Aging Access Controls: A Security Challenge

Date : 30-Apr-2020
Location: Kuala Lumpur

Key Takeaways:

Most companies wouldn't upgrade access control solutions on yearly basis due to a few reasons, chief among them is that it involves hardware attached to the physical doors. Nonetheless, as the landscape of business needs and risk profiles changes, there is a trend companies employing newer technology that is more secure and easier to deploy and use.

Outdated access control systems present certain significant disadvantages to organizations such as:
  • less secure and more vulnerable to sophisticated attack.
  • system tends to be isolated and localized and less capable of supporting WAN requirement and most likely non cloud based
  • conventional software solutions which doesn't permit cloud based deployment and support of mobile app
  • lower performance and efficiency
  • requires ad-hoc and manual intervention by technical support
  • more workload for technical support
  • doesn't support big data and business intelligence
As longstanding expert in the field HID Global has over the years helped consumers migrate and upgrade their systems to access control solutions that have interoperability and flexibility which serve as a solid foundation for growing businesses.


To meet the security needs of today’s dynamic world, HID’s new generation of readers, such as HID Signo®, support the widest range of credential technologies, including mobile IDs via native Bluetooth and Near Field Communication (NFC) capability. Importantly, they also employ Apple’s Enhanced Contactless Polling (ECP) to support credentials in Apple Wallet.

  • Alex Tan, Director of Sales of Physical Access Control System of HID Global.
  • HID Global’s 2020 State of Physical Access Control Report has shown that access control infrastructure is aging, and most systems are in excess of three years and beyond, yet most organizations have either no plans to upgrade obsolete systems or even if there is one, it is more than a year out in the future.
  • The 2020 State of Physical Access Control Report is a survey of ASIS International members and customers on access control technology; its use, important trends, and upgrade planning. A project of Security Management Research and HID Global, the survey was conducted in 2019, building on a similar survey completed in 2017.
  • The survey presented a list of electronic access control credential technologies and asked security directors to select all the ones they employ at their organizations. Fifty-one percent report using 125 kHz low frequency proximity cards. These cards rely on radio frequency signals, technology that is 25 years old and has significant security vulnerabilities. Even older and less secure technology is also still utilized with 26 percent reporting the use of magnetic stripe cards and 17 percent reporting the use of barcodes.
  • Technologies like iCLASS cards despite being in the market for the last 15 years, with their encryption capability, make a good demarcation line between technology that is more secure and technology that has already been compromised. These cards constitute 54 percent of organization usage in 2017 but has since dropped to a 45 percent in 2019 at the back of migration to higher encryption technology offering such as SEOS.
aging access control solutions
Most door access control systems are in excess by 3 years or beyond

Best Practices:

As migrations are considered for more secure credentials, a primary goal for physical security professionals should be to:
  1. Leverage on scheduled upgrades by company to highlight need for physical access updates.
  2. Ensure that options suggested can be expanded and adapted to future needs.
  3. Create an upgrade path to mobile access that doesn’t lock the organization into specific devices and communication protocols.
  4. Anticipate security challenges and needs for the company for at least 5 years based on business growth.
  5. Study the pros and cons of wholescale implementation vs single new technology combined with legacy systems.
Editor's comments:
  • Outdated access control solutions expose companies to both physical and digital security threats from all angles, including sabotage from internal people.
  • Besides that, those solutions are also more expensive to maintain due to requirement of manual intervention and technical support for ad-hoc scenarios.
  • Access control solutions should fully adopt the cloud and automation such as the ability to monitor and audit the access list of doors with little manual work.
  • A trade-off conflict exists whereby a typical consumer has the budget to replace smartphone every 3 years while an average company does not have similar budget to protect even the main doors.
  • The durability of 125 kHz low frequency proximity cards contributes to the reality of consumers hesitate to adopt newer technology such as iCLASS and SEOS - besides that, many would demand new deployment to support older access cards, further contributing to delay in adoption of new solutions.
  • New age access control solutions tend to be more user-friendly and require lesser technical support.
  • The single most important factor which stops companies from adopting new solution is the need to recycle old yet functional hardware such as door access controller and its components.
  • Scheduled updates is a good solution for companies to ensure continuity upgrade of door access technology.