thief may need to simply open a window and sneak in. That’s a single layer of security. Add a fence, and the thief must first hop the fence before reaching the window. That’s two layers of security. Perhaps you have a sun room. Now the thief must hop the fence, break into the sun room, and then get through the window before they are a threat. Meanwhile, there is more time added for a neighbor to notice what is happening and call the police.

The same idea applies to your campus. The more sophisticated your access control system, the tougher it is for intruders to gain access, which might incorporate multi-factor authentication.

Single-factor authentication would be something that a person has, knows or is that is used to gain entry. This could mean a person has a card to swipe, knows a pin code or uses his or her fingerprints or some other biometric, which cannot be duplicated. Two-factor authentication combines two of these factors, such as requiring a card swipe and pin entry. Three-factor authentication combines all three.

Additionally, there is a two-man authentication, also known as an escort. This requires two separate users to get into a secure area, where neither may enter alone. A digital certificate may also be installed in a smart card or USB. These work in the same way a driver’s license would for a police officer. If an employee who is no longer with the organization still possesses their card or fob to enter the building, a certificate check via public key infrastructure (PKI) would reveal that this employee is a security risk and bar access or inform the proper person.

“Security professionals use the term ‘defense in depth’ to describe any case in which two or more controls are used to provide redundant protection of an asset,” writes Peter H. Gregory, CISA, CRISC, CISSP, DRCE, in HID Global’s ‘Advanced Physical Access Control for Dummies,’ a whitepaper that outlines access control security information. “If any one of the controls fails, the asset is still protected because the other controls continue to protect it.”

Choose from a Mag Stripe, Prox or Smart Card
There are several types of entry cards that can be used for access control. The most simple is a magnetic stripe card. These employ little security to protect the card’s data and can be easily read and cloned. Probably not the best device for campus security.

ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series