You are on page 1of 124

contents

The Access & Identity Management Handbook 2017

Editor’s Note........................................................................................................................................... 4

Opinions & trends

Access control in 2017 .................................................................................................................... 6 A password you can’t forget ......................................................................................................32


According to IHS, the total installed base of access control readers, Voice biometrics is a fast growing form of identity
panels, credentials and electronic locks is expected to reach authentication proving its worth in South Africa and the world.
2.3 billion by 2016, up from 1.8 billion in 2012.
Using smart devices to provide recognition of individuals ...................................34
The future of Checkpoint Delta ...............................................................................................12 The very idea of a computer being able to recognise people in a
Airports are microcosms of the world, enclosed in a small, potentially similar way to which we as humans instinctively recognise
volatile space. individuals, is mind boggling.

Security versus convenient access ........................................................................................16 Protecting against criminal use of stolen biometric data .......................................36
The growing security demands of business versus the need for Biometric technology is not invulnerable, but with the correct
identity and access management controls. planning it is an effective authentication mechanism.

IAM: Looking ahead ........................................................................................................................20 Mobile access


Identity and access management and access governance:
the immediate past and the future. Mobility and access meet ...........................................................................................................38
Mobile technologies have made biometrics a household word and
Biometrics are now changing the face of access control.

The biometric decision .................................................................................................................22 The future of access control credentials ............................................................................42
Biometric technology has come a long way to being a reliable, Mobile technology is set to play an even greater role in security,
yet often misunderstood identification and authentication including access and identity management.
mechanism in business today.
The reliability of mobile credentials ......................................................................................44
Biometrics advance is relentless .............................................................................................26 Using mobile devices and cloud services to control visitor entry
The global market for biometrics will climb to over $40 billion in 2021. and exit is fast becoming the norm.

Wireless access control

Access with no strings attached .............................................................................................46


Wireless access solutions abound, but most installed solutions
still rely on cables.

Biometrics selection guide.......................................................................50

Access selection guide.....................................................................................62

Electronic locks

Electronic locks are the new black .......................................................................................75


The use and versatility of electronic locks is growing and gaining
traction in more organisations.

IP access control

IP’s access control capture ..........................................................................................................78


IP delivers many benefits to the access market, but it’s a case of
slow and steady wins the race.

www.securitysa.com Access & Identity Management Handbook 2017 1


contents
contents
The Access & Identity Management Handbook 2017

Turnstiles

A turnstile for every requirement ...........................................................................................81


Turnstiles are a versatile and reliable tool in an organisation’s
access control toolkit.

Best barrier practice on residential estates.......................................................................82


Craig Sacks, CEO of Turnstar discusses the various physical
access barriers available to estates and other secure environments. Open platforms

Key management Access control solutions need to embrace open platforms .................................93
Astute users want a cohesive and non-proprietary access control system.
Ergonomic design delivers practical benefits ................................................................84
Ergonomics was fundamental to Morse Watchmans’ key Digital IAM
control and management design.
Eight best practices for identity and access management ....................................94
Visitor management Eight key identity and access management practices that will help
you improve your identity management system to ensure
Managing visitors and contractors ........................................................................................85 better security, efficiency and compliance
Visitor and contractor management has become more
important than ever, and it is also much simpler. Perimeter

Cyber security The perimeter security challenge ..........................................................................................98


Kelly Mclintock looks at various technologies and their applicability
Accessing cyber security .............................................................................................................88 for perimeter security.
Tyco Security Products is taking a proactive role in securing its range of
physical security products by developing its Cyber Protection Programme. Case studies

Identity as a service Improving security at Helderberg.......................................................................................100


Mantrap access control for data centre in Qatar .......................................................101
Making the case for Identity-as-a-Service .........................................................................90 Engineering secure access ......................................................................................................102
The different evaluation criteria in approaching cloud-based Emergency access for National Sea Rescue Institute..............................................103
Identity and Access Management (IAM). Access module eases admittance.......................................................................................104
Full security solution for Garanti ..........................................................................................105
Mexico selects Anviz biometrics ..........................................................................................105
Stellenbosch University secures access...........................................................................106
Passage to luxury ...........................................................................................................................106
Integrated biometric access ...................................................................................................107
Access controlled data centre ...............................................................................................108

Product news

ZKTeco launches ZKBioSecurity 3.0 ...................................................................................109


Access control beyond the door .........................................................................................110
XTime goes beyond T&A ..........................................................................................................111
AXXESS-E wireless access control........................................................................................112
SharpV fixed ANPR camera......................................................................................................112
Fides integrates Suprema .........................................................................................................113
Long-range access control ......................................................................................................114

Directory of access and identity


management providers ..............................................................................115

2 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 3
from the editor’s desk
The expanding world The Access & Identity
Management Handbook 2017
is published by

of access control solutions


Welcome to the Access & Identity
Management Handbook 2017. We have www.securitysa.com
packed an enormous amount of informa-
tion into these pages, all focusing on the
Published by
access and identity market. Unfortunately, Technews Publishing (Pty) Ltd
even with 120 pages, we have to limit what 1st Floor Stabilitas, 265 Kent Avenue,
can be printed due to space restrictions. Randburg
Such is the size and expanding nature of Box 385, Pinegowrie 2123
Tel: 011 543 5800
this market. Fax: 011 787 8052
As has become the norm over the years,
biometrics plays a significant role in the ISSN 1562-952X
handbook as more companies look at addi-
Editor
tional ways of identifying and authenticat- Andrew Seldon: andrew@technews.co.za
ing people in the most reliable and quickest
manner possible. That’s not to say cards and Associate Editor
fobs are a thing of the past, this market is Brett van den Bosch: brett@technews.co.za
still growing and will continue to grow for
Contributors
a long time, as will the uptake and popular-
Allyson Koekhoven
ity of electronic locks which use biometrics
Sanjay Dharwadker
and traditional access mechanisms.
In fact, we’re looking at a market in Business Manager
which everything is integrated into a Vivienne Dorrington:
working solution, using whatever products person – the one they are supposed to vivienne@technews.co.za
and devices are best suited to the job at belong to. This is also where multi-factor
authentication comes into play. Advertising sales
hand. This is why mobility is also a factor in Tracy Wolter: tracy@technews.co.za
access and authentication. Since the small It’s also fair to say that criminal syn- Laura Dorrington: laura@technews.co.za
smartphones we have come to accept as dicates have almost unlimited research
funding and will always be finding ways Subscription Services
being part of our normal day have such
to outsmart whatever security system one To subscribe to Hi-Tech Security Solutions
powerful processing capabilities, people including the
want to make use of them in various has in place. And in an environment where Access & Identity Management Handbook
situations, including access control. people often compromise on security in Contact: subs@technews.co.za
Moreover, smartphones will soon become favour of cost, you have to expect that the
cheap products will be easier targets for Design and layout: Technique Design
another management console linked to
a central server in order to control access criminals.
permissions and so on. However, criminals aside, we hope you
All rights reserved. No part of this publication may be
An interesting trend in the world of enjoy the content we have put together for reproduced, adapted, stored in a retrieval system or

authentication at the moment is for people the handbook. By the time you receive the transmitted in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise,
to report that biometrics are no longer magazine it will also all be online. We without the prior written permission of Technews

a good option for security because your will also be sending out a few email Publishing (Pty) Ltd,
Reg No. 2005/034598/07
fingerprints, voice or face can be stolen newsletters with a few articles in the new
and you can’t change them like you can a year. And although the handbook is a Disclaimer

password or PIN. We asked some biometrics once-per-year affair, we welcome your While every effort has been made to ensure the accuracy of
the information contained
players to deal with this issue in one of the feedback which always assists in improving herein, the publisher and its agents cannot be held

articles, but it’s fair to say that the leading the next year’s Access & Identity Management responsible for any errors contained, or any loss incurred
as a result. Articles published do not necessarily reflect the
brands are ahead of the game in terms Handbook. Please feel free to send your views of the publishers. The editor reserves the right to alter

of liveness detection and other means of comments to andrew@technews.co.za. or cut copy. Articles submitted are deemed to have been
cleared for publication.
proving a biometric belongs to a real live Andrew Advertisements, inserts and company contact details are
printed as provided by the advertiser. Technews Publishing
(Pty) Ltd cannot be held responsible for the accuracy or
veracity of supplied material.
LETTERS TO THE EDITOR
Letters to the Editor should be addressed to Andrew Seldon at andrew@technews.co.za.
Sending material to this publication will be considered automatic permission to use in full
or in part in our Letters column. Be sure to include your name, e-mail address, city and
postal code. We reserve the right to edit all letters.

4 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 5
ACCESS CONTROL IN 2017

Access control in 2017


By Andrew Seldon.

According to IHS, the total installed base of access control readers, panels,
credentials and electronic locks is expected to reach 2.3 billion by 2016, up from
1.8 billion in 2012.
The access control market is growing, not control, for example, access to cabinets and the search to eliminate these isolated identities
only the cool stuff like biometrics and mobile safe areas, what about integrated physical and is a hot topic which more vendors and solu-
credentials, but also the traditional cards and logical access to PCs, printers or cloud services tion providers are trying to address. It is easy
fobs business. Yet, as many companies as there controlled from the IT directory? Do companies to see the value, why would I not want to use
are that still use cards and fobs, the technology consider these options at all? the same biometric data used for HR vetting
for access control has evolved and offers more Walter Rautenbach, MD of neaMetrics, local for the company’s access control and logical
options than ever for controlling access to vari- Suprema distributor, explains that, in an ideal access to data. At the present moment, the
ous places, systems and devices. world, we would have a one-to-one relation- number of solutions offering linking access
In one way, this makes the industry more ship between a person and identity data. One control and logical data alone is widespread,
complex for those who have to make sense enrolment used everywhere from building but the uptake is limited. However, we will see
of all the noise and ensure their access solu- access, time attendance, logical access, devices substantial growth in this area, even over just
tions do what is required in their companies. and cloud services. the next year.”
Yet it also opens the door to more integrated “This is nothing new with Single Sign-On One of the reasons he gives that develop-
systems that allow one to more effectively (SSO) talked about and implemented for many ment in this arena is not as fast as we would
manage access and other security or building years to address the problem of managing think or like, might be that it is easier to do this
management functions from a central point. multiple passwords and where using the same in a closed system. However, when implement-
Hi-Tech Security Solutions asked some one everywhere is a significant risk. With this, ing solutions across vendors or providers, a
leaders in the field to make sense of the access flowing into biometric identities, clients want matter of trust arises with everyone wanting
control market in a world that is bigger and the convenience of utilising their single iden- to be the controller of the identity or not
smaller than ever, more complex and simpler tity across all aspects of life.” trusting identities created in competitors’
than ever, with a wider variety of choices and Unfortunately, one of the significant systems. In addition, implementing multiple
price points than ever. identity flaws in today’s age is that most of us levels of access and attaching user authority
In the world of access control systems, have many biometric identity profiles, with to a centrally managed identity introduces a
people and companies install solutions for the most of them managed on separate platforms, level of trusted integration that needs careful
long haul. They do not want to have to replace he continues. “The biometrics I use to access consideration.
or upgrade everything every three or even five my phone, work access control, workstation or This may also be changing soon since,
years. So what do people look for when con- even employment vetting, are in most cases all while trust remains an issue, several providers
sidering their electronic access control options different and introduce a problem that differ- are now offering centralised Identity Vaults or
today? Are we still focused on letting people ent biometric identities are presented by one Trusted Identities, which are becoming more
in or out of the door; or are people looking at person. popular. “I suppose in our particular environ-
more integrated use of access technology to “In a society aiming for non-repudiation, ment, with PoPI being a hot topic, it is easier

6 Access & Identity Management Handbook 2017 www.securitysa.com


ACCESS CONTROL IN 2017

for companies to outsource this responsibility growth for the client.


to external providers,” says Rautenbach. The emerald multi-
functional terminal is an
Users want more example of this. It provides
Stephanie Hensler, director business develop- online and offline access
ment, access control, Axis Communications, control services, but also has
agrees that the lifespan of an access control intercom facilities and integra-
system can be very long, sometimes up to tion to a command and control
20 years. “There are many things people are centre built in. It also offers other
looking for in their access control system, most functionality, such as time and
have their priorities depending on their type attendance, room booking and so on.
of business and needs. With end users becom- Verner adds that access is part of
ing more self-educated in this industry, they a much larger solution and we see
know what is available and no longer depend companies integrating it and monitoring
on their system integrators to tell them what access along with surveillance, intrusion
they want.” detection, perimeter and so forth. We can
With this in mind, she highlights some of see evidence of this in the number of video
the access issues the industry is facing: management systems (VMS) that now include
• End users are demanding more integration to the ability to monitor and manage access
be able to have the option to select best-of- control as standard.
breed solutions. Rautenbach echoes the sentiments about
• Wireless locks are one of the hottest trends integration. He adds that clients and security
in the access control industry today and are consultants are increasingly looking for a total
everywhere. With wireless locks and devices security solution that interlinks all elements of
such as cabinet locks, access control systems security and that can address the full security must plug into an existing network, open
can be expanded beyond exterior doors. life cycle. “To achieve this, more intrinsic standards will become a requirement for com-
• Another trend sees the industry is moving matters are highlighted, addressing questions munication and security. “Future interoper-
away from proprietary hardware for better such as: What threats are introduced with ability requirements will result in much greater
flexibility. One of many reasons for this is end access control platforms running on the same adoption, but which open standard is to be
user demand, they don’t want to be locked in IP network as my corporate network, and can adopted is still yet to be determined.”
to a system without the ability to select the that expose my company data through IP at The industry needs to become more open,
best devices offering expandability and vari- the door? What encryption is used to protect according to Verner, as it is more important
ous options in the future. data? With biometric data now storing thou- than ever to be able to work with other
• Integrated physical and logical access has sands of identities at the door, how safe is it systems without problems of middleware or
been around for years, however, this technol- and can someone just steal it? What interoper- custom development. He notes, however, that
ogy has not been widely adopted, mostly due ability standards are utilised?” more open should not mean less secure. This
to the different departments managing these In response to questions like this, the is why standards like OSDP was developed as
two types of access. industry has taken steps to re-examine the a secure solution to ‘Wiegand sniffing’. In addi-
• Cloud services have also been around for value of RS-485 using Open Supervised Device tion, he says there is a definite move towards
years and are definitely taking off. More com- Protocol (OSDP) V2.X, moving identity data more secure cards that are also more versatile
panies are now developing cloud services as to controllers or secure masters not openly in what they can do.
companies want convenience and feel that exposed, or removing biometrics totally “I cannot say that all access systems are
this service is now secure enough. from the network and back to cards, mobiles, moving away from proprietary solutions as
Philip Verner, regional sales director, EMEA, tablets, wearables, etc. We are also seeing the many vendor-specific platforms exist,” coun-
CEM Systems also sees access today moving implementation of secure credentials, such ters Rautenbach. “Many access or integrated
beyond the door, integrating to other systems as the latest HID iCLASS Seos. These issues, security software vendors are, however, not
and even, in some instances, reaching to the including biometric spoof prevention, have hardware vendor specific, and it is here where
level of logical access. He says the uses of become some of the ‘hot topics’ when it comes not being locked into specific access control
electronic locks is growing rapidly, allowing for to vendor selection. end-point, be it a biometric, card reader or
more security monitoring of access to doors as camera, is critical.
well as other areas such as data centre cabinets The question of standards “The importance of interoperability is,
and so on. The level of monitoring is also grow- When referring to standards, the access control therefore, imperative, and we see OSDP play-
ing, providing more security and information industry is not renowned for its love of open ing the same role in access control as ONVIF
on what happens on a daily basis. standards. However, now that IP access control in the video arena (and ONVIF also has access
CEM sees access as an intelligent system is growing (see a separate article in this issue), control profiles). These types of interoperability
that can do more than open doors. As such, standards are becoming more important. protect clients from vendor lock-in and allow
the company is always on the lookout for ways Open standards have historically been for direct inter-vendor performance measure-
to add value to its access control solutions in a sparingly used by the access control industry, ment. The implementation of these standards
way that supports the facility they are installed admits Hensler. “However, as the access control also adds more than just interoperability, as
in, even to the point of supporting revenue industry becomes more ‘IT-centric’ and devices Continued on page 8

www.securitysa.com Access & Identity Management Handbook 2017 7


ACCESS CONTROL IN 2017

Continued from page 7


with OSDP 2.x, for example, also bringing
encryption of data to the table. Compliance
with these standards is becoming the de facto
yardstick, with non-complying vendors being
frowned upon.”
Another important element with interoper-
ability, when it comes to biometrics, is compli-
ance with ISO and ANSI, Rautenbach advises.
These standards ensure that the biometric data
itself does not lock down users. All recognised
vendors comply with ISO/ANSI, but a word
of caution is in order because although all
recognised vendors comply, it is the system
integrator’s responsibility to consult with the
clients to ensure implementation of these
specific configurations from the start, as these
configurations are not default. AC2000 Security Hub in use.
“It is also important to note that compli-
ance with ISO/ANSI is not difficult, but the volatile, be sure to select a stable company these rejection rates will cause frustration and
challenge is for vendors to offer the same kind with a stable technology.” can result in long queues or irate employees.
of performance using ISO/ANSI versus pro- Verner agrees that some people still have Additionally, a higher percentage of people
prietary. It is for this reason that NIST intro- a bad opinion of biometrics, but the number will find their biometrics can’t be recognised.
duced, for example, Minutiae Interoperability of naysayers decreased significantly after the Again causing more hassles.
Exchange (MINEX), allowing for performance first iPhone with biometric authentication was Multi-modal biometrics is perhaps an
measurements across fingerprint vendors. launched. It has since become more accepted answer to this problem and Verner sees this
Failing to meet good benchmarks in MINEX and people use it daily without a problem. market growing. Multi-modal biometrics
will mean that vendors might comply with There is always a trade-off between cost combines two types of biometric scans in the
the standard, but cannot perform as well in and reliability, however, and users need to same reader, such as fingerprint and finger
interoperability mode, forcing clients back to manage this carefully. If you get cheaper prod- vein checking. This adds a layer of security for
proprietary mode.” ucts, you can expect a higher rejection rate. If access to high sensitivity areas, as well as offers
you intend to install your biometric access con- a solution if a fingerprint, for example, fails to
Spoofing and biometrics trol system in an area with high levels of traffic, register.
When it comes to dealing with biometric tech- Rautenbach’s view of the negative percep-
nology, we have seen dramatic advances in the tions on biometrics differs somewhat, probably
use of and the capabilities of various biometric due to his company being intimately involved
identification and authentication technologies. in the biometrics world from both a sales and
Yet, some people still have a sceptical view of custom development perspective.
biometrics of all types. One of the arguments “I see the excuses of ‘it’s not working’
against biometrics is not that it doesn’t work as and ‘intrusion of privacy’ being the principal
an authentication mechanism, but that it can reasons used towards the resistance of imple-
be tricked or fooled by determined criminals. menting biometrics. I think we must look
This, they say, is a problem as, opposed to a where these opinions come from because they
password which can be changed or a smart- frequently originate more from the persons
card that can be blocked, you can’t change being forced to use biometrics than from the
your face or fingerprints. actual beneficiaries, such as employers and
Hensler says there are many reasons why government. Hence why the acceptance of
biometric technology is not more widely biometrics has drastically increased over the
accepted. Initially, the technology wasn’t as last few years, making the progression to
secure is it today. Another reason for the lack mobile phones and tablets.
of uptake is the cost, it is cheaper and easier “Personally, I have never heard of some-
to stick with what one currently has, which is one who has purchased a new iPhone and
typically cards. said they are not going to use the biometrics
“When end users are looking at imple- because it does not work or infringes on their
menting biometrics, they need to look at all privacy, even though the first implementa-
options,” she says. “Issues to consider would be tions of this did not perform half as well as its
their current system and staff and which type current release. The iPhone [and other smart-
of biometric is best for what they are trying to phone] biometrics experience saw an immedi-
secure. Another important thing to consider ate tilt in the acceptance of biometrics.
is the company, as this industry is still a bit Philip Verner Continued on page 10

8 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 9
ACCESS CONTROL IN 2017

Continued from page 8 where it can be used to enable user bookmarks


“This acceptance, unfortunately, does not on video streams, proactively triggering video
translate to general acceptance where people recording and allowing for forensic user-based
being controlled will do the most to not make investigation on video data.
it work, avoiding looking into the camera, half- Verner says data analytics is becoming
heartedly touch fingerprint readers and even more important, but agrees it is still primarily
use the wrong finger just to get the red light in the video surveillance space where compa-
flashing as a reason to complain. Normally nies want to find behavioural trends and data
those with reasons to resist have good reasons, to prevent issues from arising instead of only
or sometimes good people feeling insulted by reacting after an event.
needing to be controlled. With this said, bio-
metric technology did not always work as well Take aways in technology and growing device offerings
as it does now, and this historical fact could be There are so many issues one needs to focus that keep and set the pace of development in
used by some as an excuse for resistance from on when considering access control, some the access control arena. With cyber security
employees and unions.” already mentioned in this article, but many threats growing at a rapid pace, end-to-end
He is also careful to note that all technol- can be found in other articles in this publica- security and technology needs to keep grow-
ogy is not equal and some just do not work. tion, and even more are still to be mentioned. ing and developing at an even faster pace. It is
Rautenbach’s advice for selecting a vendor However, we put our three interviewees on the essential to find reliable and trusted vendors,
is to look at their track record. See if they spot and asked them what they considered the system integrators and consultants that can
comply with ISO/ANSI standards, participate two most important things decision makers keep up with the pace and which offer secure
in performance measurements provided by should consider when looking at upgrading or end-to-end solutions.”
institutions such as NIST, comply with stan- installing new access solutions. Hensler simply suggests selecting a solu-
dards such (OSDP/ONVIF/various encryption Choosing only two important issues is not tion that will grow with emerging technologies
technologies), and if they continuously work a simple task, but Rautenbach advises buyers and the user’s business, as well as selecting
on increasing the performance and reliability look for a reliable vendor that actively partici- partners, including system integrators and
of their products. pates with open standards and interoperability manufacturers that have standing in the
It’s also worth remembering that any platforms such as OSDP, ISO/ANSI and MINEX. security industry and are forward thinking.
technology is breakable and any technology “Secondly, consider a partner that, on an Verner warns that upgrading and installing
can be applied incorrectly. Finding a qualified ongoing basis, improves hardware and algo- are two very different scenarios. When one
and certified system integrator that knows rithm performance by continuously investing upgrades you need to consider the existing
what they are doing is critical. These days the equipment and make sure the new kit works
SI’s job goes further than just installing devices, well with it, while advancing or improving the
configuring Wiegand and powering maglocks, whole installation.
they need knowledge about TCP/IP and “Access control installations are actually
corporate infrastructure, and need to advise quite complex, which is why you find these
clients and act as security consultants. systems installed for long periods. When you
Therefore, while biometric technology does change something, you need to consider the
‘work’, the responsibility is on the buyer to make entire system, down to the individual readers,
sure they select the right technology and part- you can’t simply add something in.”
ners to get the results they require. In pursuit of There are also different needs in different
getting the results they require, there is also a companies. A small office may focus more
trend in access, as there is in almost every other on access control for time and attendance
industry these days, for data analytics. functionality and may not be too concerned
about security. A large installation, such as an
Intelligence from access data oil or gas plant would be more focused on the
There are two schools of thought to the security aspect.
issue of gathering and using data analytics “What they all have in common, however,
in the access control world. On the one hand is they want value for their money and qual-
Rautenbach says this is not a mainstream ity products that will serve them for a long
focus yet, as employers want to see how long time. Security systems in general are a grudge
their employees spend in smoking areas and purchase, but if the user gets added value
on lunch. In these instances the employers that supports their operations as well as their
are trying to address productivity, payroll and security needs, the value of the system is easier
overtime issues and may not want more from to understand and support.”
their access data than that.
From a Suprema perspective, however, he For more information:
notes that access data is available for analytical Axis Communications: www.axis.com
processing for specialised implementations. CEM Systems: www.cemsys.com
Although this data is being used more as neaMetrics/Suprema: www.neametrics.com /
sensor input into video management platforms Walter Rautenbach www.suprema.co.za

10 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 11
OPINION

The future of Checkpoint Delta


By Sanjay Dharwadker, head, global ID consultancy practice, WCC Smart Search & Match.

Airports are microcosms of the world, enclosed in a small, potentially volatile space.
For over half a century now, Checkpoint Charlie A human mixing pot complex web of local, national and interna-
has captured our imagination as the ultimate Not only in scale, but also in opportunity of tional laws, as well as surveillance for conflict-
border crossing. Shrouded in the mysteries of great architecture and commerce for example, ing reasons – on behalf of companies, gov-
cold war espionage stories, when the Berlin the airport is a true twenty-first century icon. ernments and individuals. It connects many
wall finally came down, it had 14 checkpoints But alongside are the vulnerabilities of post- social spheres and has to provide incarceration
that went by the names of the neighbour- cold-war politics and terrorism. In a world that amidst an illusion of infinite freedom. As politi-
hoods they were located in. But earlier, they fluctuates between borderless globalisation cal scientists state, thus the airport is both –
simply bore signage in the aviator alphabet – and claustrophobic xenophobia, the airport the definition of an immense problem as well
Alpha, Bravo, Charlie … and of this somehow has to be many things for its different users, all as a statement of its grand solution.
this makeshift name of the Friedrichstrasse at the same time.
crossing persisted, and even after being It brings together at a single location both, Who and what are you
reduced to a mere tourist attraction, it remains the ideas and the reality of security, territory By the end of this decade, seven billion people
a poignant reminder of one of the sad aspects and population. It also brings together a are expected to pass through airports travel-
of nation-state politics – that of dividing ling nationally and internationally, consisting
people from people. of about half a billion passport holders. There is
At the beginning of the twenty-first already the pressure for the élite to be treated
century, this drama has shifted to the airport, with queue-less instant service. Archaic instru-
and thus, if you deal in security policy, strategy ments such as visas cause additional bottle-
or technology, it becomes a microcosm to be necks on an already overstretched service
examined in great detail. No doubt, 9/11 or infrastructure.
rather its immediate aftermath has been the Many of the sixty-five million internation-
single most important reason for this focus. ally displaced persons also arrive at interna-
However, the definitive ideas around tional airports, some of them seeking asylum
it came together, with more clarity than and in the most complex legal situations, in
anywhere else perhaps, in the book titled conditions of statelessness. There are women
Politics at the Airport, edited by Mark B. Salter. and children requiring immediate humanitar-
Published in 2008, it is a slim volume, with just ian attention.
eight papers by different authors and comes in Amidst all this, are individuals attempting
at under two hundred pages. Professor Salter to travel on one of the over 60 million stolen or
teaches political science at the University of lost travel documents, individuals suspected of
Ottawa. Not surprisingly, the most influential commercial crime, smuggling and drugs, and
bodies that govern air travel are headquar- those with a criminal background and intent.
tered at nearby Montreal – the International Finally, there are the dreaded terrorists, detect-
Civil Aviation Organisation (ICAO), Inter- ing and stopping whom could prevent untold
national Air Travel Association (IATA) and loss and tragedy. These could arrive disguised
the Airports Council International (ACI). across the entire spectrum – from the élite to
Much has happened since its publication, the asylum seeker. There is no way to tell what
but the principles of border crossing and persona they will don next.
security, essentially remain the same. Sanjay Dharwadker Continued on page 14

12 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 13
OPINION

Continued from page 12 standards and authentication. Similarly, despite government and the commercial, domestic and
The freedom of restriction constant advancements, both in the technology international and the inside and the outside.
Apart from ICAO, IATA and the ACI a number and practice, biometrics as valves that control However, experts reckon that despite tech-
of other regional and national bodies formu- global flows of humanity, could be restricted only niques being available, they have not been
late guiding principles for all this. In the US, it to international border crossing. put together in the most effective way – for
is the Federal Aviation Administration (FAA), Imponderables invariably turn up, such as the identification, classification and managing
the Transportation Security Administration what happens to your data across borders. For of individuals and groups sorted by a level of
(TSA) as well as the Department of Homeland example, the moment it reaches the United dangerousness, so to say.
Security (DHS). States, is it subject to the USA-PATRIOT Act?
Involving almost the entire community of Few of us remember that this ten-letter abbre- Behaviour and identity
nations, the governance environment is a com- viation stands for: Uniting and Strengthening observation
bination of international treaties, national laws, America by Providing Appropriate Tools Three specific areas have immediate potential.
local by-laws as well as management practices. Required to Intercept and Obstruct Terrorism, Biographic search is one of them that helps
The ICAO itself goes back to the Chicago as signed by President George W. Bush on investigators look beyond singular physical
Convention of 1944 (ratified in 1947) as well as October 26, 2001. This has subsequently been identification characteristics. The biometric
its various annexures and amendments. extended and amended in 2011 and 2015 silos also need to be turned upside down and
In a broad sense, airports have the objec- under the Obama administration, and is now provided with connecting passageways. Thus
tive to maximise national security. However, known, quite ironically, as the Freedom Act. names, locations, faces and other specifics can
prevalent business models also require them be looked at more holistically and intuitively
to maximise commerce. This leads to the com- A Difference Machine like a human mind does.
plex layouts and the alternating of wide-open For the airport then, the notion put forward Lastly, there is the hypothesis that identity
spaces with narrow passages and barriers. underlying its laws, regulations, procedures and itself is not the final frontier of security. It is the
Overall, it has been a question of optimising technologies, is to facilitate global mobility and knowing that there is intent. One of the impor-
space, speed and security. at the same time, if required, fortress countries tant ways that an airport functions are segre-
For the security aspect, initially it was and continents. Smart borders has been a gating the streams among the frequent-flying
considered a question of minimising the time euphemism for the increasing use of biometrics ‘kinetic élite’ (as termed by Rem Koolhaas),
to process. Today, the focus is on the outcome. (face and fingerprints mainly) in this context. the more general classes, the refugees and
Also in recent years, there has been a need Peter Adey is one of the contributors in vagabond immigrants (some needing deporta-
to re-evaluate the security objective function Mark Salter’s book and his paper – Mobilities tion) and finally those that need a closer look
itself, because the dependence of returns on and Modulations: The Airport as a Difference for security reasons. It is not only being able to
investment in this field is difficult to quantify. Machine – is a powerful one and immediately foil their passage at arrival or departure, but
In general, security is said to depend on caught the imagination, not only of those also keep the airport itself out of reach from
ID documents, identification and detection wanting to tame the unwieldy airport beast, but being a target.
devices, CCTV and data such as no-fly lists. also of businesses looking to maximise profits Thus there is the current debate between
Viewed individually, each have well-under- within. In sociological terms, he described this behaviour-based and identity-based tech-
stood shortcomings, however together, do continuous and unending process of segrega- niques. Objections abound, and these too
provide a system that seems to hold. Added to tion being based on securitising identity and need to be addressed, especially those in the
this in recent years have been strategies of risk identification, with political asylum at one end realm of privacy, protection, due process, dis-
management, more comprehensive post-event to credit card theft at the other. At an airport, crimination, international law and conventions.
assessment, and somewhat controversially, this synchronises well with the twin ideas of Already businesses, airlines and govern-
using databases as an instrument of selection, maximising security and commerce. In addition, ments are imposing visible and invisible
separation and exclusion. both have established paradigms of profiling, levies that support all means of security at the
In principle, these violate privacy and though with different objectives. However, the airport. With the annual traffic projected to
personal data protection laws. However, many underlying commonality of securitised identity touch seven billion passengers via thirty-five
agencies espouse temporary profiles bringing provides a significant intersection. million flights in one hundred and ninety-one
together data for the eyes of experts, while Already, the mobile phone and the use of countries, the nine thousand odd airports
maintaining the essential separation in the biometrics to authenticate payments provides where they originate and land, assume more
machine form, as a bare minimum, looking at even greater common ground, between the importance than ever before.
today’s threats. authority of one and the power of the other, in its Not one of them is known as Checkpoint
Ideally, passports serve well for external move- capacity to organise the identification of individu- Delta, but I thought to use the name to remind
ment. However, the use of ID cards for internal als. Newer ID schemes have already breached us of what changes and what remains the
movement opens up many issues of acceptability, the conventional distinction between the same.

14 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 15
OPINION

Security versus convenient access


By Michael Horn, CA Southern Africa’s security business unit leader.

The growing security demands of business versus the need for identity
and access management controls.
Like it or not, in the application economy every wearables. In order to protect the business
enterprise is now in the software business and and grant the appropriate level of access,
the challenges ahead are daunting. Budget organisations must authenticate each user
constraints continue to be a common obstacle, and each endpoint.
but they are closely followed by security As digital interactions increase in volume
concerns. and complexity, identity and access secur-
Many have found that protecting the iden- ity have become more critical for both the
tity of users and safeguarding sensitive data is organisation and end user. However, security
easier said than done when contending with: measures should not be achieved at the cost
• Exploding user and application populations. of convenience. Today, intuitive and easy-to-
The sheer volume of applications, their rate use functionality drive applications are ripe for
of change and the diversity of end users has adoption. If a customer has to jump through
never been greater. To enable and protect awkward authentication hurdles, they will not
the business, enterprises must efficiently hesitate to look elsewhere. And if an employee,
manage: partner or contractor must juggle multiple
a) the identities of this growing user base, logins to gain access to essential services,
and frustration will quickly grow while productivity
b) their access to the appropriate plummets.
applications. In this culture, where security is paramount Biography: Michael Horn
• The externalisation of IT. In order to meet and the user experience is king, the ultimate Michael Horn is the CA Southern Africa
the break-neck pace of application demand goal is to provide users with easy and secure security business unit manager. Over the
while keeping costs low, businesses have access to the applications they require – past three decades Michael has accumu-
turned to cloud-based deployment models. whether on premise or in the cloud – based on lated extensive specialist skills based
Moreover, enterprises are increasingly their identity, role and associated entitlements. on real-world exposure to: architecting;
embracing partner-delivered services implementing – including the operational
and third-party applications to enhance Appropriate security levels management – of a variety of information
their line-up of digital experiences. This So, how do we ensure appropriate security security technologies. Michael is a Certified
diversity in application environments has levels within this complex and rapidly evolving Information Systems Security Professional
erased the once well-defined boundaries application economy? (CISSP) and the author of several publica-
of an enterprise, introducing new security The answer lies in a centralised identity tions. Michael has experience in a wide
considerations. and access management (IAM) service. This range of identity and access management
• Varied endpoints. Applications are every- approach ensures all identity-related func- technologies including advanced authen-
where – as are the employees, partners and tions, such as authentication – and ultimately tication, identity consolidation, unified
customers accessing them. And, these users authorisation – are consistently managed by access management and privileged access
are leveraging a dizzying array of devices, the enterprise and executed reliably across management.
from PCs and tablets to smartphones and Continued on page 18

16 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 17
OPINION

Security and authentication will be


more important to enterprises in the next
two years as it will have higher visibility
from executives because of recent data
breaches. Forecasters predict that mobile
phones and devices will be the authen-
ticator used by most. When it comes to
authentication, enterprises and end users
want two things – simple and secure.
Organisations want ‘zero-touch authentica-
tion’ to deliver as frictionless and password-
free an experience for their customers and
employees as possible, and the mobile
device will be a key element.
The shift from identity management to
identity access security is another predica-
tion. Data breaches have hinged on compro-
mising a user identity and new systems will
require identity and access security that is
Continued from page 16 facilities, security specialists and other expen- intelligent, contextual and verifiable.
diverse channels. And true to the trends, sive IT infrastructure to support on-premise The flood of recent international
many have begun to leverage IAM as a hosted solutions. breaches also means that identity manage-
cloud service for its cost-saving, flexible and • The demand for accelerating the release of ment and authentication will have a higher
elastic qualities. Utilising this elastic model, new business services with centralised and profile in the boardroom. Corporate execu-
one can quickly obtain enterprise-grade IAM consistent IAM across on premise and cloud- tives and boards will be held accountable for
security capabilities without having to deploy based apps. breaches that damage their corporate brand.
or manage the large IT infrastructure typically Application and user numbers are undeni- This will increase their level of involvement
associated with on premise solutions. ably on the rise. In fact, it is not uncommon for in security strategy and governance. Security
What are the drivers of cloud IAM adop- operations to manage a customer user base of will shift from an IT problem to a business
tion? They include: one million-plus and/or an employee, partner executive problem.
• The need to expand or contract identity and contractor population in the hundreds
services based on the current needs of the of thousands. IAM as-a-Service enables you Physical and logical convergence
business. to centrally manage identities from account With smartcard-based physical access
• A requirement to reduce resource and cost creation and assignment of access rights to already in place at many enterprises, the
pressures. The cloud-based model eliminates fielding access requests and managing related next logical step is to provide the same
the need for the procurement of hardware, user attributes. level of protection for digital assets. Physical

Privileged access management portfolio


CA Technologies has released enhancements to its comprehensive to systems and applications based on the identity of the individual
privileged access management portfolio, giving customers control user. CA Privileged Access Manager Server Control resides on the
over the privileged accounts that support a hybrid IT environment server and manages user activity based on resource protection,
and are a frequent vector for cyber attacks. with policies that control file access and actions taken on the
By updating and integrating CA Privileged Access Manager (for- server. This prevents bad actors from covering their tracks and
merly Xceedium Xsuite) and CA Privileged Access Manager Server helps accelerate breach discovery.
Control, CA helps reduce the risk of data breaches by extending With the enhancements, customers can consistently manage
the depth and breadth of control over privileged users, from the and control privileged users at both the network and the server.
gateway to the server and from the database to the cloud – all When an IT administrator accesses a system, CA Privileged Access
from a single management console. Manager automatically triggers CA’s Server Control product and
Says Michael Horn, CA Southern Africa, security business unit to apply policies on the server resources based on the individual’s
manager, “In any cyberattack, bad actors have a single goal in mind identity vs. simply the administrator account. This provides a more
– elevate privilege in order to get access to the most sensitive sys- detailed and granular level of access control.
tems and data. And if the attacker is a disgruntled insider, he or she In addition, CA Privileged Access Manager has expanded
may already have that access. CA’s privileged access management integration with service management tools to further
solutions help protect an organisation’s most sensitive systems and streamline privileged user provisioning and de-provisioning
information.” for those individuals who only require short-term
CA Privileged Access Manager allows customers to implement privileged user access, such as temporary employees
controls at the network gateway, managing privileged user access or contractors.

18 Access & Identity Management Handbook 2017 www.securitysa.com


OPINION

access control provides a first line of defence, architecture offered by smartcards vastly participate by collaborating with the integra-
but a multi-layered approach is required for decreases the likelihood of unauthorised tion of the two systems.
truly proactive security. As such, there is a users gaining access to sensitive data. Today’s With the use of embedded identity analyt-
compelling argument to implement smart- credential management solutions help ics, administrators will be able to drill down
cards for logical access. manage heterogeneous environments that into potential ‘road blocks’ existing in logical
In fact, businesses are beginning to realise combine all of the normal access manage- and physical identity lifecycle management
the benefits in cost savings, ease of use and ment models such as passwords, software processes, allowing the identification of areas
increased security by ‘marrying’ physical and certificates and hard physical tokens, allow- of process inefficiency and to ensure meeting
logical access control onto a single platform. ing migration by department or groups from business service level agreements.
Instead of adding technological and man- one model to the next and so on. One thing is certain, everything revolves
agement complexities by having separate Ease of use is another compelling argu- around positive identification that can be
access control systems for physical facilities ment for marrying physical and logical access audited and potentially used in court for
and electronic data, it makes more sense to onto a single platform. Users will not have to prosecution. Perhaps most importantly,
combine the two solutions and gain higher carry multiple credentials, nor will they need though, such an integrated system brings
assurance, cost savings, efficiency and ease to remember multiple passwords or PINs to down the barriers that have stalled the
of use. access applications and data. Instead, they convergence of physical and logical access
The marriage of physical and logical will have one smart card that can be used for control systems for so long.
access into a single solution builds an infra- everything. IT departments and facilities manage-
structure of increased trust. Deploying smart ment staff can finally work together to
cards to employees, partners and other key Collaborate and integrate become more efficient and eliminate security
individuals is a proactive enterprise approach Many companies consider integrating gaps in the process, once an IT and user-
to higher assurance. Except for informa- physical and logical security to be a technical friendly building security system has been
tion that requires little or no protection, effort. Logical and physical security organ- acquired.
user names and passwords will one day be isational structures are typically described
considered an unacceptable access control as two silos, each reporting up through For more information contact
mechanism, as they are easily forgotten or different management structures. While Michael Horn, CA Southern Africa,
compromised. this is not ideal, the organisational chasm +27 (0)11 417 8765,
The multi-factor authentication and PKI can be bridged by having physical security michael.horn@caafrica.co.za.

www.securitysa.com Access & Identity Management Handbook 2017 19


OPINION

IAM: Looking ahead


By Dean Wiech, MD of Tools4ever.

Identity and access management and access governance: the immediate


past and the future.
The future of identity and access manage- of 8 a.m. and 5 p.m. A second group, possibly
ment (IAM) and access governance (AG) is senior management, would be allowed to
getting clearer as every year passes and 2017 access the same application anytime, any-
should be no exception. What I mean by where and from any device.
clearer is that visibility into the user accounts
and the access rights they have to applica- Lower identity costs
tions and data will be become easier to see. The other exciting trend in the IAM/AG space
This visibility will also come with a signifi- is that even though functionality continues
cantly lower cost and be implemented in a to rise, the price points continue to drop,
much shorter window. along with the time needed to implement
First, let’s take a look at where the solu- the solutions. In the not too distant past,
tions themselves are going over the course organisations could expect to pay upwards of
of the next 12 months. The standard account $50 to $100 per user for complete function-
lifecycle management and role-based access ality and expect an implementation to last
control (RBAC)/attribute-based access between 12 and 18 months, possibly even
control (ABAC) functionality for access rights longer. While this was certainly in the realm
will continue to the main driving force that of reality for large multinational organisa-
companies look at when considering an IAM/ tions with dedicated IAM/AG teams in-house,
AG solution. Vendors are starting to bundle it was certainly out of the reach of the vast
ever more functionality into these solutions majority of small and medium businesses.
to make the life of the IT department and the Dean Wiech, MD of Tools4ever. The coming year will see a continuance in
helpdesk easier, but to also provide a better the drop in the per-user pricing, most likely
experience for the end users themselves. even more useful for end-users and security down to the $15 to $25 user range. Just like
By bundling self-service and web-based professionals alike. For users, the convenience any technology, as more companies adopt
single sign-on portals into the technical, back of having all of their authorised apps available it, the more affordable it becomes. The other
office systems needed to maintain the user from one location, and not having to enter interesting trend is the time to implement
accounts and set proper access rights, end- credentials every time, has always provided continues to decrease as well. Not only have
users now have the ability to perform many an ease of use benefit. The latest and upcom- the systems become more sophisticated and
tasks either much simpler or on their own. ing iterations of these products provide ‘any secure, but they have become more stan-
A self-service portal allows them to device’ functionality, meaning what they are dardised, using templates and frameworks
securely perform tasks that previously familiar with on their desktop is now also instead of custom development to suit a
required either calling or e-mailing the available on their smart, mobile device. This company’s requirements.
helpdesk and their manager and then wait- means regardless of where they are or when As part of this, organisations are also
ing for approvals to occur. Now a simple visit they are trying to get work done, the ease of electing to phase in the system rather than
to an internal portal allows them to request access to critical applications is never more trying to do an ‘all or nothing’ or ‘all at once’
additional applications, a new computer or than a couple of clicks or taps away. implementation. Functionality, such as web
mobile device, access to data shares or being For the security professionals, the abil- SSO or self-service password reset, can be
added to a distribution group. The request is ity to disable a SSO profile and immediately implemented in a few days and provide an
then routed to the appropriate person or per- eliminate access for a user provides immedi- immediate benefit and time relief to the IT
sons for approval or denial. If approved, the ate peace of mind when someone leaves the and helpdesk. In turn, this new found time
workflow moves forward to either completion organisation. However, the addition of the can be devoted to bringing up the provision-
in the network or routed to the appropriate latest functionality also provides peace of ing and AG processes, again by phasing it in
system owner for completion. The requestor mind while the user is employed. The ability small, easily implementable components.
has visibility into where the process is at to restrict users access to the portal, or to One thing is certain, as 2016 comes to
any time and is notified when completed or specific application within, can be accom- a close, it is safe to say that it has been a
rejected without further time wasted. plished by time and day, IP address, device banner year for IAM. With the better, faster,
type, as well as other security focused set- less expensive trend starting to pick up
Single sign-on tings. Basically, this means you can restrict steam, the growth in 2017 should be stellar.
The idea of a single sign-on (SSO) portal for the finance application to one group of users
web apps is not a new one. However, recent only being utilised from within the network For more information go to
enhancements make the newest products on a Windows computer between the hours www.tools4ever.com.

20 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 21
BIOMETRICS

The biometric decision


By Andrew Seldon.

Biometric technology has come a long way to being a reliable, yet often
misunderstood identification and authentication mechanism in business today.
The topic of biometrics is nothing new in the no matter how similar two people’s faces are, Faulds, who published an article on finger-
pages of the Access & Identity Management the facial recognition system must be able to prints in 1880. However, fingerprints have been
Handbook. As has become the norm, this issue reliably tell them apart. in use for far longer, as a fingerprint on a clay
will examine how and where biometrics are While all of the trait mentioned above will seal confirms – dated somewhere between
being used in the broader access field. In this be able to identify an individual in the right cir- 1000 BC and 2000 BC. Fingerprints, however,
article, however, we look at the various biomet- cumstances, the research into these other traits are a biometric format that requires overt
ric options available and their acceptance. We stands at different levels of technical advance- acceptance from the user, who is expected to
will also touch briefly on what is required from ment. This means that the convenience and place their finger/s on a reader for a second or
a biometric system to make it a reliable and ease of obtaining and comparing data are very more. This excludes latent fingerprint gather-
accurate access and authentication mechanism different – just take DNA, which was really ing, for example at crime scenes.
for today’s end-user. only first used in 1986 as an example of a long, Facial recognition goes back as far as
For those readers wanting more than the drawn-out process as opposed to fingerprints. 1964, or perhaps to the beginning of the 20th
brief overview below, there are two resources When choosing a biometric for use in one’s century when 35 mm still cameras started
(among many) offering insights and more own environment, you therefore need to find appearing. Facial biometrics is perhaps the
information on the topic. The first is a paper by something that fits your requirements in terms most popular form as it doesn’t require
Jain, et al, 20161 ; the second is a presentation, of ease of use and reliability (and speed). Jain anything from the user, they don’t touch
also by Jain2 which is far more concise and et al, (2016) notes that the utility of a biometric anything and recognition and authentica-
easier to read, covering the same data. trait for a specific environment “depends on tion is not affected by your mood or facial
the degree to which the following properties expression (supposedly, real life is sometimes
What biometric? are satisfied: (i) uniqueness or distinctiveness, somewhat different). Facial is also popular
Fingerprints are by far the most widespread (ii) permanence, (iii) universality, (iv) collect- among governments as these readings can be
biometric trait used globally, primarily due to ability, (v) performance, (vi) user acceptance, taken covertly – such as in a crowd – allow-
the long history of research and the ease and (vii) invulnerability, and (viii) integration.” ing for broader identification programmes, as
convenience with which fingerprints can be Meeting these requirements, the most well as less privacy. Fortunately, the quality of
captured and compared. Today, however, other popular biometrics in use today are fingerprint, these ‘readings’ is still a work in progress, but
forms of biometrics are gaining ground and facial and iris recognition. There are other traits the technology will improve dramatically over
being used in various situations. Some of these that are being used successfully, such as vein the next few years.
include face, iris, palm or finger vein, signature, and/or general hand geometry systems, but Iris recognition got a start in 1936 when
voice and even deoxyribonucleic acid (DNA). the three mentioned are the primary ones Frank Burch raised the idea of using these pat-
One of the keys to biometric use is that the used by over one billion people around the terns for identification, but the first patent was
trait chosen must offer a high probability of world. only granted in 1985 (Jain, 2013.) While iris bio-
identifying an individual, even when the bio- metrics could be a covert operation, technol-
metric is read in different conditions (poor or Historic foundations ogy does not yet allow for ‘on-the-fly’ readings,
bright light, dry or wet conditions, and so on). As noted, fingerprints have the longest history although this technology is used effectively in
Similarly, it must have a very low probability of of research and use. The science of fingerprint the UAE, at airports for example.
identifying the wrong individual. For example, recognition can be traced back to Henry Continued on page 24

22 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 23
BIOMETRICS

Continued from page 22 is presented to a reader) and attacks on the to create multiple unique templates of the
template database. same biometric, and
Quality is key “Spoof detection is a critical requirement, • Discriminability, in that the template
In all types of biometrics, the quality of the especially in unsupervised applications (e.g., should not degrade the reader’s accuracy in
data is critical in the ultimate accuracy of the authentication on a smartphone) where the recognition.
system, both for capturing the biometric as presence of a user is not being monitored”
well as comparison. For this reason, it is wise (Jain, 2013). To prevent spoofing, the biometric Advancing market
to choose your biometric trait carefully – there product chosen must have the ability for ‘live- It’s clear that biometric technology has come
may be problems when using fingerprints for ness detection’, in other words, proving that a long way over the past years and is being
identity and authentication for manual labour- the biometric presented is attached to a living used in a variety of situations all over the world,
ers like miners, as their fingerprints can be person and not a plastic mould, for example. from time and attendance functions through to
worn down due to their jobs. There are many ways of doing this, but they national identification databases. The research
Similarly, it is equally, if not more important rely on measuring some physiological aspect and development into this technology is also
to choose your products carefully. In today’s of the person, behavioural patterns, or a chal- ongoing, and will allow for further rollouts and
globalised world, there is always someone lenge-response mechanism. In most cases the usage in more environments over time, as well
with a cheaper option that promises to do liveness checks are handled automatically so as as the introduction of new biometric traits as
everything a more expensive product will. not to waste time or inconvenience legitimate well as improvements in existing ones.
But will these cheaper readers capture the users, but when dealing with sensitive access, Arguably, the most effort is being focused
data accurately enough and ensure accurate challenge-response may be required to ensure on DNA as the unbeatable biometric trait, and
comparisons? people are who they are supposed to be (such we have seen advances in the time it takes to
The benefits and speed of biometrics as asking for a random finger to be scanned analyse DNA. This branch of biometrics has
quickly turn into a disaster when, for example, each time the person authenticates). a long way to go before it is as fast and con-
using a cheaper solution results in finger- When it comes to protecting the biometric venient as fingerprints, for example, and even
prints having to be scanned multiple times templates stored in databases, smaller applica- longer before it is as cost-effective as fingerprint
before they are recognised, or they may not tions may find it worthwhile to decentralise biometrics. Then of course, the other traits are
be ­recognised at all even though they were their storage to smartcards the users carry. also advancing, such as touchless fingerprint
initially captured. The worst scenario is if one In other situations, a central server may be recognition and more. And let’s not forget how
person’s biometrics is mistaken for another required, in which case the biometric will be biometrics has even found a place on your
individual’s, negating the purpose of using stored as a key, or in a numeric format accord- smartphone, allowing the user to unlock their
biometrics in the first place. ing to an algorithm which is (hopefully) secure. device or authorise payments with a fingerprint
While even a cheap reader will work in Jain et al, (2016) recommends three require- or by pointing the camera at your face.
ideal conditions, the day-to-day conditions ments for storing a biometric template: To sum up, the choice of biometrics is
of a working environment are seldom ideal. • Non-invertability, to prevent the conversion therefore a reasonable one when consider-
This is where better design and build delivers of a template back into a biometric feature ing identification and authentication needs
the goods as the companies which have put such as a fingerprint, in business, but it’s a case of buyer beware.
money into R&D focus on addressing those • Non-linkability, meaning it should be possible Opting for the cheapest offering on the market
‘non-ideal’ conditions – which will include may indeed meet your T&A requirements in
fraudulent activity like fingerprint spoofing, a normal, small-office environment, but don’t
or standing too far away from an iris reader or expect exceptional or trouble-free perfor-
keeping your eyes half closed. mance. Doing your homework will enable the
Other issues which affect quality and buyer to make better decisions based on what
the ability to identify individuals include the they require and what is available. Biometric
ageing process. We all know our bodies change systems aren’t cheap, but it is a competitive
as we get older and this includes various bio- market and advancing technology works in the
metrics, including fingerprints and our faces. end user’s favour.
Many algorithms have been developed to cater
1
for ageing and these will improve over time to Jain, A. K., Nandakumar, K. & Ross, A., 2016. 50 years
deal with the changes we all go through. of biometric research: Accomplishments, challenges, and
The environment is also a factor in iden- opportunities. Available at: http://www.cse.msu.edu/
tification, as noted, requiring significant rgroups/biometrics/Publications/GeneralBiometrics/
investments in research to allow for imperfect JainNandakumarRoss_50Years_PRL2016.pdf (short
scanning conditions. URL: http://securitysa.com/*cm823a).
2
Jain, A., 2013. 50 Years of Biometric Research:
Faking it Almost Solved, The Unsolved, and The Unexplored.
A final thought when it comes to selecting Talk delivered at The International Conference.
biometrics is the abilities of criminals to fool on Biometrics, Madrid, Spain, 2013. Presentation
the readers using a fake fingerprint or some available at: http://biometrics.cse.msu.edu/
kind of mask. Jain notes that there are two pri- Presentations/AnilJain_50YearsBiometricsResea
mary vulnerabilities when it comes to fooling rch_SolvedUnsolvedUnexplored_ICB13.pdf (short
biometrics: spoofing (where a fake biometric URL: http://securitysa.com/*cm823b).

24 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 25
Biometrics advance is relentless
By Andrew Seldon.

The global market for biometrics will climb to over $40 billion in 2021.
According to Radiant Insights, the financial Hi-Tech Security Solutions: There are stories Reliable, good quality biometric solu-
value of the global biometrics market will doing the rounds that criminals have ways tions have been in existence for many years,
reach $44.2 billion by 2021, primarily from four of skimming your fingerprints at ATMs. Then but their cost has not justified the cause.
segments law enforcement, border control there are the never-ending stories about Complaints of poor quality and reliability arise
(which includes government identity systems), the poor quality and reliability of biometric more often than not as a result of cost winning
workplace access, and consumer identity. authentication systems? How would you the battle over quality, to the detriment of the
Governments are a key driver in the respond to this? technology as a whole.
rollout of biometrics with enormous projects Hendrik Combrinck: Through many years The past decade has seen a general
underway in, among others, China and India. of research and working with the banking improvement in biometric technology, pro-
Another driver is expected to be the financial sector extensively, we have concluded that cessing speed and accuracy, with the driv-
market which is finding more reliable ways of biometrics by itself will never be the silver ing force being fierce competition between
identifying people and combating fraud, both bullet everyone was looking for in identifica- vendors and modalities in search of a positive
internally and externally. tion and authentication. Biometrics will always authentication technology that delivers the
It wasn’t too many years ago when South form part of the full solution where it will most business value (cost versus effective-
Africa was a primary driver in the biomet- be used as one of the criteria in multifactor ness). Credit must be given to those that
rics market. The uptake of biometrics in the authentication. So the ATM user will still need spend extensive time to ‘flaw’ systems because
country was driven by the private sector, with to enter a PIN, account number or just insert without that vendors would have no reason to
government catching on before too long. the card, but with that a fingerprint, face, retina innovate and improve.
Today, using biometrics is common for millions or iris will be compared to the system. The bio- Users also play a vital role by demanding
of South Africans at work, collecting pensions metric systems the banking sector is looking technology that works and which overcomes
or getting a new passport. And that ignores for now are meant to strengthen their existing the flaws that receive attention. International
the growth of smartphones and other devices identification systems and not to replace them. benchmarking of vendors and modalities
that have biometrics embedded. Walter Rautenbach: There is no such thing across large databases, previously not avail-
From a business perspective, both private as perfect technology, and whilst flaws exist, able, also assist users in making educated
and public, biometrics plays and will play a and with financial gain as a motivator, there decisions on viability and selection. Certain
significant role in various applications, from will always be enthusiasts willing to exploit implementations might justify placing a finger
access control to time and attendance track- these weaknesses. three times for it to work or having a high false
ing, through to workforce management As Albert Einstein said, “We cannot solve acceptance rate. The rest has a wealth of infor-
and financial authorisations. Hi-Tech Security problems by using the same kind of thinking we mation and research readily available to ensure
Solutions asked the leading biometric suppliers used when we created them”. The same applies they make the right decisions.
in the region to tell us more about the market, to biometrics. One must consider the prog- The thought of a having one’s identity
as well as about reports claiming it is easy to ress security has made to ensure true identity stolen is also a driver of technology improve-
fool biometric readers. through biometrics over the current flaws in ment. Liveness detection was a good start,
We received input from people from three identifying a person based on something they kerbing at least the motivation of someone to
respondents: have (card, phone) or something they know steal your finger. Protecting the data generated
• Hendrik Combrinck from ZKTeco. (account number, PIN, passwords). There will still at the time of interaction to completion of the
• Walter Rautenbach from neaMetrics, local be many advancements in skimming of data, transaction, with the purpose of interjecting
Suprema distributor. be it biometrics or not, and hence the need for the same later to execute another transaction
• Deon van Rensburg from ViRDI Distribution. continuous enhancements in technology. is another challenge. It is, however, a general

26 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS

problem with any data, and continuous improvements in protecting this


are essential.
Statistics show that acceptance has increased, which my mind trans-
lates to decreasing scepticism. Competition is fierce and bad publicity
hurts billion dollar enterprises. Technology is imperfect, but my answer is
‘Yes’, True Identity will improve our society and we can only solve the new
problems we create with new thinking.
Deon van Rensburg: There is a misconception about fingerprint sys-
tems that is at the heart of these rumours. Major biometric vendors each
have their own extraction and matching algorithms which converts the fin-
gerprint into a mathematical string called a template. Good systems then
encrypt these templates further to comply or exceed with ISO 27001:13.
Extremely good systems also exceed the FBI iAFIS / NIST/MINEX standards.
Even if this template is stolen, it is virtually impossible to reconstruct a
physical image of a fingerprint from these templates. Add to this live and
fake fingerprint technologies or multispectral response imaging tech- and Samsung were ‘hacked’ i.e. spoofed within hours of their flagship
nologies (or in the case of ViRDI, a combination of both) and these stolen phones featuring fingerprint technologies being released. What people
templates are virtually useless. tend to forget is it was a trial for these manufacturers. Just as with the
There have been numerous cases over the last few years where bio- first trials of other technologies (like Bluetooth), development was
metric data has been stolen. The US Office of Personnel Management needed to make it better and more foolproof. The fingerprint scanning
hack or the Philippine Voter Registration Database hacks are the most technologies they used were proven by the mainstream to be obsolete
prominent. With the OPM hack more than 6 million biometric data records and not worth investing in.
were hacked and with the Philippine hack more than 15 million biometric Both Apple and Samsung (Huawei and Redmi as well) are currently
fingerprint records were hacked. Yet, not once has there been any correla- developing new fingerprint scanning technologies for mobile use that is
tion between these hacks and any criminal activity where stolen biometric already far superior to anything they used previously. Even ViRDI’s sister
data has been used. company – Nurugo – is developing optical scanning technologies for
A major source of concern for the general public was the mobile mobile fingerprint scanning use that incorporates optical scanning with
phone manufacturers’ first forays into fingerprint biometrics. Both Apple Continued on page 28

www.securitysa.com Access & Identity Management Handbook 2017 27


Continued from page 27 such as infrared light for facial authentication, For facial recognition we use 3D geography
live and fake fingerprint detection. Taking the utilising 3-dimensional face modelling, or with isometrics i.e. we specifically look for cur-
above into consideration, the chances that a external specialised light emitters and sensors vature and shapes of features. We also extract
fingerprint is skimmed and then becomes use- for fingerprints, which can detect a physical the image via infrared and not via colour. Iris
less is negligible. pulse. As with biometric technology in general, scanning systems are the most challenging. I
these protection methods have been under recently read a study where Iris systems were
Hi-Tech Security Solutions: How do biometric attack and have been improving drastically to successfully spoofed, but with the addition of
systems, whether fingerprint, facial iris etc. compensate. EEG (Electroencephalogram) technologies, this
detect that the subject is alive and that Suprema has, over the years, been devel- spoofing was successfully thwarted.
someone is not presenting a fake finger oping and improving its liveness detection
or image? technology and developed its own algorithm. Hi-Tech Security Solutions: How do biomet-
Hendrik Combrinck: Most manufactur- The new and advanced Live Finger Detection rics work in terms of recording someone’s
ers have their own methods of establishing technology applies machine learning, which fingerprint (or other) details?
if a biometric reading is from a live person analyses and categorises image patterns Hendrik Combrinck: Most manufacturers
or not. Most of the time it is done through a according to optical characteristics. It further have their own methods, but most of the time
process where different coloured light is either utilises a technology called Dual Light Source it is certain points on the biometric object
absorbed or reflected by the object being Imaging which applies infrared and white light that are read and put through a proprietary
read. This reading then forms part of the whole to detect liveness instantly. algorithm that is then stored on a database on
algorithm of each manufacturer. Deon van Rensburg: Different vendors each a server or on the device itself. In most cases, it
Many questions come up as to the reli- have their own version of live and fake biomet- is not dangerous to transmit this information
ability of these processes, but no company has ric detection. This always consists of a range of because it is encrypted at all levels.
ever made any claims of being 100% foolproof. different technologies working within a system Walter Rautenbach: Encrypted transmis-
This brings us back to a multifactor authen- and is rarely, if ever, a single technology. As with sion and storage are essential. With today’s
tication, and this can also now include multi- everything, there are constant evolutions and hard-core processing power it is becoming
biometrics. People will still try extensively to development within these technologies and the easier to do brute force attacks on encrypted
fool a one factor biometric system, but with a proof of the pudding lies in how vendors apply data by exploring as many encryption keys
multi-biometric system they will think twice. each of these technologies in a system to make as possible to find the one that will open the
Walter Rautenbach: Liveness detection their system spoof resistant. data. To kerb this, it is essential to use session
has drastically improved over the past few Since I represent ViRDI I will highlight how keys for data transmission, meaning unique
years and many patents have been registered. our systems operate. With fingerprint scan- session keys are negotiated between transmit-
Many of these utilise specialised algorithms ning we firstly measure capacitive discharge ter and receiver and are valid for a particular
that measure life through specific behaviour from a human fingerprint. Without capacitive transmission only.
and pattern analysis. For example, the differ- discharge, the system remains in idle state. We This means that if skimmers pick up
ence between a picture of a face and live feed then bombard the fingerprint with infrared transferred data packages and attempt brute
of a portrait image is the variation of the facial and measure a very specific IR bounce back force decryption on this, the specific security
pattern over several captures. that is unique to human skin. As a third step key found is long lost and not usable anymore.
With facial recognition, some vendors will we use multispectral response imaging tech- Still, if they found the key, it means they could
enhance this through specific on-demand nology to scan the fingerprint, and lastly our open the transmitted package, and should it
requests such as smiling or closing a specific algorithm looks for certain characteristics that contain identity data then the identity data is
eye, although people prefer not to smile or are unique to human fingerprint and cannot in the open. This, as well as brute force attacks
blink at an ATM. With certain modalities, it pro- be duplicated by means of composite materi- on data stores, are typically prevented through
gressed by introducing hardware components, als such as rubber, paper or silicon. Continued on page 30

28 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 29
Continued from page 28 certain unique identifiable features to match solutions. Think of a small butchery with five
data fragmentation where the personal data to. This is why reverse engineering a full finger- employees that wants to keep T&A records
and biometric data is separated, leading brute print image from a template is all but impos- by using biometrics. A high-end system is not
force attacks to find the biometric data, but not sible – you have the coordinates, but you have the appropriate solution. However, there are
being able to link it to a person for exploration no map to reference to. spaces where extra security and functionality
purposes. The top biometric vendors – who devel- is required with large volumes of users. For
The sophistication of this type of frag- oped their own internal algorithm – also these applications, the cost effective biomet-
mentation varies from implementation to encrypt this template to comply with or ric systems are totally inappropriate and the
implementation and exponentially decreases exceed ISO 27001:13 / NIST / MINEX / iAFIS. high-end systems come into their own.
the likelihood of opening up the identities for With ViRDI, this encryption exceeds military It is up to the specifiers / installers / con-
exploitation. Another element used to protect specification and the decryption key is our sulting engineer to recognise which system
data even further is the utilisation of external most highly guarded industrial secret. Because is appropriate and which are not. Let’s be
tokens, such as smartcards and dongles, in the of this, the data traffic between device and honest, as with all electronic technologies,
encryption process. The greatest weakness in database is secure. The protection of the net- there are vendors out there that are dirt cheap
these systems is knowing what methods are work, however, is something that is out of the and their product is an embarrassment to the
used to protect data. This saves hackers the hands of the biometric vendors and, as with industry, but in the biometric industry they
effort to figure out what decryption to attempt any other data, the level of network security is have not had such a major impact as they did
and brings the focus merely to finding the very important. in the CCTV, intruder detection and access
right keys to open the data. control market segments.
For this reason, system architects and Hi-Tech Security Solutions: We know the My advice to a potential user is this: how
owners obfuscate as much of this information security industry is price conscious. What accurate must the system be, how secure
and certify their security layers only through advice would you offer to potential buyers/ must the system be, what speed of use is
external organisations hired to try to break in. users to assist them in ensuring they obtain required for the volumes of traffic flowing
This in itself creates risks by providing hired the appropriate technology that they can through the system, how long do you want
hackers with great equipment and also relies on rely on? it to last, and what functionality is required
the success and skills of their tests over the par- Hendrik Combrinck: My best advice to by the application? Then choose your system
ticular test period. It is, therefore, imperative to the market will be to firstly choose the correct accordingly.
find an identity partner that invests in data pro- biometric technology for your company’s envi-
tection, who performs as many external security ronment where the reading will take place and Hi-Tech Security Solutions: What are the
certifications as possible and who uses proper the application is going to be used. The correct latest solutions your company has released
key sizes, upgrades encryption algorithms installation partner must also form part of the to market and what are their distinguish-
before they are compromised and implements a decision, because sometimes technology is ing features?
sophisticated data fragmentation that separates only as good as the installation. Hendrik Combrinck: Our biggest launch
the biometric data from personal data. Walter Rautenbach: The best advice is to this year was of our professional enterprise
Deon van Rensburg: Biometrics uses some- find a knowledgeable partner that continu- access control platform, ZKBioSecurity (see
thing called an algorithm, which in essence is a ously invests in new technologies and which separate article in this issue). This platform
range of mathematical equations that performs has a proven track record. competes against the regular names in the
a series of automated functions that includes a) Deon van Rensburg: South Africa is histori- access control market, but at a much lower
quality assessment, b) enhancement, c) feature cally a society that are slow adopters of new price point. Included in this platform is a full
extraction, d) classification / indexing, e) match- technology and when they do adopt, pricing array of door controllers, standalone access
ing and fusion, and f) compression to reduce is always an issue. This makes the adoption of control units and multi-biometric units that
storage space and bandwidth. biometrics quite surprising. South Africa was uses push technology to communicate to a
Once a fingerprint image has been one of the first adopters of the technology central server, be it a local or cloud server.
extracted, the algorithm converts the image outside of Asia and from the very beginning, The browser based software makes imple-
into a mathematical string called a template. pricing didn’t seem that big an issue. mentation and setup fast and easy, and also
Think of this as GPS coordinates that would There are applications where a high-end makes multi-sites a headache of the past. The
indicate location on a map where the coordi- high security solution is not required and ZKBioSecurity software already has video inte-
nates are features that can be used to indicate which is perfect for the more cost-effective gration with Hikvision and Dahua, as well as a

30 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS
fully operational elevator control module BioMini Slim Plus 2
and visitor module. The biggest advantage Suprema’s latest fingerprint authentication
of using our controllers are that they do the scanner offers unrivalled image quality, dura-
biometric authentication onboard so there bility and security features. The new BioMini
is no need for expensive biometric readers Plus 2 was tested in full compliance and
to be linked to the controller; you can now received certification from the Federal Bureau
just use our F12 slave readers, which are a of Investigation (FBI) for the agency’s PIV-IQS/
fraction of the cost of an intelligent biomet- Mobile ID standards and also received the
ric unit. Indian government’s STQC certification.
Walter Rautenbach: Suprema has BioMini Plus 2 provides loads of innova-
launched a few new products to market: tive features to enhance its image quality,
New sensor optics: Multi Dynamic Range performance and mobile-readiness. Unique
(MDR) technology. to the industry, Suprema’s patented Multi
Fingerprinting has been increasing in Dynamic Range (MDR) technology guaran-
areas other than well-controlled indoor tees high-quality image capture even under
environments with the increase in mobile extreme lighting conditions regardless of
devices and the popularisation of fin- the moisture level of captured finger skin.
gerprint use. However, existing scanners It also includes Suprema’s LFD technol-
have difficulty in obtaining accurate ogy effectively identifying fake fingers as
fingerprint information according to opposed to live fingers. This latest addition
environmental changes. In particular, to Suprema’s range is ideal for any biomet-
fingerprint information is not attainable ric authentication platform and is ideal for
or is distorted by external lighting, such financial transaction authentication.
as direct sunlight. Applying the com- Deon van Rensburg: We recently
pany’s self-developed MDR technology, launched our AC2200 series biometric
an improvement on existing HDR tech- terminals which feature a new generation
nology, it can capture normal fingerprints CPU / memory combination and which is
even under 100 000 LUX direct light, IP65 rated for external / industrial applica-
which is impossible with other products. tions. Our current range will undergo a face-
The improved level of detail and sensing lift with this new generation CPU / memory
capability allows for capturing an excep- combination being deployed.
tional quality image, independent of Additions to the range will be released
dry and difficult fingers or external light later this year which include the T1 entry-
conditions. level IP65 rated unit to the AC1100 Android
based card reader with VoIP capability.
Live Finger Detection (LFD) Certain features will be made standard
As the use of fingerprints increases and across the whole range – a digital still
applications are extended to the financial camera and Bluetooth Low Energy (to be
field, such as banking or pension collec- able to use our new MobileKey service
tion, the importance of fake fingerprint where a user’s mobile phone becomes a
detection is growing. Suprema’s LFD tech- proximity card, negating the need for issue
nology is made using the solid experience of proximity cards) being two such features.
and expertise accumulated by Suprema We are also adding two software
in false fingerprinting and overcomes the modules. The Visitor Management app for
limits of existing sensors. The new and Android smartphones that has the ability
advanced Live Finger Detection technol- to scan drivers licence and vehicle licence
ogy applies machine learning, which discs directly into the existing Visitor
analyses and categorises image patterns Management module within our UNIS V4
according to optical characteristics. It software. The second is the UNIS Messenger
further utilises a technology called Dual add-on that ties in with the OHS directives
Light Source Imaging which uses infrared on medicals, inductions etc.
and white light to detect liveness instantly. We also recently released our first version
As the new standard, all new Suprema of MineStile with our partner iMAT, whereby
terminals will come equipped with LFD. a breathalyser, biometric terminal and man-
trap turnstile combination is presented as
Increased performance an all-in-one solution to address sobriety
From this year, all new Suprema terminals requirements in the workplace.
will boast a minimum storage of 500 000
fingerprints (1:1), will allow for 1:100 000 For more information: neaMetrics/Suprema:
identification without additional licence www.neametrics.com / www.suprema.co.za
fees and will perform matching of ViRDI: www.virditech.co.za
1:150 000 in less than a second. ZKTeco: www.zkteco.co.za

www.securitysa.com Access & Identity Management Handbook 2017 31


BIOMETRICS

A password you
can’t forget
By Andrew Seldon.

Voice biometrics is a fast growing form of identity


authentication proving its worth in South Africa and
the world.

Voice biometrics doesn’t receive the same Vodacom and Absa. At the 2016 Voice in itself has no value to a hacker. The solution
level of publicity that other forms of biometric Biometrics Forum, hosted in Johannesburg by also has sophisticated elements included, which
technology do, but it is a fast growing form of Nuance and its South African partner, OneVault, would identify a recording of a voice if anyone
identity authentication that is being used with Investec, Discovery and Vodacom were on stage wants to try to crook the system with a digital
great success globally. Opus Research has done to speak about how voice biometrics have recording of someone’s voice.
a significant amount of work on the uptake positively influenced their businesses.
and use of voice biometrics and its latest To find out more about voice biometrics Where is it best used?
report, completed in July 2016, shows impres- and its reliability and usage, Hi-Tech Security Dickson says voice biometrics is an extremely
sive growth in the number of voices enrolled. Solutions spoke to Vanda Dickson from valuable business solution for organisations
According to Opus, there are now more OneVault. We asked her to explain how it works that have a large customer base that contact
than 137 million enrolments globally, clearly and where it is best used. them regularly and/or are required to go
demonstrating the growth of voice as an through an authentication processes in order
authentication technology. The company notes A verbal fingerprint to fulfil an interaction.
that voice is a “ubiquitous, highly personalised Dickson explains that a person’s voice is unique, “Voice biometrics can be utilised to auto-
authentication factor with the capability to much like their fingerprint, face or iris. “The size mate transactions and service fulfilments that
combine command and control with identifica- and shape of one’s vocal tract, mouth and teeth previously were not automatable due to the
tion and access management”. are only a few of the physical characteristics need for the caller to be authenticated by, for
As we know from other forms of biometric that contribute to making our voices unique. example, a contact centre agent. It can be used
measurements, there is no failsafe and 100% However, unlike the other biometrics, voice in various scenarios, whether it is resetting a
guaranteed form of biometrics, but the market biometrics also measures behavioural charac- password, confirming proof of life, enabling
leaders say voice is more effective than PINs, teristics, such as accent and speaking rhythm.” login via your voice into web portals, authenti-
passwords, tokens or other authentication There are over one hundred voice charac- cating in a queue to reduce the time it takes to
methods when it comes to authenticating iden- teristics that can be measured to determine authenticate when you do speak to an agent,
tities and providing access to customer service who you are based on your voice. To identify a and so on.
systems to the right people. What’s more, it is person, voice biometrics technologies capture Globally and in South Africa, passive voice
simple to use and doesn’t require users to do a person’s voice, typically through the micro- biometrics has a strong use case where an
anything other than speak into a microphone or phone of a phone, and use software algorithms organisation speaks to clients regularly, but by
over the phone to be authenticated. to compare the captured voice characteristics to virtue of their business, is required to properly
Global voice biometrics company, Nuance, the characteristics of a previously created voice- verify and authenticate the individual they
has a claimed 117 million voiceprints world- print. If the two match, then the voice biometric are speaking to. Voice biometrics avoids the
wide and over 3 billion verifications among software will confirm that the person speaking laborious and frustrating processes currently
companies using its voice biometric solutions. is the same as the person registered against the used for verification, allowing companies to
In South Africa, there are numerous voice voiceprint. eliminate them almost entirely.
biometric implementations, making SA one of While many other authentication challenges, Moreover, where small groups of individu-
the countries with the largest concentration of such as usernames, passwords, etc. can be com- als need to be associated to a profile, Dickson
voice biometric implementations. promised, she says that with voice biometrics says voice biometrics can also enable this with
Some South African voice biometrics this is very difficult as a voiceprint is a hashed an enhanced level of reporting. These sce-
users include Discovery, Investec, TransUnion, string of numbers and characters. A voiceprint narios tend to be prevalent within the financial

32 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS

services arena where fraud plays a big role and specific – and often mundane – transactions,
yet, using voice authentication to delight your but are sensitive enough to require authentica-
customer with an easy and convenient process tion are ripe for voice biometrics.
is equally important. “With active voice biometric authentica-
OneVault has been involved in implement- tion, where the consumer needs to enrol their
ing voice biometrics in the following industry voice against a unique identifier such as an
sectors in South Africa: identity number and companies are updat-
• Financial services. ing a range of business processes to facilitate
• Telecommunications. automation, there are many types of transac-
• Credit bureau. tions that can be done entirely through the
• ICT. IVR using the consumer’s voice to validate and
• Healthcare. process,” notes Dickson. She provides the fol-
lowing examples:
Quality of the call • Password reset.
While it will surprise nobody that voice calls • PIN/PUK resets.
in South Africa can sometimes be abysmal in • Automated login onto secure portals/web-
terms of quality, these same issues that make it sites (e.g. banking where you don’t need to
hard to hear a caller on the other end of a call remember a username and password).
can interfere with voice biometric systems’ abil- • Proof of life.
ity to accurately verify an individual’s identity. • Balance enquiries.
Dickson says that in a passive voice biomet- • Tax statements.
ric solution, if the agent battles to hear and • Approval of banking transactions.
understand what the caller is saying, it stands • SIM swaps.
to reason that the voice biometric technology • Logistics e.g. confirmed delivery to right party. “From a consumer perspective: passive
may take longer to verify the voiceprint against “While there are obviously alternatives to voice biometrics is convenient and enables a
the one on file, thus the time to verify may take the above such as OTPs or temporary pass- much improved customer experience largely
longer. If, for example, there is too much inter- words being sent to users’ email or mobile through the reduction in customer frustra-
ference, the contact centre agent can always phones, there is very little robust authentica- tion. From a company perspective, it offers the
revert to knowledge-based security questions tion of the actual identity of the individual,” above as well as improved efficiency, security
to ensure the person is who they claim to be. Dickson adds. “Rather, an action is processed and employee satisfaction.”
In the case of active voice biometric based on a correct process being followed or Active voice biometric authentication
solutions, if the individual’s verification is not traditional knowledge-based security ques- which is passphrase dependent is another
accepted, depending on the company and the tions being answered. With crime syndicates story, as it tends to have difficult challenges.
processes that have been set up, the caller may invariably knowing the answer to security Dickson says the use case has to be appropri-
be prompted to move to a quieter place, speak questions, one needs to question the strength ate and the consumer has to understand the
louder, speak more softly, etc., and can be of the process being followed.” benefits. “Thus, communication and education
asked to repeat the passphrase. to and of the consumer is a critical aspect.”
“Bear in mind that there are many aspects User response? She adds there will always be the sceptics
to take into account when the verification pro- As with all biometric solutions, the user will be around voice biometrics, as is the case with
cess is configured for a customer. When a caller the ultimate judge of the solution. Despite the any solution. “Voice biometrics is one solution,
is unable to fulfil an action via a voice biomet- improvements in fingerprint readers, for example, however, that can assist in enabling so many
ric solution, the fallback may be the option to some still complain that they have to touch interactions with significantly higher levels of
speak to an agent, but, ideally, the failed verifi- something others have touched. For iris recogni- secure and robust authentication that it is not
cation should be flagged when speaking to an tion, there are questions about long-term impact a solution that can be dismissed.
agent to ensure the individual is authenticated to the eye. The users, whether they have a good “With identity theft being a bigger issue
as who they are claiming to be. argument or not, decide on the success of a bio- for everyone, it is a solution that should be
metric based on what their perspective is. embraced as a complementary authentication
More than authentication When it comes to voice biometrics, methodology that will assist consumers and
It stands to reason that if one’s voice can be user response differs between use case companies alike in addressing risk and fraud in
used to verify your identity for transactional and between the voice biometric solution new and innovative ways.”
purposes, the technology must also be able deployed. Dickson says that with passive voice With the levels of fraud increasing expo-
to handle other functions which currently biometric authentication, where the customer nentially and the fact that more businesses are
require talking to a call centre agent. Dickson really doesn’t have to do anything, but the introducing digital channels into their interac-
says those tasks that previously required a system actually improves the customer experi- tions with their customers, voice biometrics
consumer to speak to someone in order to do ence, the response has only been positive. is an excellent choice to enhance the value of
these strategies while improving the security
OneVault is a focused voice biometric authentication company. It delivers active, passive and of your client and staff interactions.
managed fraud voice biometric solutions through a number of partners such as Dimension
Data, Bytes, Atio and Pivotal Data. OneVault has a range of commercial models to suit clients’ For more information contact Vanda Dickson,
requirements, ranging from cloud, on-premise and managed services. OneVault, +27 (0)82 884 7786,
vanda@onevault.co.za

www.securitysa.com Access & Identity Management Handbook 2017 33


Using smart devices to provide
recognition of individuals
By Allyson Koekhoven.

The very idea of a computer being able to recognise people in a similar way to
which we as humans instinctively recognise individuals, is mind boggling.
Napoleon Hill said: “Whatever the mind can Andrè Immelman, CEO of eyeThenticate these can be intercepted and compromised.
conceive and believe, it can achieve.” This Technology Labs says that in the KYC (know Upping the ante, it has become custom-
little gem has no doubt contributed to the your customer/client) realm, the question is ary to rely on who the person is through a
development of many allegedly inconceivable whether you know if the person to whom you biological, physiological or psychological trait
achievements. Often, things we read about are speaking is actually the person who they that defines them. Typically, fingerprints were
are relegated to the realm of science fiction, say they are. Trusting their word is simply not used as a means of identification, but this has
simply too incredible to be true. Using soft- enough, so people have tended to rely on the led to what is commonly known as ‘CSI Effect/
ware to emulate the functions of the brain in credentials that they expect the person to Syndrome’ which is any of several ways in
the recognition of faces is a case in point. present in the form of their passport, ID book which the exaggerated portrayal of forensic
The very idea of a computer being able to or access token. These elements, he says, are science on crime television shows such as CSI
recognise people in a similar way to which we not really trustworthy in reality. Traditionally, (Crime Scene Investigation) influences public
as humans instinctively recognise individuals, people have also relied on passwords and pin perception. In this scenario, the fingerprint is
is mind boggling. codes for authentication, but unfortunately deemed proof positive of who the person is.
This is, however, erroneous since finger-
prints can be duplicated and in recent
cases it was found that fingerprints are
not actually unique. Two of these cases
are Brandon Mayfield, who in 2004 was
wrongly linked to the Madrid train bomb-
ings by FBI fingerprint experts in the
United States; and Shirley McKie, a Scottish
police officer, who was wrongly accused
of having been at a murder scene in 1997
after a print supposedly matching hers
was found near the body. (Source: http://
www.telegraph.co.uk/science/2016/03/14/
why-your-fingerprints-may-not-be-unique/)
Immelman says that fingerprints are therefore
not as foolproof as we have assumed in the past.
He adds that to measure fingerprints properly,
one needs to employ sophisticated and expen-
sive technology to obtain a reasonable degree
of accuracy. Based on the matching of a specific
number of dots extracted from the fingerprint,
the success rate, especially on latent fingerprints,
is minimal. The same is true of points of compari-
son on a face. These methods of identification
are, in his opinion, highly unreliable.

34 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS

I know you resultant solution is, in Immelman’s opinion, far


Immelman explains that if one thinks of a superior to anything else on the market and it
family member, then it is more or less a given is continuously evolving.
that you would be able to identify them out In a nutshell, the person authenticating
of hundreds of other people in a crowd. This another person’s identity (for example a police
recognition is very different to the mathemati- officer apprehending a suspect) would, using
cal algorithms used to match a fingerprint or their own smartphone, simply take a photo-
face (in facial recognition technology). There is graph of the person in question. The image is
something in our natural makeup which is far then automatically synced to eyeThenticate’s
more sophisticated than these algorithms. servers via the cloud, using an app installed
Researchers at the University of on the mobile device. The servers compare
Johannesburg started an initiative, in col- the processed image with images found on
laboration with eyeThenticate Technology the very large database. Results are available
Labs, which has resulted in a better under- in mere seconds and these results will either
standing of what the human brain does to provide verification and authentication of the
recognise individuals. The technology they person’s identity or will identify them as an
have developed is able to mimic brain function imposter.
to simulate human cognition. Leveraging the Immelman says that the technology can be
workings of the neural network, artificial intel- used in a number of applications including law
ligence and other technologies means that the enforcement, border control, security agen-
team is now able to harness this capability by cies and for financial services. “We finally have
taking an image of the person and mimicking a solution that will arrest identity theft. The
human brain recognition. technology gives one the profound ability to
The question they posed is ‘What processes accurately verify the true identity of a person.
do the brain neurons perform to recognise In pilot tests, the technology demonstrated
somebody?’ Although the team is still per- near perfect results for a group of more than Andrè Immelman, CEO of eyeThenticate
fecting the science behind this concept, the one million individuals.” Technology Labs.

www.securitysa.com Access & Identity Management Handbook 2017 35


BIOMETRICS

Protecting against criminal use of


stolen biometric data
An HID Global white paper.

Biometric technology is not invulnerable, but with the correct planning it is


an effective authentication mechanism.
Major news sources reported in mid-2015 that observable, but also generally associated with for fingerprint biometrics uses Lumidigm mul-
21.5 million people were affected by a breach our names and other personal information. tispectral imaging technology, which virtually
of US government systems. Identity data In the OPM example, now that fingerprints eliminates the possibility of counterfeit finger-
gathered over the last 15 years was compro- have been stolen from government databases prints being used for authentication. The tech-
mised, including personal information about and can never be taken back, the key ques- nology is used to compare the complex optical
individuals who were part of government tion becomes what can or should be done to characteristics of the material being presented
employee background checks. Unfortunately, render this information useless to any would- against known characteristics of living skin.
even the best risk-based, multi-layered breach be impostor? Given the premise that databases This unique capability, in addition to the col-
defence is imperfect, and incidents like this are inherently vulnerable to attack, the chal- lection of unique fingerprint characteristics
are inevitable. For this reason, there must be lenge is one of minimising negative impacts of from both the surface and subsurface of the
greater focus on controlling what happens a breach on individuals and organisations. finger, results in superior and reliable match-
after the breach, including ensuring that stolen As always, the answer depends on the use ing performance paired with the exceptional
identities are unusable by anyone but their case, and each category of applications must be ability to detect whether the finger is alive or
legitimate owners. examined individually and its associated threats not. Multispectral imaging sensors are different
assessed. In this complex and interconnected from competitive offerings in that they:
Ensuring biometric data is useless to digital world, systems must be thoughtfully • Use multiple sources and types of light along
identity thieves designed and deployed in order to protect user with advanced polarisation techniques to
Biometrics is the only authentication method identities and ensure appropriate levels of capture information from the surface and sub-
that binds a myriad of digital and physical security within the context of the application. surface of the finger – all the way down to cap-
credentials to a person. As such, biometrics is In the case of biometric data that is already illary beds and other sub-dermal structures;
playing an important role in eliminating digital ‘in the wild’ (such as that stolen from the OPM), • Utilise advanced machine learning algorithms
identity theft in today’s increasingly complex numerous tactics and best practices should be that can be updated in the field as new
and vulnerable digital environment. considered in order to render identities useless threats and spoofs are identified, enabling the
Fingerprint images were among the sensi- to anyone but the legitimate owner. Of critical sensors to very quickly respond and adapt to
tive information that was stolen in the 2015 U.S. importance is the ability to detect fraudulent new vulnerabilities.
Office of Personnel Management (OPM) breach. attempts to use biometric data. Liveness
Conceivably, this biometric data could be used detection – the real-time determination that Multi-factor and multi-modal
by the perpetrators to hijack a user’s identity the biometric characteristics presented are authentication
and gain fraudulent access to security systems. genuine and not fake – is a highly effective For strong and reliable user authentication,
It is important to understand that biometric design feature in solutions where users physi- organisations should consider, where practical,
characteristics are not secrets. For example, our cally interact with authentication systems. multi-factor and even multi-modal authenti-
facial characteristics are quite public – not only Augmenting biometric liveness detec- cation. Today’s authentication technologies
tion with other security layers for multi-factor enable solutions that can enhance security
authentication greatly enhances digital secur- while replacing passwords and improving
ity and renders the theft of any one personal convenience in a seamless way that is non-
data element inconsequential. There are also intrusive to the legitimate user.
a number of concepts that combine biometric For example, personal devices like smart-
data and other data elements to create an even phones, wearables, RFID cards and other intel-
more robust digital credential that will ensure ligent personal devices can all generally be
that stolen biometric data is insufficient and used as factors of authentication. Regardless
therefore useless in enabling the fraudulent of which additional authentication factor is
use of legitimate identities. presented by the user, when it is intelligently
Following are the key elements in a strat- combined with the biometric data associated
egy that extends beyond breach defence to with the identity claim, it is possible to quickly
include tactics for neutralising the effects of an determine a definitive ‘yes’ or ‘no’. Strong
identity breach after it has happened. authentication by means of two or more fac-
tors (with one being a biometric) is fundamen-
Improving liveness detection tally more secure than outdated username/
The most effective liveness detection approach password alternatives.

36 Access & Identity Management Handbook 2017 www.securitysa.com


When identity is firmly established, the use
of mobile devices in authentication solutions
offers the opportunity for greater personalisa-
tion and a seamless experience for legitimate
users. Information systems can be tailored to
each user’s need, resulting in enhanced, indi-
vidualised security, allowing individuals to fully
control their real identity. Instead of the system
blocking the legitimate user – an unintended
consequence of blocking an attacker – the
system is made more secure and efficient and
thus returns a higher ROI for both the con-
sumer and system administrator.

More robust biometric templates


It may be desirable in some application-depen-
dent situations to construct and enforce the use
of enhanced biometric templates. The use of a
‘super template’ that uniquely combines biomet-
ric data with other information – perhaps even Identity proofing robust identity-proofing process at enrolment.
an OTP or other out-of-band data – enables the Lastly, it’s important to remember that the This ensures that true identity verification has
system to recognise and reject a biometric tem- chain of trust is only as strong as the weakest been performed and maintained in a trusted
plate that was created from a stolen fingerprint link. The biometric solution used in identity- manner.
image. Templates can reside on a card or chip or proofing must interoperate with trusted
in a smartphone or personal wearable. devices at each verification point. An example Moving forward
In the case of a government or civil applica- of this approach is HID Global’s Seos-based Biometrics solutions offer the ideal balance
tion, this approach would prevent any would- solutions, which create a device-independent, of convenience and security because they are
be attacker from simply using the stolen trusted physical identity verification process. simple to use and increasingly more robust
biometric data, alone, to compromise either Additionally, the physical devices themselves and reliable. Biometrics is also the only authen-
physical or data security. must be tamper-resistant to ensure that all tication method that ‘binds’ a user’s digital
In the case of commercial markets (e.g., a transaction integrity is preserved. The HID credentials to a person. As such, biometrics is
banking application), we might see an institu- Global Lumidigm biometric authenticator is a playing an important role in eliminating digital
tion deploying a similar approach to protect good example of this approach: identity theft in today’s increasingly complex
user identity during online transactions. As • Trusted devices must be encryption-enabled and vulnerable environment.
some do today, institutions could enable multi- with various tamper resistance and detection Making security more robust and reliable
factor authentication and require that both the capabilities that protect the integrity of the without adding complexity is difficult. But
biometric and some other data be provided. communication between the client and the as our networks become more available and
Alternatively, they could enrol biometric data sensor. open to attacks, we simply have to find a way
and then ‘sign and encrypt’ the template with • The chain of trust must be preserved end- to enhance both trust and user convenience.
unique or closed-system data. to-end if the goal is, for example, to simplify Combining the universality and sophistica-
The creation of a guaranteed unique ‘super financial transactions for users while eliminat- tion of biometrics with things we have (like
template’ might combine standard (interoper- ing fraud for financial institutions. personal devices, phones, wearables, etc.) and
able) and proprietary data. This is the approach • The end-point device must connect to the things we know (like PINs or passwords) is one
that HID Global takes with its Secure Identity institution’s systems through a cryptographi- important step. The other is to rely on vendor
Object (SIO), which is a data model for stor- cally secure channel protected by hardware technologies and solutions that can effectively
ing and transporting identity information in tamper detection and response, which guarantee a high level of trust without raising
a single object. SIOs can be deployed in any establishes trust between the device and the the complexity for the user.
number of form factors including contactless institution’s systems independent of interme- Regretfully, we need to accept the fact that
and contact smart cards, smartphones and USB diate systems and networks. biometrics or other personal data cannot be
tokens, and ensure that any of these items and • A trusted biometric device must be able to completely protected from a breach. All we can
the data associated with them are, in turn, only perform a live scan of a finger with strong do is design systems that preserve the integrity
associated with the owner’s identity. The SIO liveness detection to ensure that the person of users’ true identities – even in situations
is digitally signed using proven cryptographic making the transaction is who they claim like the OPM data breach. And perhaps the
techniques as part of a seamless and secure to be (that is, the same person that enrolled best way to discourage any future breaches
process. Various data objects can be added, their biometric fingerprint). is to simply render the stolen data useless to
encrypted, and signed, i.e., biometric data, as And finally, by extension, if a card, smart- anyone except the legitimate owner.
well as data for computer log-on and other phone, PIN, or other authentication factor is
secure identity applications. Then, all content used for authentication, each must also be For more information contact Phil Scarfo,
is secured with a wrapper and bound to the confirmed by a biometric – a biometric that is Lumidigm – HID Global, +1 (800) 237-7769,
device with another signature. associated with a specific individual through a www.hidglobal.com.

www.securitysa.com Access & Identity Management Handbook 2017 37


MOBILE ACCESS

Mobility and access meet


By Andrew Seldon.

Mobile technologies have made biometrics a household word and are now changing
the face of access control.
Mobile biometrics received an enormous boost technologies to transmit access information to phone so it is actually a natural progression
into the mainstream consciousness when a reader. Of course, in the case of authenticat- that a device carried by everyone would evolve
Apple released its first iPhone with a finger- ing your identity to the device in order to gain into more than just a phone – it’s a camera,
print reader. This was not the first smartphone access, biometrics plays a role and is expected video recorder, computer, and now it’s a
with fingerprint recognition, but it was the to play an even more important role in future credential carrier for you to gain entry into a
first to hit the market with a popular following. and spread to a number of different industries restricted area.
Samsung and others joined in the trend and and applications. “Even in South Africa, where we have
today there are endless smartphones allow- However, since we are focused on access significant poverty issues, most people have
ing you to skip entering passwords or PINs in control and making sure the right people are a cellphone. It’s accessible, adopted and,
favour of simply scanning your finger. able to go where they need to go and are through our new technologies, secure. A win-
These changes filtered throughout the allowed to go, we approached two companies win for everyone.”
world very quickly and made fingerprint playing a significant role in the local access SALTO’s Wouter du Toit agrees, noting that
recognition a common and accepted method control market, specifically when it comes the ability to bring your business and security
of authentication. Even in countries like South to mobile access, and asked them about the onto a mobile platform has been a growing
Africa, where fingerprint biometrics had seen market. Our first question asked why mobile trend and technology is allowing us to provide
remarkable growth in business and govern- devices are being used for access control when better solutions for people on the move. “Being
ment, fingerprint authentication became we already have more than enough ‘stuff’, from able to see what is happening at your office
common and accepted by everyone. fobs to biometrics controlling entrances and without you being there is just one of the ways
Technavio’s 2016 report on the mobile bio- exits. mobile technology is improving the security
metrics market, expects the global market to element for SME users.”
“grow steadily at a CAGR of over 103% during Why mobile access? Another way, he says, is combining cloud-
the forecast period” to 2020. Vikki Vink from local manufacturer Impro based solutions with your mobile device. For
Today mobile biometrics is not simply a Technologies says customers are looking for example, a retail operator who owns a number
way you can log into your smartphone. First increased convenience, without the tradition- of retail chains can now link all these sites
off, the type of biometrics available on one’s ally associated increased risk. easily into a central cloud-based solution and
phone includes fingerprint, facial, voice and “In the past, convenience had to be bal- use his mobile device to access any location
potentially iris recognition. Secondly, the anced against the level of risk or security – or easily invite new users to gain access to the
functions it is used for include authenticating tighter security meant greater inconvenience. property. They are also able to cancel access
yourself, mobile payments and, more pertinent Today however, technology is moving at a on the go without having to be in front of the
to this publication, access control. rapid pace and the use of mobile phones for server and get real-time notifications on doors
Access control via a mobile device does not your access control system are a reality, with- left open, forced open and other events.
necessarily use biometrics (except in the case out compromising security. That’s what makes Yet another way mobile phones are
of voice biometrics as we explain in another the use of mobile so compelling.” changing in the hospitality environment is by
article in this publication), but makes use She also notes that the highest technology sending your room check-in directly to your
of near-field communications or Bluetooth adoption in the world has been the mobile Continued on page 40

38 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 39
MOBILE ACCESS

Continued from page 38


phone and eliminating waiting in long queues. stolen, the only option available was to block
It also allows the hotel to send information to entry to anyone presenting that specific tag.
your device and even to easily re-room you Now the option is available to revoke the tag
or cancel your access without you having to on the mobile phone remotely. This means if a
return to the front desk, enhancing the guest cellphone is stolen, the site owner can delete
experience. the credentials on the mobile phone ‘over the
SALTO uses android mobile devices with air’.
NFC in combination with RFID cards to allow “Additional failsafes are available, such as user decides where to release those creden-
remote and mobile workers to update their the user having the ability to remotely wipe tials, to whom and when, i.e. when entering
access plan on their card through their mobile their phone with a variety of free apps; as the building to my company each morning,
phone, allowing users to gain access to offline well as the traditional method of revoking the thus alleviating any privacy concerns, espe-
controlled areas where no network is in place. individual’s credentials on the access control cially in international markets.
software, so if the phone is presented it will not “And because mobile phones are so prolific
Mobile versus traditional access allow access. in most markets, it’s a readily available technol-
While using a mobile device for access control, “It all adds up to greater security and ogy. Users are not being asked to take on a
whether it’s at work or in a hotel, wins many peace-of-mind.” new technology, or change their way of opera-
points for the ‘coolness factor’, Vink says it is tion. Mobile phones are part of our lives and
really just an alternative credential carrier. Significant benefits most people are comfortable using them. This
Instead of using a tag, card or fob, now all There are many benefits that come along with makes the market opportunity huge.”
that information is securely contained within mobile access control. A few of them, accord- In addition, she notes that more than
your mobile phone. “The principle software ing to Du Toit, are: simply using your mobile phone as a tag,
and hardware remains the same (except for • Mobile access allows you to modify the users Impro is also able to provide users with the
mobile-enabled readers on the door) and the access rights on the fly wherever they are. ability to manage and control their entire site
user presents their phone to the reader for SALTO has a number of ways for using mobile from a mobile phone – this provides unrivalled
entry.” access, the one is through BLE where you flexibility. Authorised users can use any HTML5
She adds that the benefit is convenience. use the Bluetooth connection between the device, whether it’s a smartphone, tablet or
Most people have their cellphone constantly phone and the reader, this is more accessible computer to control the access control system
with them, and we’re more alert to protect- to the masses because most smartphones remotely or to pull reports on the activities on
ing our cellphone as opposed to a tag. “This have this technology built in and is widely site.
immediately reduces the security risk because adopted in various sectors. “Simplicity, flexibility and convenience.
the loss of a card is frequently not reported • The second is using NFC on Android phones These are the waves of the future and we’re
for some time. People may think they’ve left where a secure EV1 Desfire tag is used in able to meet them today.”
it at home, or that it will surface in a few days; combination with the phone. The phone is
however, if a cellphone is missing, it’s immedi- used as a hotspot and transfers the required The integration question
ately investigated.” credentials securely from the phone through Many people have had the experience of
Du Toit says mobile access adds the free- NFC onto the EV1 card. This means you can buying the latest and greatest technology,
dom to choose what type of carrier you would be anywhere and update your card to enter only to find that it doesn’t work well with other
like to use for access-controlled areas. It is not a property without the property needing any technical systems. In the access control world,
bound to a fixed network or geographical loca- physical network connection. there are many large installations with equip-
tion and allows you to be free in movement. The greatest benefits, says Vink, are con- ment from various vendors, and many of them
An additional benefit, according to Vink, venience and security; as well as protection of will have been around for years. The question
is enhanced security. In the past if a tag was privacy as the user owns their credentials. “The that must be asked is how easy it will be to

40 Access & Identity Management Handbook 2017 www.securitysa.com


MOBILE ACCESS

integrate the newer mobile access technolo- mobile and traditional access methods, as well features including, online key management,
gies with older systems since it is unlikely that as an API (application programming interface). instant extended stay, instant room change,
a company will simply decide to replace their Du Toit says the company tries to simplify the personalised promotions. Furthermore, not
entire access control setup with a mobile solu- integration process through the API, but ulti- waiting in long queues gives front desk opera-
tion – although smaller companies may be in a mately it is dependent on the client’s integra- tors time to personalise and welcome guests
position to do this. tion skills. properly, increasing the experience when you
Vink explains that one of the reasons He adds, “Our platform is easy to use and check-in.
Impro’s Access Portal system has been so suc- quick to understand and is really no different “We also offer mobile solutions for our
cessful is the ability to quickly integrate new from an operators point of view when adding cloud-based platform where you can have
technologies into the solution. “Through our or deleting standard credentials or cards on full control over your site(s) from your mobile
modular design, and the inbuilt flexibility of the system.” device anywhere in the world, this includes
the platform, we are able to seamlessly bring in Expanding on the Impro Access Portal solu- cancelling access, who enters your property, is
new products and features.” tion, Vink explains, “Our Access Portal system any door left open or forced open, opening a
Since Impro was purchased by ASSA ABLOY, comprises a variety of solutions, tailored door locally or remotely, multi-site access and
this flexibility has been extended and the for different customers depending on their more.
company can now offer customers credentials specific needs. We have mobile readers that Our standard SALTO platform also includes
securely on their mobile phones. This will are handheld biometric devices for remote BLE (Bluetooth Low Energy) and NFC (Near
require mobile enabled readers on doors (from offsite verification of employees; mobile phone Field Communication). BLE is used as a creden-
a hardware perspective), while the user down- credentials where your phone becomes your tial on the phone and you can use both card
loads a free app and receives the authorised tag, as well as the ability to control your site and phone for access control with bi-direc-
credentials remotely onto their device. “When through a mobile HTML5-enabled device. tional communication. NFC in mobile phones
you want to enter the building, you simply “The options are vast and enable us to is used to update the card with the latest
‘twist’ your phone in front of the reader – no offer each customer a tailor-made solution, credentials for people not frequently visiting
touch necessary – and access is granted.” with off the shelf products, to address their the office and needing to visit remote locations
All these features are able to integrate into specific pain points, goals and needs – both where no networked access control solution is
the company’s Access Portal software suite, for today, but more importantly, for tomorrow deployed.
enabling customers to get a full solution from and beyond.”
Impro Technologies. From SALTO’s perspective, Du Toit says, For more information:
SALTO offers a similar solution, delivering a “SALTO offers mobile solutions for the hos- Impro Technologies: www.impro.net
complete access control suite that comprises pitality industry. Clients benefit from various SALTO Systems: www.saltosystems.com

www.securitysa.com Access & Identity Management Handbook 2017 41


MOBILE ACCESS

The future of access control


credentials
By Allyson Koekhoven.

Mobile technology is set to play an even greater role in security, including


access and identity management.
Thales’ 2016 Global Encryption Trends Study, 2016). (Source: www.thales-esecurity.com) information to be modified on the fly across a
independently conducted by the Ponemon Another interesting finding is that 61% broad range of media.
Institute examines how the use of encryption of respondents see compliance with privacy Leveraging the SSL standard adopted by
has evolved over the past 11 years and the and data security requirements as the main financial institutions, SEOS is geared around
impact of this technology on the security pos- driver to extensive encryption use within their maximised risk mitigation. Information gath-
ture of organisations. Interestingly, over this company. While this is primarily based on the ered by users can be stored on a number of
period there has been a complete reversal in US and European markets, where protection of media, including a digital database available
the number of organisations with no encryp- personal information is in the advanced stages, on smart mobile devices such as laptops, tab-
tion strategy (38% in 2006 and 15% in 2016) the impact of PoPI is set to gain ground in lets and cell phones, on physical devices such
and those who deploy encryption technology South Africa in the coming years. At least half as readers, or on smartcards. The information
across the board (15% in 2006 and 37% in of the respondents see protecting enterprise captured will then be used to confirm or deny
intellectual property as the main driver. access to either a device or a location.
Barry East at Impro Technologies echoes Interestingly, the nature of the industry
these sentiments, adding that in order to and encryption technology has now evolved
understand why encryption technology has outside that of serving just traditional access
become increasingly popular, one needs to control applications. East says that there
understand the challenges of the market. In are apparent major benefits being derived
addition, while all industries face similar chal- from supplementary elements, such as those
lenges in this regard, there is no doubt that encountered in universities. Here, students
specific applications, such as the banking and use their student cards to not only access the
financial services sector, present a generally facilities, but additionally check out library
higher level risk than other markets. books, to log in to computers and download
East says that encryption technology was data in the IT department, and to buy food in
initially slow to gain traction in the market. the cafeteria.
Tagging systems gradually became more
secure but at that stage RFID cards had read- Mobile expands functionality
only capabilities. There has subsequently been So just how do users manage the control of
an explosion of read-write based technologies this credential across multiple media? What
where users can write information back on about using mobile technologies to expedite
to the card. This has been widely accepted these functions? East says that mobile technol-
in Europe and the United States where the ogy is increasingly coming to the fore, with
protection of privacy around storage of both Bluetooth and NFC capabilities allowing
fingerprints on hackable databases is of major users to safely perform the functions tradition-
concern to corporations. ally assigned to RFID cards. In addition, VISA
and Mastercard credit cards are joining the
Encryption success factors ranks of an increasing number of devices and
Critical to the success of any encryption tech- tools installed with microchips to allow them
nology are three factors: How is the informa- to be used in multiple ways. A solid example
tion being captured, how is it being stored and of this technology in practice is the use of
how is it being used once it is captured? East credit cards to provide access to London’s Tube
points out that Joe Public has become more system, instead of needing to use the common
aware of the multiple risks apparent when currency of an Oyster Card.
information is accessible in the public forum. East says that an entire ecosystem of
Hence the necessity for a more secure mode of data capture through to the issuing of data
handling sensitive personal information. across multiple media is arising to manage
Impro is currently adopting parent com- the encryption process during the capture
pany ASSA ABLOY’s SEOS credential technol- and dissemination of data. The challenge
ogy to address these concerns. This applica- has been in developing a technology that
tion-based encryption methodology allows seamlessly switches on the technologies

42 Access & Identity Management Handbook 2017 www.securitysa.com


MOBILE ACCESS

needed to provide maximised effect for these can also be implemented as an applet which
applications. executes in a SIM chip or Secure Elements for
Impro, well known for its access con- greater levels of protection. A cautionary note
trol technologies, believes that SEOS is the here, says East, is that the latter will introduce
optimum ecosystem for its products. Going dependencies on the underlying hardware and
forward, the company will systematically the mobile network operator.
introduce SEOS as a standard across its entire The encryption on cards is high end but due
access control based range. Adoption of this to the tangible benefits of the technology, there
platform means that mobile devices can now have already been a number of deployments
be used by registered users to gain access into into a various solutions in South Africa. “As soon
premises and to guarantee that the storage as you realise how quickly your credential can
and management of this information is secure be used across multiple media, you realise that
and centrally managed. you as an individual have control over these
platforms using encryption technology. SEOS
International standards helps to ensure that these credentials remain
The SEOS protocol was derived from the best in encrypted until they are needed,” says East.
class standards defined by the National Institute Impro’s Vikki Vink adds that in simplistic
of Standards (NIST) and during the provisioning terms, the greatest benefit of an application- Barry East, Impro.
of digital keys to the selected mobile device, based encryption method such as SEOS is the means that it will be much easier in the future
it establishes a mutually authenticated chan- enhanced security it offers and the ability to to protect against issues that we haven’t yet
nel between the provisioning service and the upgrade or update is radically quicker and experienced. With the increased demand for
mobile device to ensure the safe delivery of the easier than the traditional chip-based method. convenience, this future proofing and the
key material. Similarly, when the credential is “If a card is hacked, the hacker now has ability to quickly react to a possible problem,
being used, a mutually authenticated channel is access to the cards using that chip. In order is crucial. With added convenience, risk often
established between the mobile device and the to stop the hack, you have to recall each unit increases but by using SEOS technology, this
relying party application. and make a hardware change by changing the risk is minimised,” Vink says.
Identity credentials are encrypted while chip. With an application-based encryption
in storage on the mobile device. In addition method, should there be a problem, you only For more information contact Impro
to encryption keys based on the underly- need to push an update to rectify the issue. Technologies, +27 (0)31 717 0700,
ing mobile operating system, the SEOS vault This is where the future proofing is so critical. It vikkiv@impro.net, www.impro.net.

www.securitysa.com Access & Identity Management Handbook 2017 43


MOBILE ACCESS

The reliability of mobile credentials


Using mobile devices and cloud services to control visitor entry and exit is
fast becoming the norm.
The use of a PIN or personal access code (PAC) connectivity concerns voiced by various facul- site’s information is kept secure in-house.
to provide visitors with access to residential ties investigating visitor management solutions. During the registration process onsite,
estates and business complexes has increased Powell explains that the company took cogni- certain authenticated personal information is
in the past few years. A number of reasons can sance of this and the PT-GUEST solution and assigned to the homeowner or tenant, which
be cited for this growth in popularity includ- locally hosted database is managed via a secure acts as the verification criteria when a PAC is
ing the elimination of the infamous and highly web portal rather than residing in the cloud. requested for a visitor. Once it is verified that
unreliable visitor logbook, the accurate captur- However, this will be reviewed once improved the request has been issued by a registered
ing of a visitor’s details, and on some premises, cloud access is available within South Africa. tagholder of that particular site, the PAC and
the assurance that only pre-authorised visitors expiry information is expedited via either the
are on the estate. Secured access at all times registered person’s cellphone number or email
John Powell, managing director of Powell According to Powell, with the eminent intro- address through a secure online service.
Tronics, says that the primary challenges duction of the PoPI Act, secure access to the A necessary tool for pre-authorisation of
encountered in providing a user-friendly system and the data which it encompasses is visitors, using a cellular messaging service
PAC-driven access control system in a modern PT-GUEST’s strongest attribute. The software, incurs continuous costs – monthly subscrip-
world using mobile technology are ensuring database and relevant processes are password tions to the WASP short code system provider,
that the system is both secure and resilient to protected and site administrators are carefully cost of SMS text messages sent to and from the
external unauthorised infiltration and that it selected by management to ensure that their short code system to the requesting resident/
is adaptable to meeting the varying needs of tenant/employee, as well as notifications of the
individual estates or business parks. The crux “The success of any visitor’s arrival and departure.
here is to select a service provider with a docu-
mented and reliable track record. Experience is PAC-driven pre- Mobile access app
the keyword and estate and property manag- authorisation access In an attempt to assist clients to alleviate
ers are advised to visit similar installations these expenditures, Powell Tronics will soon
deployed by the supplier to verify the veracity visitor management be releasing its Android app for PT-GUEST
of their claims. system is dependent IXP on the Google Playstore as an alterna-
Powell points to the company’s own tive for requesting PT-GUEST pre-authorised
PT-GUEST visitor management software, origi- on a collaborative PACs for visitors and notifications. While this
nally developed to enhance the Impro access relationship between mobile app uses the cheaper alternative of
control solution IXP 400i and the recently data rather than airtime, it also alleviates issues
implemented Access Portal integration – the system supplier, the with cellular numbers being blocked on the
PT-GUEST Portal. PT-GUEST has evolved into a contractor, consulting WASP provider’s cellular marketing systems,
substantial system that hands over manage- something that has been on the rise with the
ment of access control to property and estate engineer and the estate increased amount of unsolicited marketing
managers, as well as homeowners and tenants. manager/homeowners SMSs received daily from banks, retailers and
Adoption of cloud-based solutions for host- insurance providers, amongst others.
ing databases can be slow due to security and association.” In order to ensure that the new PT-GUEST

44 Access & Identity Management Handbook 2017 www.securitysa.com


MOBILE ACCESS

mobile Android app delivers the same high-level security currently


enjoyed by estates and businesses, mandatory site information and
authenticated personal information will form part of the app registra-
tion process and mobile device information will be added to the access
control system for future verification. Once enabled, the app allows
the homeowner or employee to enter their visitor’s information and
request a PAC which they can share with their visitor using the stan-
dard Android messaging options. All data sent to and from the mobile
app is encrypted and password protected to ensure that it is not easily
infiltrated through the already secure web portal used on site.

Increased security
Estates quite often require more of the visitor’s details than what is cap-
tured in the pre-authorisation process and enforce that all pre-authorised
visitors and their vehicle details be scanned when arriving at the estate’s
entrance. While the pre-authorised visitor’s destination is predefined by the
system, based on who their host is, guards at the entrances using portable
devices scan and decrypt the visitor’s driver’s licence or ID and vehicle’s
registration disc and on completion update the access control system’s
database with all the accurately captured information.
An audit trail is available which allows estate management to view
who requested a PAC, which method was used to obtain the PAC, when
it was requested and if and when it was successfully created. This also
provides for data mining to establish trends, especially where estates
have a number of venues or host various events, such as wine tasting,
conferences and golf tournaments as well as for levy applications.
The four- or five-digit PAC is randomly generated by the PT-GUEST
system and allows for a single entry and exit through the perimeter
entrances. PACs are valid for a customisable period but expire 24 hours
from first use at the entry point and visitors exceeding this time alloca-
tion will have to visit the administration office to request a manual exit.
PT-GUEST does however also cater for long-term visitors that can be
pre-authorised and have multiple accesses to the estate or business
park over an extended period of time.
Powell says that in instances where sites have perimeter and inter-
nal access points, the PAC will be allocated to allow single entry and
exit access to the main gate but multiple access to the access control
points en route to the destination. It will deny access into any other
area within the estate not allocated to the visitor. This prevents visitors
from driving haphazardly around estates, thereby adding a further
security element to the access control process.

Collaboration leads to success


PT-GUEST, IXP and Portal, have grown to accommodate combinations
of over 50 configurable settings which cover a large variety of site
preferences and security requirements. This includes the use of in-lane
biometric enrolment or proximity cards, Bluetooth printing for PAC
information slips with disclaimers, on-scanner acceptance of terms and
conditions and so forth. With each new implementation, new require-
ments are discussed and inevitably added to the feature list of the next
bi-monthly release.
The success of any PAC-driven pre-authorisation access visitor man-
agement system is dependent on a collaborative relationship between
the system supplier, the contractor, consulting engineer and the estate
manager/homeowners association. The system should furthermore do
what it claims to do and should both have verifiable reference sites and
be fully supported by the supply chain.

For more information contact Powell Tronics, +27 (0)861 787 2537,
marketing@powelltronics.com, www.p-tron.com.

www.securitysa.com Access & Identity Management Handbook 2017 45


WIRELESS ACCESS CONTROL

Access with no strings attached


By Andrew Seldon.

Wireless access solutions abound, but most installed solutions still rely on cables.
Wireless access control systems have been avail- integration capabilities and ease of use can be primary challenges with cloud-based manage-
able for some time, but the uptake has been a significant benefit.” ment (especially in EMEA) is cross-­border data
limited. The slow uptake could be ascribed to a So what would persuade the rest of the privacy laws, not the actual integrity of the
number of factors, including the fact that access wired addicts to move to a wired system? It’s cloud system.”
control systems generally have a longer lifespan easy to promote the benefits of not having to With these facts in mind, Hi-Tech Security
than other electronic security equipment. While install cabling throughout your building and Solutions asked some vendors for their insights.
some people may use a three to five year period so on, but the fact is your wireless systems will Our questions were answered by:
for the lifespan of their surveillance cameras require either a power cable or batteries, each • Wouter Du Toit from Salto.
(although some analogue systems have been with their own challenges. The IFSEC report • Riaan Pretorius from ASSA ABLOY.
going for longer than that), access control sys- states that integration capabilities would • Jose A. Gonzalez from Avigilon.
tems break the five-year period with ease. be a primary driver for the move to wireless. • Ingo Mutinelli from Elvey Security
In a 2016 research report by IFSEC Global However, almost equally as important are: Technologies.
and sponsored by ASSA ABLOY (available at • Quicker, easier, less disruptive, cheaper
http://www.ifsecglobal.com/download-the- maintenance. The benefits of wireless
wireless-access-control-market-in-2016/), only • Easier integration with existing access control While it may be old hat to some, it’s worthwhile
5% of the companies that employed electronic systems. to start recapping the benefits of wireless access
access control solutions had a fully wireless • Easy, quick, minimally disruptive installation. control as opposed to its wired counterparts.
system in place; 24% had hybrid wired and wire- • Battery life in excess of two years. Elvey’s Mutinelli explains that wireless offers the
less systems, while 57% had traditional wired When one talks about wireless security installer the benefit of a less complicated instal-
systems using cards and fobs for entry control. implementations of any kind, the focus today lation, “especially in those hard to reach areas
Other reasons for the slow uptake of wire- often leads to the question of security as well where trunking or trenching just isn’t possible.
less may include the different skills required for as mention of cloud or hosted access control. The end-user in this instance receives a more
wireless access, and perhaps the price differ- Security is, naturally, of prime importance complete solution which otherwise would have
ence between wired and wireless systems, today, but with all the talk of data breaches created many more problems such as remodel-
which was initially quite steep. In addition, the and exposure, it may be taken somewhat out ling and rebuilding … if access control was
IFSEC research quotes Blake Kozak, principal of context when it comes to wireless. critical for that location.”
analyst for IHS as noting, “Adoption of wireless There is no doubt that there is a significant He adds that a wireless solution should
systems has been slow in emerging countries security and privacy concern for any security offer a hybrid variation with wired systems.
for reasons including cost of labour, education installation, but wireless is not more or less “The power of hybrid means that wireless
and cost of equipment.” insecure than wired. Someone who wants to becomes complementary as pure wireless
A benefit of wireless access the report hack your system will do so if you do not take does have range limitations.”
highlights is the ease of integration with other precautions, and this applies to any electronic Du Toit expands on this, agreeing that wire-
security and building management systems system, wireless or wired – locally hosted or less access control solutions allow for quicker
– including HVAC (heating, air conditioning hosted in the cloud. installation, but adds that they also provide
and ventilation), surveillance, lighting etc. In the IFSEC report, 51% of the respondents more options for installation. This reduces the
Most of the respondents noted the integration believed wireless is as secure as wired access cost of labour and time on-site drastically.
process was fairly easy, with Kozak adding, control, while only 46% thought cloud-based Pretorius says the ease of wireless access is
“Wireless locks are often specially designed access is secure. Kozak notes: “Overall, properly like using Wi-Fi to connect your laptop to the
for integration with other systems, with only a installed cloud-based management systems Internet, as opposed to a network cable. It just
few suppliers of electronic locks offering their by vetted integrators will meet the security makes everything easier. The benefits extend
own standalone ecosystems. As a result, the requirements of most end users. One of the Continued on page 48

46 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 47
WIRELESS ACCESS CONTROL

Continued from page 46 Summing up the power question, Du Toit


to installation where time to install is reduced adds that battery power is not a real concern.
dramatically, which results in labour cost sav- “We allow for up to 40 000 openings on a
ings. Secondly, there is a saving on the cost of single device and the battery status is written
material, such as cabling, conduit and other back to the system for maintenance reporting
peripheral equipment. and support. When the unit gets to the last 1
Du Toit echoes that overall maintenance 000 openings, it will warn each user visually as
on the system is reduced and less expensive well as the system administrator. If all warn-
to perform. “Wireless access control solutions ings are ignored, we have PPDs and portable
form part of the mechanical lock that requires battery packs that will power the unit from the
very little maintenance and this is also less front to allow for battery replacement.
susceptible to external interferences like light- “Unlike conventional wired systems relying
ning, power spikes and surges that piggyback on power from the grid and a 7 Amp bat-
on cabling. Because it is using the mortise lock tery backup, our solution requires only three
in the centre of the door, it also offers better standard AAA alkaline batteries with a life of
security than using magnetic locks residing at two years worth of openings or more. Even if
the top of the door.” the batteries are replaced every year, it is at a
Avigilon, better known as a video sur- nominal cost compared to conventional access
veillance company, sells a range of wired systems’ power consumption from the grid,
access control systems. Gonzalez explains and it only takes a couple of minutes.”
that Avigilon Access Control Manager (ACM) He says some clients do opt for a mechani-
systems are wired solutions that integrate with cal key override, but this adds more cost to the
wireless locks from ASSA ABLOY (Aperio) and system and forces them to once again manage
Ingo Mutinelli, Elvey Security Technologies.
the Allegion AD400 series. their keys – which in itself is a reason why
“On average, installation takes less time system will give you bi-directional (two-way) people use wireless access control systems.
because the wireless lock combines every- communications to ensure you are aware of an
thing found around the door, the lock, the offline situation or a battery that’s going flat. Beyond the door
card reader, the request to exit, and the door Having said that, getting power to a wireless It is normal to assume that access control
contact into a single point of installation rather reader on a door should be fairly easy as there means controlling the manner in which people
than wiring these components separately.” is generally a maglock which should have gain access to an environment and where they
power you can tap into.” can go within that environment. Current trends
Hybrid integration is the norm The problem of no power means access require more than this, however, and may
The IFSEC Global report mentioned above will be denied, which can be an issue in demand the same access control to cabinets or
stresses the importance of being able to environments where there are many people storage containers (holding pharmaceuticals
integrate wireless and wired solutions, poten- moving about all day. Pretorius explains that or high value goods, for example). Gonzalez
tially even between different brands, and our ASSA ABLOY’s wireless locks boast a variety of says many applications can benefit from this
interviewees support this premise. features to combat this. type of access control, such as projects looking
Salto can co-exist with legacy systems “Mechanical override in most cases is to secure lockers, small cabinets and server
already in place and use the same RFID tech- implemented via a traditional cylinder lock, cabinets in ­computer rooms.
nology, Mifare, Desfire, Legic and HID iClass, which in the case of battery failure can simply
states Du Toit. “Our data-on-card solution does override the lockcase (for the escutcheon Securing your security
not require the system to be connected to a the inside handle always allows egress i.e. no To end with, we must address the issue of
controller-based system and each user’s indi- thumb turn is needed). To further overcome security since it has become top of mind in
vidual access rights are carried on their card this issue each wireless lock provides diagnos- today’s cyber criminal playground. Fortunately,
instead of sitting in memory on a controller. tics and low power warnings, which should be the interviewees are of the same mind (as their
Even if our Sallis non-data-on-card solution is and are incorporated in the regular mainte- products reflect) that security is not an add-on,
used, we do not need to replace all the existing nance programmes. but an integral part of the solution.
control panels, but this is limited to partners “Should it happen that the battery does die The Avigilon wireless lock solutions deploy
integrated with Sallis.” each lock has a micro USB connection which is AES 128-bit encryption over either 900 MHz or
generally used to upgrade the lock’s firmware, but 2,4 GHz frequencies.
The quest for power can also be used as an emergency power connec- “We utilise AES 128-bit encryption between
Another issue raised in the IFSEC report is tor from a standard USB connection. Lastly, the the lock and the wireless hub,” says Pretorius.
that of battery power. Nobody wants to opt actual lock, via the built-in LEDs, provide a warn- “Each lock contains keys unique to the site it
for a wireless solution just to find themselves ing that its battery is nearing its end of life.” is programmed for. An obvious point to hack
wasting time by running around and replacing Gonzalez agrees, noting that the wireless lock could be the USB connector, but this also is
batteries. Battery power is a key selling point solutions Avigilon sells are compatible with both encrypted with AES 128-bit encryption.”
and an important caveat for most buyers. alkaline and lithium batteries. These systems also Similarly, Du Toit says, “Salto’s data-on-card
According to Mutinelli, any wireless system send battery-low warning events to the Avigilon solution allows the door to open because
that doesn’t monitor battery levels and con- Access Control Manager (ACM) access system, your access plan resides on your card and the
sumption is risky. “Always make sure that your notifying operators monitoring the system. wireless is merely a carrier, a way of sending

48 Access & Identity Management Handbook 2017 www.securitysa.com


WIRELESS ACCESS CONTROL

transactions (blacklisted users, battery status cylinders, electronic handles, controllers that As noted at the start of this article, despite
and the state of the door) to the server and can work online and offline with our data-on- the advances made in wireless access control
back. The wireless solution is encrypted with card principle. This is backed up by our latest systems, the majority of the users in the real
AES 128-bit encryption for high security.” web-based software for ease of installation and world still use wired solutions. In addition to
maintenance. All our solutions are scalable and this, many don’t even use electronic access or
Which product? can work completely offline or online with live locking solutions at all. IHS’s Kozak notes that
Should a company decide it is going to opt for notifications and event streaming.” mechanical solutions are not going away any
a wireless access control solution, the ques- Salto’s solution is integrated to many third- time soon: “Although electronic locking sys-
tion arises as to which brand and product to party conventional access control manufactur- tems will continue to see strong growth, IHS
select. There are, of course, many options on ers through its SHIP and Sallis protocols. “With does not expect the mechanical locks market
the market, some from well-known brands like Sallis, we become part of the integrators access to decline. Globally, mechanical cylinders are
the companies mentioned in this article, and control bus via POE or RS-485 through our projected to grow by about 4.6% in 2016.”
others from less well-known brands that are wireless online hardware, where SHIP gives our The current situation is expected to remain
entering the wireless access market with new integrated partners full access to our wireless for the near future. What we are likely to see is
ideas and solutions. online and data-on-card solutions.” more companies making use of wireless access
When making a decision, Mutinelli advises In addition, Du Toit says Salto also offers solutions where it makes sense financially,
that you get what you pay for and one should a cloud-based solution, SaltoKS, Keys as a as well as in smaller projects to gauge the
always look for a product that has a certain Service, using the same wireless online hard- effectiveness of these products. The immedi-
pedigree. “Arguably, the most respected access ware in a slightly different configuration. This ate future, it seems, is hybrid and developers of
product in the local market is Impro. Designed allows the hardware to connect through the management platforms and access products
and manufactured in South Africa to meet Internet or a 3G connection to a secure cloud would do well to adopt a standards-based
our requirements, the product is awesome. platform. “All these solutions are backed up approach to ensure they are able to easily
The addition of wireless really does take it to by mobile access credentials and applications integrate with various solutions.
the next level of convenience, features and where you can use your phone as your key or
security.” as an update point. For more information:
Du Toit says Salto has a wide range of In addition, ASSA ABLOY offers its Aperio • Salto: www.saltosystems.com
products to cater for virtually any door and wireless locking solution. Avigilon sells • ASSA ABLOY: www.assaabloy.com
locking mechanism without using cabling on Allegion’s Schlage AD400 series wireless lock • Avigilon: www.avigilon.com
the door. “Our product lines include electronic solutions and also Aperio. • Elvey Security Technologies: www.elvey.co.za

www.securitysa.com Access & Identity Management Handbook 2017 49


BIOMETRICS SELECTION GUIDE
BIOMETRICS SELECTION GUIDE

AWM360 Data Systems ASSA ABLOY


Distributor/Supplier:
AWM360 Data Systems
Device /solution:
B-Web 93 20
Manufacturer/ brand name:
Kaba
Biometric technology:
Fingerprint
Product description: The
new B-web 93 00 terminal
series sets new standards
with its design language and
innovative configuration concept: terminal with modern design and
new materials; full-screen glass front with wear-resistant keypad;
support of all conventional RFID standards; integration of biometric
identification and verification solutions; Ethernet interface facilitates
via DHCP; simple network integration through automatic allocation of
IP address; standard power supply via Power over Ethernet (PoE); Device/solution: iCLASS Biometric Readers
reliable and fast 1-click installation, innovative 1-click analysis and Manufacturer/brand name: HID Global
1-click replacement in combination with B-COMM software; Biometric technology: Fingerprint
protection class IP54 and made in Germany. Product description: Using 13,56 MHz contactless smart card
Typical applications: Time and attendance, Access control technology, bioCLASS products provide users with new options
Integration support: Solution design and planning, Implementation, for supporting multi-authentication of identity. The solution
Hardware and software support, ERP, SLA – services enables the combination of a contactless card presentation with a
Contact details: fingerprint biometric or card presentation.
AWM360 Data Systems, info@awm360.co.za, +27 (0)87 231 0113 Contact details: Riaan Pretorius, riaan.pretorius@assaabloy.com
+27 (0)11 761 5019, www.assaabloy.com

ADI Global Distribution Controlsoft

Distributor/supplier: ADI Global Distribution


Device/solution: Suprema Biometrics
Manufacturer/ brand name: Suprema
Biometric technology: Fingerprint
Product description: Suprema’s range of advanced biometric access Distributor/supplier: Controlsoft
and time and attendance terminals features options suited to most envi- Device/solution: MorphoAccess Sigma Reader
ronments, from cold storage to executive offices, indoors or outdoors. Manufacturer/brand name: Safran Morpho
Versatile, easy to install and user friendly, the range boasts industry- Biometric technology: Finger
leading algorithms, high-quality fingerprint, face and RFID products for Product description: The Sigma series is a versatile biometric terminal
all access control needs. using next-generation algorithms, fake finger detection, facial detection
Typical applications: Access control; building management systems; and a 500 dpi, FBI certified optical sensor to deliver high accuracy and
CCTV & VMS integration; home, office and production automation; performance levels. This IP30 rated unit is upgradeable to 100 000 users
high-end security applications. and supports Prox, Mifare Plus and more.
Integration support: Developer API, software development integra- Typical applications: Access control, time and attendance.
tion support, open platform Wiegand, RS-485 (OSDP), integrated door Integration support: Morpho and Bioscrypt compatible, Wiegand,
control, integrated with all major access control manufacturers. multiple support channels, technical and sales training.
Contact details: Gordon Moore, gordon.moore2@adiglobal.com, Contact details: Marilize Munro, africasales@controlsoft.com,
+27 (0)11 574 2500, www.adiglobal.com/za. +27 (0)11 792 2778, www.controlsoft.com.

50 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS SELECTION GUIDE

Elvey Security Technologies Ideco Biometric Security Solutions

Distributor: Elvey Security Technologies


Device/solution: Suprema Access Control and Time & Attendance
Manufacturer/brand name: Suprema
Biometric technology: Fingerprint and facial Distributor: Ideco
Product description: Suprema’s range of biometric and RFID devices Device/solution: Accessories and Protection
addresses all access and time & attendance needs, offering face, Manufacturer/brand name: Ideco
fingerprint, card, in and outdoor solutions. Internationally recog- Biometric technology: Fingerprint
nised algorithms, award winning designs and extensive functional- Product description: These surge protectors, ruggedised housings
ity deliver on end-user needs. Use standalone or integrated with and portable casings for biometric installations cut down on call-
acclaimed access control providers. out fees, repair and replacement costs. The surge arrestor protects
Typical applications: Access control, time & attendance, against lightning while the MARC V2 Lite provides portability to MA
identification, verification. Sigma Lite readers; various housings and brackets improve upon IP
Integration support: Multiple RFID options; TCP/IP, Wiegand, RS-485 rating and general durability.
(OSDP); integrated door control; cloud-based software available; Typical applications: Access control, time and attendance.
integrated with Impro Portal Integration support: Morpho biometric readers
Contact details: Elvey Security Technologies, info@elvey.co.za Contact details: Mark Paynter, contact@ideco.co.za,
+27 (0)11 401 6700, www.elvey.co.za +27 (0)12 749 2300, www.ideco.co.za

Ideco Biometric Security Solutions Ideco Biometric Security Solutions

Distributor: Ideco Distributor: Ideco


Device/solution: Integration and Support Device/solution: EVIM
Manufacturer/brand name: Ideco Manufacturer/brand name: Honeywell Dolphin
Biometric technology: APIs and SDKs for system integration and Biometric technology: FBI IQS MSO1300
support Product description: EVIM is a powerful mobile ID management
Product description: Users can capitalise on the extensive capabilities terminal that replaces the manual visitor’s book. Questions are
of biometric technology in new integration and development projects, customisable to suit site requirements and visitors sign data with a
and increase speed to market by partnering with Ideco’s technical team. fingerprint. This data is stored securely in a cloud service for real-time
Formal support programmes provide practical assistance to ensure that verification and processing. Fully OSH and PoPI compliant and enhanced
biometric applications deliver the best possible operational and with a mobile app.
commercial results. Typical applications: Secure visitor management and mobile identity
Typical applications: Secure identity control applications. control applications.
Integration support: Various packages available Integration support: Secure cloud based service with integration APIs.
Contact details: Mark Paynter, contact@ideco.co.za, Contact details: Jan Huyser, contact@ideco.co.za,
+27 (0)12 749 2300, www.ideco.co.za +27 (0)12 749 2300, www.ideco.co.za

www.securitysa.com Access & Identity Management Handbook 2017 51


BIOMETRICS SELECTION GUIDE

Impro Technologies Morpho

Distributor/supplier: Access & Beyond,


Elvey Security Technologies, Powell Tronics
Device/solution: BMTA – Biometric Multi-discipline Time and
Attendance reader
Manufacturer/ brand name: Impro Technologies Distributor/supplier: Ideco Biometric Security Solutions, Gallagher
Biometric technology: Finger Security, EOH, Impro Technologies.
Product description: The BMTA is a compact biometric time and Device/solution: Morpho Smart optical 1300 Series
attendance solution that supports finger, tag and PIN. The BMTA Manufacturer/brand name: Safran Morpho/ MorphoAccess
seamlessly integrates with all Impro systems, from IXP220 and IXP400i, Biometric technology: Fingerprint
to the pioneering Access Portal range. Features include door mode Product description: The MSO 1300 (USB) has been designed to
patterns and advanced messaging, as well as the ability to read a address the needs of logical access control to highly secure PC applica-
multitude of tag types. tions in industrial, corporate and governmental environments. The MSO
Typical applications: Access control, time and attendance, 1300 Series is based on a fast and cost effective optical sensor and has
identification and verification. an embedded storage capacity of up to 5000 users (10 000 templates).
Integration support: Fully supported by Impro Technologies, various Typical applications: Enrolment.
integration options. Integration support: System integration.
Contact details: Mike Kidson, info@impro.net, +27 (0)11 469 5568, Contact details: Craig Dubois, craig.dubois@safrangroup.com,
www.impro.net. +27 (0)11 286 5800, www.safran-identity-security.com.

MiRO Morpho

Distributor: MiRO
Device/solution: Wiegand
Interface
Manufacturer/brand
name: Axxess-E
Biometric technology:
Fingerprint reader
Product description: Distributor/supplier: Ideco Biometric Security Solutions, Gallagher
Axxess-E’s wireless access control solution is easy to deploy, cost- Security, EOH, Impro Technologies.
effective and highly scalable. The solution also includes a Wireless Device/solution: MorphoSmart Optical 300 Series
Wiegand Interface (the only one of its kind, to our knowledge) which Manufacturer/brand name: Safran Morpho/ MorphoAccess
converts Wiegand into RF and RF back to Wiegand, eliminating the Biometric technology: Fingerprint
use of wires while saving you time and money on installations. Product description: The MSO300 Series is a family of high-end USB
Typical applications: Perfect for high-security access control requir- optical sensors. It is based on Morpho’s 25-year experience in the field of
ing fingerprint recognition. electro-optics and forensic quality fingerprint processing algorithms.
Integration support: Fully integrated with the Suprema range of Typical applications: Enrolment.
readers; compatibility with Morpho Sigma readers by early 2017. Integration support: System integration.
Contact details: MiRO Sales, sales@miro.co.za, 086 123 6476 Contact details: Craig Dubois, craig.dubois@safrangroup.com,
www.miro.co.za +27 (0)11 286 5800, www.safran-identity-security.com.

52 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS SELECTION GUIDE

Morpho Morpho
Distributor/supplier: Ideco
Distributor/supplier: Ideco
Biometric Security Solutions,
Biometric Security Solutions,
Gallagher Security, EOH, Impro
Gallagher Security, EOH, Impro
Technologies..
Technologies.
Device/solution: MorphoWave
Device/solution: Morpho 3-D
Manufacturer/brand name:
Face Reader
Safran Morpho/ MorphoAccess
Manufacturer/brand name:
Biometric technology:
Safran Morpho/ MorphoAccess
Fingerprint
Biometric technology: Face
Product description:
Product description: These
MorphoWave is the world’s
3D facial recognition terminals
first biometric access solution
are ideal for environments that
to capture and match four
require gloves or where hygiene
fingerprints with a single hand
is a concern. 3D geometry of the
movement. It implements a pat-
face is calculated with over 40 000
ented, truly contactless tech-
points for enrolment and identi-
nology that not only acquires
fication, providing a high-speed,
extremely accurate fingerprint
hands-free access solution.
data but also overcomes the
Typical applications: Access
challenges wet/dry fingers and
control, enrolment, identification,
latent prints pose to conven-
time and attendance.
tional scanning systems.
Integration support: System integration.
Typical applications: Access
Contact details: Craig Dubois,
control, time and attendance, contactless.
craig.dubois@safrangroup.com,
Integration support: System integration.
+27 (0)11 286 5800,
Contact details: Craig Dubois, craig.dubois@safrangroup.com,
www.safran-identity-security.com.
+27 (0)11 286 5800, www.safran-identity-security.com.

Morpho Morpho

Distributor/supplier: Ideco Biometric Security Solutions, Gallagher Distributor/supplier: Ideco Biometric Security Solutions, Gallagher
Security, EOH, Impro Technologies. Security, EOH, Impro Technologies.
Device/solution: MorphoAccess Sigma Device/solution: Outdoor MorphoAccess 520D
Manufacturer/brand name: Safran Morpho/ MorphoAccess Manufacturer/brand name: Safran Morpho/ MorphoAccess
Biometric technology: Fingerprint Biometric technology: Fingerprint
Product description: The MA Sigma is a newly launched multiple Product description: The OMA520D is an outdoor version of the MA
recognition (NFC chip reader, PIN and BioPIN codes, contactless card 500+ series. It shares all characteristics of the MA520D (multifactor
reader) touchscreen device. It has a modern glossy black design with verification with Mifare or Desfire cards) and is IP65 rated. Its ruggedised
features designed for market needs and requirements, and brings casing makes it vandal resistant, and it can be used in rough environ-
enhanced security and accuracy (FBI PIV IQS certified optical sensor). ments like mines, oil refineries, etc.
Typical applications: Access control, time and attendance Typical applications: Access control, time and attendance.
Integration support: System integration. Integration support: System integration.
Contact details: Craig Dubois, craig.dubois@safrangroup.com, Contact details: Craig Dubois, craig.dubois@safrangroup.com,
+27 (0)11 286 5800, www.safran-identity-security.com. +27 (0)11 286 5800, www.safran-identity-security.com.

www.securitysa.com Access & Identity Management Handbook 2017 53


BIOMETRICS SELECTION GUIDE

Morpho Morpho

Distributor/supplier: Ideco Biometric Security Solutions, Gallagher


Security, EOH, Impro Technologies.
Distributor/supplier: Ideco Biometric Security Solutions, Gallagher Device/solution: MorphoTablet 2
Security, EOH, Impro Technologies. Manufacturer/ brand name: Safran Morpho/ MorphoAccess
Device/solution: MorphoAccess VP Series Biometric technology: Fingerprint
Manufacturer/brand name: Safran Morpho/ MorphoAccess Product description: The MorphoTablet 2 is an 8” touchscreen tablet
Biometric technology: Fingerprint, vein with an incorporated FBI PIV IQS and STQC certified optical fingerprint
Product description: The MA-VP Series is an access control device sensor. The device offers signature capture, contactless smart card and
available as MA-VP Bio (fingerprint/vein only) or MA-VP Dual a 13 megapixel camera with dual LED for face capture. The slim, sleek
(fingerprint/vein + Mifare/ Desfire cards). It can store up to 10 000 device operates on 4G, Wi-Fi and Bluetooth, and weighs a mere
users (20 000 templates), and is IP65 rated and suited for indoor and 545 grams.
outdoor use. Typical applications: Access control, time and attendance, KYC, data
Typical applications: Access control. capture and other processes.
Integration support: System integration. Integration support: SDK available.
Contact details: Craig Dubois, craig.dubois@safrangroup.com, Contact details: Craig Dubois, craig.dubois@safrangroup.com,
+27 (0)11 286 5800, www.safran-identity-security.com. +27 (0)11 286 5800, www.safran-identity-security.com.

Morpho Morpho

Distributor/supplier: Ideco Biometric Security Solutions, Gallagher


Security, EOH, Impro Technologies.
Distributor/supplier: Ideco Biometric Security Solutions, Gallagher Device/solution: MorphoAccess Sigma Lite +
Security, EOH, Impro Technologies. Manufacturer/ brand name: Safran Morpho/ MorphoAccess
Device/solution: MorphoSmart FingerVP Series Biometric technology: Fingerprint
Manufacturer/brand name: Safran Morpho/ MorphoAccess Product description: MorphoAccess Sigma Lite + is a slim, sleek and
Biometric technology: Fingerprint, vein. powerful fingerprint access control terminal. It offers time and atten-
Product description: The MSO FVP is an FBI PIV IQS certified USB dance in and out function keys and enhanced interactivity via a 2,8”
biometric reader using the latest and greatest technologies. It QVGA colour touchscreen. The embedded web server enables on-device
simultaneously captures the fingerprint as well as the vein reading, and enrolment, terminal configuration and transaction log retrieval. This
combines the best of both templates to ensure the highest security and device can perform 1:10 000 user identification in 1 second, and offers a
the best possible performance. high capacity of up to 10 000 users (30 000 templates).
Typical applications: Enrolment. Typical applications: Access control, time and attendance
Integration support: System integration. Integration support: SDK, Thrift, Wiegand, MorphoManager (BioBridge).
Contact details: Craig Dubois, craig.dubois@safrangroup.com, Contact details: Craig Dubois, craig.dubois@safrangroup.com,
+27 (0)11 286 5800, www.safran-identity-security.com. +27 (0)11 286 5800, www.safran-identity-security.com.

54 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS SELECTION GUIDE

Morpho Powell Tronics

Distributor/supplier: Ideco Biometric Security Solutions, Gallagher


Security, EOH, Impro Technologies. Distributor: Powell Tronics
Device/solution: MorphoAccess Sigma Lite Device/solution: Safran Morpho
Manufacturer/ brand name: Safran Morpho/ MorphoAccess Manufacturer/brand name: Safran Morpho
Biometric technology: Fingerprint Biometric technology: Fingerprint, vein, facial
Product description: MorphoAccess Sigma Lite is a slim, sleek and Product description: Biometric terminals that set the standard in
powerful fingerprint access control terminal which can perform 1:10 000 identification and verification, multimodal technologies such as finger
user identification in 1 second. Offering a high capacity of 10 000 users vein, facial 3D recognition, finger SIGMA interactive and the portable
(30 000 templates), it is designed to fit narrow mounting surfaces such Morpho tablet. All proudly distributed by Powell Tronics with numerous
as glass/aluminium door mullions, turnstiles or server rack doors. value-added bespoke solutions throughout SA and Africa.
Typical applications: Access control Typical applications: Biometric terminals for access and T&A.
Integration support: SDK, Thrift, Wiegand, MorphoManager Integration support: Various integration options
(BioBridge). Contact details: Mike Austen, marketing@powelltronics.com
Contact details: Craig Dubois, craig.dubois@safrangroup.com, 0861 787 2537, www.p-tron.com
+27 (0)11 286 5800, www.safran-identity-security.com.

Powell Tronics Regal Distributors SA

Distributor:
Regal Distributors SA
Device/solution:
LK179 / MA300
Manufacturer/brand name:
ZKTeco
Biometric technology:
Fingerprint
Distributor: Powell Tronics Product description: The
Device/solution: ATOM MA300 is a metal unit offer-
Manufacturer/brand name: ATOM by Powell Tronics ing a robust, vandal resistant
Biometric technology: Biometric and RFID solution to the African market.
Product description: Capitalising on the innovations of Safran Morpho The IP65 rated unit is perfect
and Impro biometric identification technologies, ATOM time and atten- for outdoor installations. This
dance and biometric management solutions are designed to comple- unit not only offers the latest
ment the efficiency of biometrics with the added benefits of web-based algorithm but one can use
employee time management. ATOM caters for mobile enrolment and the RFID function as well. The
clocking solutions for remote sites. sensor cover provides additional protection from the elements
Typical applications: Time and attendance. and direct sunlight.
Integration support: Morpho Biometrics, Impro Access Control, Payroll Typical applications: Access control.
interfaces. Integration support: Std SDK, ZKAccess 3.5
Contact details: Mike Austen, marketing@powelltronics.com, Contact details: Andrew Levell-Smith, sales@regalsecurity.co.za
086 17872537, www.p-tron.com +27 (0)11 553 3300, www.regalsecurity.co.za

www.securitysa.com Access & Identity Management Handbook 2017 55


BIOMETRICS SELECTION GUIDE

Regal Distributors SA Regal Distributors SA

Distributor: Regal Distributors SA


Device/solution: LK172-2 / F17 Device/solution: LK355 / AC7000
Manufacturer/brand name: ZKTeco Manufacturer/brand name: ViRDI
Biometric technology: Fingerprint Biometric technology: Facial recognition, fingerprint
Product description: The F17 is a robust and compact unit offering a Product description: AC7000 is the latest access controller with
wide and dynamic solution to the African market. The IP65 rated unit is fake finger detection and a tilt camera which automatically detects
perfect for outdoor installations. It not only offers the latest algorithm a face within 3 metres. Its 5-inch LCD touch screen and friendly
but one can use the RFID/keypad function as well. The sensor cover Android application greatly enhance device management and user
provides additional protection from the elements and direct sunlight. convenience.
Typical applications: Access control, time & attendance. Typical applications: Access control, time and attendance.
Integration support: Full SDK, ZKAccess 3.5 Integration support: SDK, UNIS 4.0, Hikvision.
Contact details: Andrew Levell-Smith, sales@regalsecurity.co.za Contact details: Andrew Levell-Smith, sales@regalsecurity.co.za
+27 (0)11 553 3300, www.regalsecurity.co.za +27 (0)11 553 3300, www.regalsecurity.co.za

Regal Distributors SA Softcon

Device/solution: MorphoAccess SIGMA Lite


Device/solution: LK350-5 / AC2200 Manufacturer/brand name: Morpho
Manufacturer/brand name: ViRDI Biometric technology: Finger, card reader
Product description: The AC 2200 is a mid-range biometric termi- Product description: Engineered with the same attention to
nal complete with either a 125 kHz or 13,56 MHz card reader, and is detail and performance as its predecessor, the MorphoAccess SIGMA
mobile card capable. The IP65 rated unit is perfect for outdoor instal- Lite terminals are specifically designed to mount on narrow
lations. This unit offers the latest world renowned algorithm from surfaces, such as glass/aluminium door mullions, turnstiles or
ViRDI with live/fake finger detection. server rack doors.
Typical applications: Access control, time & attendance. Typical applications: Access control, time and attendance.
Integration support: SDK, UNIS 4.0, Hikvision Integration support: SDK supplied by manufacturer
Contact details: Andrew Levell-Smith, sales@regalsecurity.co.za Contact details: Theo Olivier, sales@softconserv.com
+27 (0)11 553 3300, www.regalsecurity.co.za +27 (0)12 348 7301, www.softconserv.com

56 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS SELECTION GUIDE

Suprema Suprema

Distributor/supplier: neaMetrics, ADI, Elvey and various resellers Distributor/supplier: neaMetrics, ADI, Elvey and various resellers
Device/solution: BioMini Series Device/solution: SupreMOBILE
Manufacturer/ brand name: Suprema Manufacturer/brand name: Suprema
Biometric technology: Fingerprint Biometric technology: Fingerprint
Product description: Suprema’s range of 500 dpi optical fingerprint Product description: Compact, portable suitcase for Suprema biomet-
sensors with scratch-free surface, high-speed USB 2.0 interface and ric terminals, IP67 sealed for dust, dirt and rain. SupreMOBILE boasts 10
award winning algorithm. BioMini Plus 2, Slim and Combo feature live hours up-time and an optional extended battery and car charger. Real-
finger detection and FBI PIV/FIPS201 certification. Slim and Plus 2 offer time synchronisation is possible using a Wi-Fi bridge or 3G/GPRS/Edge
Mobile IDFAP certification and Combo has contact and contactless modem. Suitable for most mobile environments, the case can be fitted
smart card readers. with BioStation, BioLite Net, BioEntry W or BioEntry Plus.
Typical applications: Civil and criminal identification, fingerprint Typical applications: Mobile time and attendance, random and
enrolment, biometric identity systems, application user security, time emergency roll call, on-demand identification (exams, random visitors),
and attendance. indoor and outdoor environments.
Integration support: Developer API, SDK for Windows and Linux, SDK Integration support: Developer API (device), software development
for Android (Slim), software development integration support, integration support, technical and sales training, architectural system
customised solution development. design consulting.
Contact details: Suprema Team, enquiry@suprema.co.za, Contact details: Suprema Team, enquiry@suprema.co.za,
+27 (0)11 784 3952, www.suprema.co.za. +27 (0)11 784 3952, www.suprema.co.za.

Suprema Suprema
Distributor/supplier:
neaMetrics, ADI, Elvey and
various resellers
Device/solution: FaceStation
Manufacturer/brand name:
Suprema
Biometric technology:
Facial
Distributor/supplier: Product description: Using
neaMetrics Suprema’s proprietary algo-
Device/solution: RealScan Series rithms and state-of-the-art
Manufacturer/ brand name: Suprema hardware, this face recogni-
Biometric technology: Fingerprint tion terminal provides near
Product description: FBI certified and AFIS compliant live scanners with real-time template matching
options for single or 10 print flats, rolls, 4 finger slaps and palm. 500 dpi (1:1000 <1 sec, 10 000 [1:1]).
greyscale images, high-quality image capturing with halo effect and It features live face detection, wide 4,3” touchscreen, dual-CPU,
ghost image elimination, wet or dry fingers, automated image quality Mifare/Desfire RFID support, videophone interface and
check and WSQ image compression. Robust and ideal for static and embedded web server. Maximum users: 10 000 (1:1), 1000 (1:N).
mobile operations. Typical applications: Access control, time and attendance,
Typical applications: National ID, immigration and border control, building management systems, CCTV and VMS integration,
criminal applications (police), civil identification, high-speed fingerprint home, office and production automation
capturing. Integration support: Developer API, software development
Integration support: Developer API, software development integration integration support, open platform Wiegand, RS-485,
support, customised solution development, integrated with major civil integrated door control, integrated with major access
and criminal solution providers. control manufacturers.
Contact details: Suprema Team, enquiry@suprema.co.za, Contact details: Suprema Team, enquiry@suprema.co.za,
+27 (0)11 784 3952, www.suprema.co.za. +27 (0)11 784 3952, www.suprema.co.za.

www.securitysa.com Access & Identity Management Handbook 2017 57


BIOMETRICS SELECTION GUIDE

Suprema Suprema
Distributor/supplier: Distributor/supplier:
neaMetrics, ADI, Elvey neaMetrics, ADI, Elvey and
and various resellers various resellers
Device/solution: Device/solution:
BioStation 2 BioEntry Series
Manufacturer/brand Manufacturer/brand name:
name: Suprema Suprema
Biometric technology: Biometric technology:
Fingerprint Fingerprint
Product description: Product description:
The latest Suprema Comprises BioEntry Plus and
technology in a beauti- BioEntry W fingerprint/card
ful exterior with massive IP access readers, with the
memory. A maximum latter offering a IK08 vandal-
of 500 000 users (1:1) or 20 000 users (1:N) are supported, with 3 resistant housing with IP65
million logs. Features interactive colour UI, instant matching and rating and optional Power-
authentication (20 000/sec), IP65 for in/outdoors, built-in Wi-Fi, over-Ethernet. The series is
PoE and rapid data transfer (5000/min). Interfaces include TCP/IP, compatible with BioStar 1 and 2 access control management software
RS-485, RS-232, USB and Wiegand. and BioStar SDK. Card options include Mifare/Desfire, HID Prox and
Typical applications: Access control, building management iCLASS SE. Maximum number of users is 5000 (1:1 or 1:N).
systems, CCTV and VMS integration, home, office and production Typical applications: Access control, building management systems,
automation, high-end security. CCTV and VMS integration, home, office and production automation.
Integration support: Developer API, software development inte- Integration support: Developer API, software development
gration support, open platform Wiegand, RS-485 (OSDP), integrated integration support, open platform Wiegand, RS-485 (OSDP), integrated
door control, integrated with major access control manufacturers. door control, integrated with major access control manufacturers.
Contact details: Suprema Team, enquiry@suprema.co.za, Contact details: Suprema Team, enquiry@suprema.co.za,
+27 (0)11 784 3952, www.suprema.co.za. +27 (0)11 784 3952, www.suprema.co.za.

Suprema Suprema
Distributor/supplier:
Distributor/supplier:
neaMetrics, ADI, Elvey
neaMetrics, ADI, Elvey
and various resellers
and various resellers
Device/solution:
Device/solution: BioEntry W2
BioLite Net
Manufacturer/ brand name:
Manufacturer/brand
Suprema
name: Suprema
Biometric technology:
Biometric technology:
Fingerprint
Fingerprint
Product description: Rugged IP
Product description:
access reader with fast matching
IP fingerprint terminal
speed (1:150 000/second). IK08
with IP65 rated hous-
vandal-resistant housing with IP67
ing, perfect for outdoor
rating for dust and water protection.
or indoor installations.
Features live finger detection, dual frequency
BioStar 1 and 2 com-
multi-smartcard reader, versatile interfaces
patible, BioLite Net supports full time and attendance and access control
and PoE for easy installation.
functionality for up to 5000 users. It features illuminated keypad, LCD
Max users: 500 000 (1:1); 100 000 (1:N).
backlight and LED indicator, integrated RFID and offers secure door con-
Typical applications: Access control, building management
trol and I/O expansion. Card options include EM and Mifare/Desfire.
systems, CCTV and VMS integration, home, office and
Typical applications: Access control, time and attendance, building
production automation.
management systems, CCTV and VMS integration, home, office and
Integration support: Developer API, software development
production automation
integration support, open platform Wiegand, RS-485 (OSDP),
Integration support: Developer API, software development integra-
integrated door control, integrated with all major access
tion support, open platform Wiegand, RS-485 (OSDP), integrated door
control manufacturers.
control, integrated with major access control manufacturers.
Contact details: Suprema Team, enquiry@suprema.co.za,
Contact details: Suprema Team, enquiry@suprema.co.za,
+27 (0)11 784 3952, www.suprema.co.za.
+27 (0)11 784 3952, www.suprema.co.za.

58 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS SELECTION GUIDE

Suprema UTC Fire and Security

Distributor/supplier: neaMetrics, ADI,


Elvey and various resellers
Device/solution: BioStation L2
Manufacturer/ brand name: Suprema
Biometric technology: Fingerprint
Product description: Essential access
control and time and attendance
terminal with live finger detection, with
powerful quad-core processor for fast
data transfer speed, enhanced image
processing and quick fingerprint authen- Distributor/supplier: UTC Fire and Security
tication (1:150 000/second). It supports Device/solution: MorphoAccess SIGMA Series
fingerprint, RFID and PIN, and features Manufacturer/brand name: Morpho
a 2” colour LCD and programmable TA Biometric technology: Fingerprint
function keys. Max users: 500 000 (1:1); Product description: Housing a 5” WVGA colour touchscreen, on-device
100 000 (1:N). administration is as easy as 1, 2, 3. Tailored for both access control and
Typical applications: Access control, time and attendance, build- time & attendance, the Sigma series implements 20 patents to master
ing management systems, CCTV and VMS integration, home, office biometric identification. New generation Morpho algorithms (MINEX
and production automation. and FIPS 201 approved) ensure accuracy is maintained regardless of the
Integration support: Developer API, software development number of users.
integration support, open platform Wiegand, RS-485 (OSDP), Typical applications: Access control, time and attendance, contactless.
integrated door control, integrated with all major access control Integration support: Full fingerprint management into Lenel Onguard,
manufacturers. Wiegand, RS-485, SDK.
Contact details: Suprema Team, enquiry@suprema.co.za, Contact details: Randhir Seodutt, randhir.seodutt@fs.utc.com,
+27 (0)11 784 3952, www.suprema.co.za. +27 (0)11 579 7300, www.utcfssecurityproducts.eu

Suprema ZKTeco
Distributor/supplier:
neaMetrics, ADI, Elvey and
various resellers
Device/solution:
BioStation A2
Manufacturer/ brand name:
Suprema
Biometric technology:
Fingerprint
Product description:
Premium access control and
time and attendance terminal
with live finger detection. It
features fingerprint, RFID and PIN with built-in wide-angle camera
with face detection, video phone interface and touchscreen LCD with
Device/solution: ProCapture-T
Android based UI. Max users: 500 000 (1:1) 100 000 (1:N) and 5 million
Manufacturer/brand name: ZKTeco
text logs. Interfaces: TCP/IP, Wi-Fi, PoE, RS-485 and Wiegand. Extensive
Biometric technology: Fingerprint
RF card options supported.
Product description: The ProCapture-T is an access control terminal
Typical applications: Access control, time and attendance, building
applying the most advanced Silk ID fingerprint sensor. Its outstanding
management systems, CCTV and VMS integration, home, office and
performance provides a high identification rate for dry, wet and rough
production automation.
fingers, and it is capable of detecting a living finger for a higher
Integration support: Developer API, software development integra-
security level.
tion support, open platform Wiegand, RS-485 (OSDP), integrated
Typical applications: Access control
door control, integrated with all major access control manufacturers.
Integration support: Works exclusively with ZKBioSecurity
Contact details: Suprema Team, enquiry@suprema.co.za,
Contact details: Johannes Tlhabi, johannes@zkteco.co.za
+27 (0)11 784 3952, www.suprema.co.za.
+27 (0)12 259 1047, www.zkteco.co.za

www.securitysa.com Access & Identity Management Handbook 2017 59


BIOMETRICS SELECTION GUIDE

ZKTeco ZKTeco

Device/solution: FR1500-WP
Manufacturer/brand name: ZKTeco
Device/solution: inPulse+ Biometric technology: Fingerprint
Manufacturer/brand name: ZKTeco Product description: The FR1500-WP is a slave fingerprint reader with
Biometric technology: Fingerprint and vein RS-485 communication interface that is compatible with the inBio Pro
Product description: The inPulse+ is a multi-biometric reader capable access controllers. With its IP65 rated rugged structure, the FR1200
of capturing and processing finger vein and fingerprint biometric data offers extra durability in all weather conditions including outdoor
at the same time. Ergonomic, intuitive and highly secured, inPulse+ environments.
ushers in a new era for ZKTeco in enhancing security with biometrics. Typical applications: Access control
Typical applications: Access control Integration support: Exclusively compatible with selected
Integration support: Works exclusively with ZKBioSecurity ZKTeco products
Contact details: Johannes Tlhabi, johannes@zkteco.co.za Contact details: Johannes Tlhabi, johannes@zkteco.co.za
+27 (0)12 259 1047, www.zkteco.co.za +27 (0)12 259 1047, www.zkteco.co.za

ZKTeco The Biometrics Selection Guide

The Biometrics Selection Guide focuses on the variety of biometric


devices and solutions aimed at the access control market that are
available right now. In addition to the products themselves, the
guide includes information on the integration possibilities
within these devices, which is a crucial aspect of any access
and/or authentication solution today – we rarely see installations
of significant size that don’t include systems and solutions from
diverse brands, making integration even beyond the security
realm an essential part of access control.
All the information listed in these pages will also be online
where one can search through the products, searching or
organising them by brand or type of biometric and more.
In past issues of the Access & Identity Management Handbook, we
Device/solution: ProBio have found the online guides have proved popular with readers
Manufacturer/brand name: ZKTeco trying to identify which solutions they should be considering.
Biometric technology: Fingerprint and face It’s also worth remembering that the Hi-Tech Security Business
Product description: ProBio is the first access control terminal to Directory is also available to find more information, such as
apply the most advanced Silk ID fingerprint sensor and face contact numbers and branch locations for hundreds of
technology together. Using ZKTeco’s latest ZKFACE version 7.0 companies spanning the gamut of security operations
high-speed face recognition algorithm, it has extremely high in South Africa.
verification speed and low error rate, in addition to being able
to effectively prevent duplicated registration.
Typical applications: Access control
Integration support: Exclusively for use with ZKBioSecurity
Contact details: Johannes Tlhabi, johannes@zkteco.co.za
+27 (0)12 259 1047, www.zkteco.co.za

60 Access & Identity Management Handbook 2017 www.securitysa.com


BIOMETRICS SELECTION GUIDE

www.securitysa.com Access & Identity Management Handbook 2017 61


ACCESS SELECTION GUIDE
AWM360 Data Systems ASSA ABLOY

Device/solution: Kaba exos 9300 Integrated Access Management


System
Manufacturer/brand name: Kaba
Distributor: AWM360 Data Systems
Supplier: AWM360 Data Systems
Product description: Kaba exos 9300 is an integrated access
management system. It takes an integrated view of security combining
and integrating a wide range of security elements. It covers all
necessary access control and logging functions. It is a standard
system that can be tailored to fit. Access control, door management,
parking and visitor management – the possible applications of Kaba
exos are tailored completely to your requirements. With its modular
structure, it integrates seamlessly into your company’s processes.
With its scalability you benefit at all times from a maximum range of Device/solution: Aperio L100 Lock
functions. Manufacturer/brand name: Aperio
Application: Access control, visitor management, elevator Product description: The Aperio L100 Lock is the most complete
control, interlocking doors, T&A, parking management, alarm electronic wireless security lock on the market. This sophisticated
management, computer access control, key safe, OPC support solution, the latest wireless access control technology for security
and more. doors, provides a highly cost effective, straightforward alternative to
Integration support: Solution design & -planning, Implementation, a wired high-end solution as no cabling or alterations to the doors are
Hardware & software support, ERP solution suppor, SLA – services required during installation.
Contact details: AWM360 Data Systems, info@awm360.co.za, Contacts: Riaan Pretorius, riaan.pretorius@assaabloy.com,
+27 (0)87 231 0113 +27 (0)11 761 5019, www.assaabloy.co.za

ADI Global Distribution Axis Communications


Device/solution: AXIS A4010-E
Reader
Manufacturer/brand name:
Axis Communications
Distributor: ADI Global
Distribution, Pinnsec, Duxbury
Networking, NIT
Product description:
AXIS A4010-E Reader is a joint
cooperation between Axis
and ASSA ABLOY, designed to
perfectly match the AXIS A1001
Network Door Controller. The
cost-efficient reader has no
keypad and
Device/solution: iCLASS SE Platform its small form factor enables easy
Manufacturer/brand name: HID Global placement. Two LED symbolsgive
Distributor: ADI Global Distribution clearly visible feedback. The
Product description: HID Global’s iCLASS SE platform for adaptable, reader supports touch-free entry
interoperable access control. Dynamic, iCLASS SE 13,56 MHz contactless with most entry card formats.
readers support a broad array of credential technologies and a variety of Application: Access control, card reader
form factors including cards, fobs and mobile devices. Integration support: Support for most smart card formats
Application: Access control, identity management Contacts: Vanessa Tyne, vanessa.tyne@axis.com, +27 (0)11 5486780,
Integration support: iCLASS, UHF, MIFARE, MIFARE DESFire, Prox, http://www.axis.com/za/en/products/axis-a4010-e-reader-without-keypad
Wiegand, RS-485 (OSDP), NFC, BLE
Contacts: Gordon Moore, gordon.moore2@adiglobal.com,
+27 (0)11 574 2500, www.adiglobal.com/za

62 Access & Identity Management Handbook 2017 www.securitysa.com


ACCESS SELECTION GUIDE

Card Control Systems CEM Systems


Device/solution: BioEntry W Device/solution:
Manufacturer/brand name: emerald Intelligent
Suprema Access Terminal
Distributor: Card Control Manufacturer/
Systems brand name: CEM
Product description: BioEntry Systems
Plus/W blends the benefits of Distributor: Tyco
an IP access control system with Security Products
high-level security provided by Product
fingerprint biometrics. Featuring description:
vandal resistance and an IP65 emerald is a range
rated structure, it’s ideal for of advanced,
outdoor installation, offering intelligent IP access
exceptional durability in harsh terminals revolu-
environments. Features tionising the security industry. A powerful reader, controller and
extensive communication fingerprint terminal (TS300f model only) in one, emerald features
interfaces and PoE capability. an LCD touchscreen, fully integrated VOIP intercom and a range
Application: Access control, of ‘Remote Applications’ that provides a whole new access control
building management, time and experience.
attendance Application: Indoor and outdoor, remote applications at the
Integration support: Developer door
API, software development Integration support: Designed for use with CEM’s AC2000 security
integration support, open management system
platform Wiegand, integrated Contacts: Ernest Mallet, cem.sales@tycoint.com, +44 (2890) 456 767,
door control www.cemsys.com
Contacts: Sakkie Coetzee, sakkie@cardcon.co.za, +27 (0)11 907 3192,
www.cardcontrolsystems.co.za

CEM Systems CEM Systems


Device/solution: S3040
Portable Reader
Manufacturer/brand name:
CEM Systems
Distributor: Tyco Security
Products
Product description: The
S3040 is a lightweight and
rugged handheld card reader
designed for use with the CEM
access control and security
management system. It can
be used for ID card validation Device/solution: AC2000 Security Management System
at remote sites or temporary Manufacturer/brand name: CEM Systems
entrances which have no Distributor: Tyco Security Products
mains power, and can be used Product description: AC2000 is a powerful access control and
as a mobile device for random integrated security management system. Flexible and highly resilient, it
checks within predefined offers users a highly secure solution along with a comprehensive suite
zones. of software modules which can enhance business efficiency. These
Application: Security include ID badging, central alarm monitoring (AC2000 Security Hub)
measures for sites with no and more.
power; enhanced guard Application: Aviation, healthcare, education, oil and gas, leisure,
activities; performing random spot checks; enhanced security at transport, data centres, corporate premises.
temporary entrances; mustering situations Integration support: CCTV, intrusion, perimeter detection, fire and
Integration support: Designed for use with CEM AC2000 more
Contacts: Ernest Mallet, cem.sales@tycoint.com, +44 (2890) 456 767, Contacts: Ernest Mallet, cem.sales@tycoint.com, +44 (2890) 788 124,
www.cemsys.com www.cemsys.com

www.securitysa.com Access & Identity Management Handbook 2017 63


ACCESS SELECTION GUIDE

Controlsoft Elvey Security Technologies

Device/solution: HID Mobile Ready Multiclass SE Reader Device/solution: Uno & Quattro
Manufacturer/brand name: HID Global Manufacturer/brand name: AccessLine
Distributor: Controlsoft Distributor: Elvey Security Technologies
Supplier: Controlsoft Product description: The 1-door Uno (with 1 x NO/NC relay output)
Product description: With the multiclass SE reader from HID, your and 4-door Quattro (4 x NO/NC relay outputs) controllers each feature
cellphones can provide secure access on any system that supports two 7-segment displays for easy programming via four pushbuttons
Wiegand. Mobile credentials are securely provisioned for supported and LED display. Supporting up to 99 tag holders, a range of readers
smartphones, allowing behind-the-scenes enrolment. This technology is available, with RFID and Pin or RFID only. A software interface and
independent reader supports ‘tap n go’ tagging as well as a ‘twist n go’ download cable are available for event logging (up to 99 event history)
read range of up to 5 metres. and backup.
Application: Access control, multiple card technologies, long range Application: Access control, small commercial and residential applica-
applications. tions, eliminates the need for multiple remote controls or tags, no need
Integration support: Identity Access, Wiegand interface for a PC or software.
Contacts: Marilize Munro, africasales@controlsoft.com Contact details: Elvey Security Technologies, info@elvey.co.za,
+27 (0)11 792 2778, www.controlsoft.com +27 (0)11 401 6700, www.elvey.co.za

Controlsoft Elvey Security Technologies

Device/solution: Identity Access


Manufacturer/brand name: Controlsoft
Distributor: Controlsoft, Security Communications Warehouse and
certified integrators
Product description: Identity Access provides complete functionality Device/solution: GSM Intercom System
in a fully customisable, permission and event-based system. Friendly Manufacturer/brand name: Fermax
wizards, design templates and system configuration tools offer ease of Distributor: Elvey Security Technologies
use. Suitable for small or global multi-site solutions, the system sup- Product description: The Fermax GSM Intercom System is a
ports unlimited doors, readers and users, as well as card, fingerprint and digital intercom that allows residents to communicate and trigger
mobile access. the gate via their mobile/cellular phone. Ideal for residential and
Application: Access control for commercial offices, industrial environ- business properties, this system is user friendly and very easy to
ments and schools operate and manage for both administrators and users of the
Integration support: Customisable permission and event-based system.
system Application: Gate access report, quick and easy installation.
Contacts: Marilize Munro, africasales@controlsoft.com Contact details: Elvey Security Technologies, info@elvey.co.za,
+27 (0)11 792 2778, www.controlsoft.com +27 (0)11 401 6700, www.elvey.co.za

64 Access & Identity Management Handbook 2017 www.securitysa.com


ACCESS SELECTION GUIDE

GeoVision SA IDS

Device/solution: GV-ASManager Device/solution: Proxnet Pro Access Control System


Manufacturer/brand name: GeoVision Manufacturer/brand name: IDS
Product description: GV-ASManager offers a network access control Distributor: IDS
solution suitable for both small businesses and multinationals with Product description: ProxnetPro access control system is a web-based
facilities around the globe. In addition, IP devices can be connected to access system that accommodates 20 000 users and multiple control-
GV-ASManager via network to provide live video and event associated lers. Communication between the server and controllers can be direct
playback. or via LAN/WAN (inc DSL and 3G connectivity). Each controller can
Application: Time and attendance, biometric, card and pin code support 32 devices, including proximity, fingerprint, long-range readers
readers, SMS and email notifications, licence plate recognition and remote transmitters.
Integration support: GeoVision CCTV, licence plate recognition, Application: Access control
weighbridges, visitor enrolment systems Integration support: Comprehensive datasheets; applications; access
control
Contacts: Jacques Taylor, sales@geovisionsa.co.za, +27 (0)12 664 0411, Contacts: Matt De Araujo, marketing@idsprotect.com,
www.geovisionsa.co.za +27 (0)31 705 1373, www.idsprotect.com

IDS Impro Technologies

Device/solution: Access Portal


Device/solution: ProxnetPlus Access Control System Manufacturer/brand name: Impro Technologies
Manufacturer/brand name: IDS Distributor/supplier: Access & Beyond, Elvey Security Technologies,
Distributor: IDS Powell Tronics.
Product description: ProxnetPlus access control system is a fully Product description: Access Portal is a highly scalable, simple to use
featured system that can expend up to 254 readers and support up to access control solution suitable for any site, whether a small business
10 000 users, managed in 64 access levels off one controller. The or a multinational. Access Portal integrates easily with CCTV, biomet-
controller supports TCP-IP connections for local and remote networks. rics, fire, time and attendance, and more. Loaded with features, Access
The controller can operate alone or fully controlled via Windows software. Portal will change your world for the better.
Application: Access control; time and attendance Application: Access control
Integration support: Comprehensive datasheets; applications; access Integration support: Local and international support, 24 hour technical
control and time & attendance support centre, technical and sales training, development integration
Contacts: Matt De Araujo, marketing@idsprotect.com, support
+27 (0)31 705 1373, www.idsprotect.com Contacts: Mike Kidson, info@impro.net, +27 (0)11 469 5568, www.impro.net

www.securitysa.com Access & Identity Management Handbook 2017 65


ACCESS SELECTION GUIDE

Impro Technologies MiRO


Device/solution:
Access in a Box
Manufacturer/
brand name:
Impro Technologies
Distributor/
supplier:
Access & Beyond,
Elvey Security
Technologies,
Powell Tronics.
Product
description:
All you need for
an access control
system, housed within one quickly installed, secure metal housing.
This boxed solution with LCD comes prewired and loaded with Device/solution: Wireless Door Controller
features, such as built-in enrolment for quick and easy on-site Manufacturer/brand name: Axxess-E
setup. With the touchscreen LCD, no PC is necessary and the Distributor: MiRO
system supports up to 1000 tagholders. Life just got much Product description: Axxess-E door controllers communicate wirelessly
easier. with the system master, card readers and biometric readers to eliminate
Application: Access control, small to medium businesses the need for expensive cabling. Each door controller manages 2 doors,
Integration support: Developed and supported by Impro provides battery backup support, local storage for 100 000 transactions,
Technologies, 24 hour technical support centre, technical and sales 10 000 user IDs and features 4 alarm inputs and 2 outputs.
training Application: Controlling gate and door access to buildings
Contacts: Mike Kidson, info@impro.net, +27 (0)11 469 5568, Contacts: MiRO Sales, sales@miro.co.za, 086 123 6476,
www.impro.net www.miro.co.za

Milestone Systems MiRO

Device/solution: HUSKY M550A


Manufacturer/brand name: Milestone Systems
Distributor: ADI Global Distribution, Compass Visual Security,
MiRO, Pinnsec
Product description: With guaranteed support of 1400 Mbps
recording performance, the M550A NVR is capable of recording up to
768 HD camera feeds. Preloaded with Milestone XProtect Advanced Device/solution: Wireless Access Control Starter Kit
VMS software, the M550A unit combines comprehensive video Manufacturer/brand name: Axxess-E
surveillance functions and high performance, with low total cost of Distributor: MiRO
ownership. Product description: Using Axxess-E, a revolutionary wireless access
Application: Video analytics integration with other systems control system, eliminates 90% of cable runs associated with traditional
Integration support: VMS systems, ERP systems, access control systems, since no cables are required between system master, door
systems, alarm management controllers or card readers. The AX-AXSP-01 Starter Kit includes
Contacts: Armand Steffens, arms@milestonesys.com, a comprehensive software solution, wireless master interface and a
+27 (0)82 377 0415, www.milestonesys.com wireless card reader.
Application: Controlling gate and door access to buildings
Contacts: MiRO Sales, sales@miro.co.za, 086 123 6476,
www.miro.co.za

66 Access & Identity Management Handbook 2017 www.securitysa.com


ACCESS SELECTION GUIDE

Paxton Access Powell Tronics


Device/solution: PT-Guest
Visitor Access Management
Manufacturer/
brand name: PT-Guest by
Powell Tronics
Distributor: Powell Tronics
Product description:
Supporting Impro’s Portal
access control solutions,
PT-Guest allows for accurate
capture of visitor details
while maintaining
Device/solution: Net2 Entry a level of security.
Manufacturer/brand name: Paxton Access Pre-authorised visitors
Distributor: Reditron, Pinnacle Security, Regal Security allow for minimal guard
Product description: Net2 Entry is a door entry system that works as intervention while the
a standalone system or alongside Paxton’s Net2 access control, and PT-Guest scanners allow
is suitable for a wide variety of sites. Combining door entry with key for fast processing of
features of Net2, it consists of 3 components that auto-detect on unexpected visitors by
setup; external panel, interior monitor and door control unit. scanning their driver’s
Applications: Door entry licences, ID or vehicle discs.
Contacts: Werner Geldnehuys, Application: Visitor management, access control
werner.geldenhuys@paxtonaccess.co.za, +27 (0)72 758 6485, Integration support: Impro Technologies, Morpho Biometrics, Blue
www.paxtonaccess.co.za Tooth Printers, Visitor Management, P-tron
Contacts: Mike Austen, marketing@powelltronics.com,
086 1787 2537, www.p-tron.com

Paxton Access Powell Tronics

Device/solution: Net2 access control Device/solution: Portal


Manufacturer/brand name: Paxton Access Manufacturer/brand name: Impro Technologies
Distributor: Reditron, Pinnacle Security, Regal Security Distributor: Powell Tronics
Product description: Net2 is an advanced PC-based access control Product description: Access Portal software, when combined with
solution. It offers centralised administration and control of sites from Portal hardware, becomes one of the most powerful solutions
one to thousands of doors, with up to 50 000 users. Easy to install and available. The user-friendly software provides unrivalled customisation
designed to make the management of any building very simple, Net2 and industry-leading features like threat level management and the
offers a range of IP, battery powered, wireless or wired door controllers. PTron add-on products that integrate into the system for visitor,
Applications: Control unit, access control. contractor management and T&A software.
Integration support: Time and attendance, video management Application: Access control, web based solution
software, biometrics, CCTV, fire and intruder alarms. Integration support: Impro Technologies hardware
Contacts: Werner Geldenhuys, werner.geldenhuys@paxtonaccess.co.za, Contacts: Mike Austen, marketing@powelltronics.com,
+27 (0)72 758 6485, www.paxtonaccess.co.za 086 1787 2537, www.p-tron.com

www.securitysa.com Access & Identity Management Handbook 2017 67


ACCESS SELECTION GUIDE

Reditron Saflec Systems

Device/solution: SDC-650 Multiple Door Ethernet Controller


Manufacturer/brand name: Saflec Systems
Device/solution: Net2 Access Control I/O Board Distributor: Saflec Systems
Manufacturer/brand name: Paxton Access Product description: For securing up to 8 doors with 16 readers, the
Distributor: Reditron SDC-650 is Ethernet enabled with an OLED display for diagnostics and
Product description: This board can be used in nearly any application, configuration, and supports up to 250 000 users and 1 million tags.
and controls up to 4 inputs and 4 outputs, allowing for seamless control Designed for use with the SACS access control system, it has dedicated
of multiple devices. This means all events are still centrally acces- fire and tamper inputs, and comes in a secure plastic enclosure with PSU
sible. This board is simply an add-on to any Paxton system and works and battery backup.
together with the existing installation over a network interface. Application: Access control
Application: Access control expansion Integration support: Biometrics, wireless locks, intrusion, CCTV, OSDP
Integration support: Technical support device
Contacts: Jacques Bester, sales@reditron.co.za, +27 (0)87 802 2288, Contacts: Barend Keyser, sales@safsys.co.za, +27 (0)11 477 4760,
www.reditron.co.za www.saflecsystems.co.za

Reditron SALTO Systems

Device/solution: SALTO Virtual Network (SVN) platform


Manufacturer/Brand name: SALTO Systems
Device/solution: Sigma Lite Product description: SALTO’s pioneering SVN platform provides standalone
Manufacturer/brand name: Morpho Access networked locking solutions. The XS4 2.0 platform incorporates the cutting
Distributor: Reditron edge design and advanced electronics that make it a technological power-
Product description: This reader is available with anti-fraud features like house. The platform is managed through SALTO ProAccess SPACE, powerful
fake fingerprint detection, duress finger and timed anti pass-back. The unit and user friendly software that can manage a range of locking devices that
is capable of 1:10 000 user identification in 1 second and supports Wiegand. can be online, wireless online or even offline with mobile capabilities.
It is IP65, allowing it to be mounted both inside and outside. The unit is also Applications: Online, wireless online and offline access control on
compatible with existing Morpho and Bioscrypt installations. virtually any door, combined with mobile access.
Application: Access control Integration support: Local and international support is provided
Integration support: Technical support, Morpho Biometrics as secondary (certified training, technical support, marketing material).
Contacts: Jacques Bester, sales@reditron.co.za +27 (0)87 802 2288, Contact details: Wouter du Toit, info.za@saltosystems.com,
www.reditron.co.za +27 (0)11 534 8489, www.saltosystems.com

68 Access & Identity Management Handbook 2017 www.securitysa.com


ACCESS SELECTION GUIDE

SALTO Systems SALTO Systems


Device/solution:
XS4 ONE
Manufacturer/
brand name: SALTO
Systems
Product
description: The
SALTO XS4 ONE
escutcheon is a
standalone lock
packed with
technology that
brings together the
convenience of an Device/solution: Long Distance Reader
offline point – easy Manufacturer/brand name: SALTO Systems
installation and no wires – with virtually the same kind of power Product description: This fast and reliable, long distance identification
and performance of an online point. XS4 ONE incorporates the solution automatically identifies user flow in any weather conditions
latest electronics on the market to offer security, usability, without having to present the card on the reader. It is available in a
flexibility and efficiency through a future-proof product that is 3 m and 7 m option. It can be used with a UHF\Desfire or Mifare combi
ready for new technologies that can provide additional card option, or with various transponders for windscreen or metal
functionalities. fixing.
Applications: Online, wireless online and offline access control on Application: Car parks, traffic management, free flowing vehicle access
virtually any door, combined with mobile access. control.
Integration support: Local and international support is provided Integration support: Local and international support is provided (free
(certified training, technical support, marketing material). certified training, technical support, marketing material, partner portal).
Contact details: Wouter du Toit, info.za@saltosystems.com, Contacts: Wouter du Toit, info.za@saltosystems.com,
+27 (0)11 534 8489, www.saltosystems.com +27 (0)11 534 8489, www.saltosystems.com

SALTO KS Keys as a Service SALTO Systems

Device/solution: Cloud based access control Device/solution: XS4 2.0 Controllers


Manufacturer/Brand name: SALTO Systems Manufacturer/brand name: SALTO Systems
Product description: Incorporating SALTO’s proven reliability and Product description: SALTO’s latest control unit makes it even easier to
stability in cloud-based access control, SALTO KS offers a solution ideal bring superior access control to a facility, thanks to the ability to control
for retail, with vastly better functionality and performance than a and manage multiple doors through one Ethernet connection and one
traditional solution. SALTO KS provides a flexible access control IP address. Extending SALTO access control benefits to all those doors
management system that requires no software installation or the added where a standalone electronic escutcheon cannot be fitted (electric
expense of a fully-wired electronic product. All that is needed is an strikes, magnets, barriers, elevators, turnstiles, etc.) is even easier and
online device with an Internet connection. more cost-effective.
Applications: Enterprise quality access control for SMEs, retail, rental Application: Online and offline access control.
properties and shared spaces, among others. Integration support: Local and international support is provided
Integration support: Local and international support (certified (free certified training, technical support, marketing material, partner
training, technical support, marketing material). portal).
Contact details: Wouter du Toit, info.za@saltosystems.com, Contacts: Wouter du Toit, info.za@saltosystems.com,
+27 (0)11 534 8489, www.saltosystems.com +27 (0)11 534 8489, www.saltosystems.com

www.securitysa.com Access & Identity Management Handbook 2017 69


ACCESS SELECTION GUIDE

Softcon Suprema
Device/solution: X-Station
Manufacturer/brand name:
Suprema
Distributor/supplier:
neaMetrics, ADI, Elvey and
various resellers
Product description: IP card/
pin-based terminal featuring
3,5” touchscreen LCD and
intuitive GUI for full-feature
access control and time and
attendance. Face detection
to record up to 5000 face
logs for extra security and
attendance records. Built-in
camera detects and captures
images of each entry to
Device/solution: CR391 card reader controller detect unauthorised access
Manufacturer/brand name: Softcon and payroll fraud. Card options include EM and Mifare/Desfire.
Product description: This card reader controller is 32-bit microprocessor- Application: Access control, building management systems,
based, designed to execute control of one or two doors, barriers, turn- CCTV and VMS integration, home, office and production automation.
stiles etc. Control of these doors could be via card readers (MAG, prox, Integration support: Developer API, software development
touch, barcode or Wiegand) PIN-pads or push buttons. The controller can integration support, open platform Wiegand, RS-485 (OSDP),
be used as a standalone unit or in an online PC based LAN system. integrated door control, integrated with major access control
Application: Access control manufacturers.
Contacts: Theo Olivier, sales@softconserv.com, +27 (0)83 390 6693, Contact details: Suprema Team, enquiry@suprema.co.za,
www.softconserv.com +27 (0)11 784 3952, www.suprema.co.za

Suprema Suprema
Device/solution: Device/solution:
BioStar 2 X-pass Series
Manufacturer/brand Manufacturer/brand
name: Suprema name: Suprema
Distributor/ Distributor/supplier:
supplier: neaMetrics, neaMetrics, ADI, Elvey
ADI, Elvey and various and various resellers
resellers Product description:
Product description: High-level security,
Cloud- and web- smart IP card-based
based open access control.
security platform for Ultra-compact
access control and design with
time and attendance. Power-over-Ethernet,
Easily integrate with third- party systems, IP65 rated for indoor and outdoor installation. S2 extras include
build new applications and functions into BioStar 2 using built-in adaptive heater for operation between -35°C to 65°C.
Web API, Device SDK and Web inlays. Features Cloud implementation Multi-smart card reading, including NFC. Fits into switch box
and updates, auto user synchronisation, automatic device mounting. Expanded capacity – up to 50 000 user badges and
discovery, anti-passback, fire alarm and BioStar Mobile for Android 100 000 event logs.
and iOS. Application: Access control, building management systems, CCTV
Application: Access control, time and attendance, office and and VMS integration, home, office and production automation,
business security. smart IP door/boom controller.
Integration support: RESTful Web API, Device SDK, Integration support: Developer API, software development integration
customised Web inlays, software development and integration support, open platform Wiegand, RS-485 (OSDP), integrated door control,
support. integrated with all major access control manufacturers.
Contact details: Suprema Team, enquiry@suprema.co.za, Contact details: Suprema Team, enquiry@suprema.co.za,
+27 (0)11 784 3952, www.suprema.co.za +27 (0)11 784 3952, www.suprema.co.za

70 Access & Identity Management Handbook 2017 www.securitysa.com


ACCESS SELECTION GUIDE

Turnstar Systems UTC Fire and Security


Device/solution:
Special Needs Gate
Manufacturer/
brand name:
Turnstar
Distributor:
Turnstar Systems
Product
description: The
Turnstar Special
Needs Gate is
designed to provide
an aesthetic and
secure entrance
control point. It Device/solution: TruPortal
allows for 180° Manufacturer/brand name: UTC Fire and Security
operation and Distributor: UTC Fire and Security
closes automati- Product description: Built for modern demands and applications TruPortal is
cally by means of an complete with smartphone applications for remote-based management, 64
integrated and hidden door closer. The solenoid locking mechanism is door/camera capability, simplified wizard-based installation, action
designed for secure operation and the gate is fitted with a courtesy red triggers and more. Its browser based functionality requires no server, licence
cross and green arrow LED light. or software and it integrates with TruVision for complete video capabilities.
Applications: Office receptions, libraries, gyms and any Application: Integration, access control, POE IP based access
commercial building Integration support: Web API, Wiegand, seamless with TruVision,
Contacts: Scott Davey, scott@turnstar.co.za, +27 (0)11 7861633, Onguard and Otis
www.turnstar.co.za Contacts: Randhir Seodutt, randhir.seodutt@fs.utc.com,
+27 (0)11 579 7300, www.utcfssecurityproducts.eu

Turnstar Systems UTC Fire & Security


Device/solution: Triumph
3 Full Height Single
Turnstile
Manufacturer/brand
name: Turnstar
Distributor: Turnstar
Systems
Product description:
A full height industrial
turnstile with heavy duty
bidirectional mechanism,
this turnstile is supplied
with a 5 year guarantee
and offers a fit and forget
solution. The Triumph 3 Device/solution: Lenel Onguard
is compatible with any Manufacturer/brand name: UTC Fire & Security
type of access control Distributor: UTC Fire & Security
system and is available Product description: OnGuard Access is a feature-rich access control appli-
in a number of different cation that includes a robust alarm monitoring module, plus built-in sup-
finishes, including stainless port for card technologies, biometrics and wireless access devices. It uses
steel. an open architecture designed to seamlessly integrate a full suite of security
Applications: Factories, warehouses, universities, stadiums and management technologies tailored to each customer’s specific needs.
construction sites Application: Access control
Contacts: Scott Davey, scott@turnstar.co.za, Integration support: Open architecture, video management, fire
+27 (0)11 7861633, www.turnstar.co.za detection, intrusion
Contacts: Alistair Thackeray, alistair.thackeray@fs.utc.com,
+27 (0)11 579 3000, www.utcfssecurityproducts.eu

www.securitysa.com Access & Identity Management Handbook 2017 71


ACCESS SELECTION GUIDE

ZKTeco ZKTeco

Device/solution: PB2000 Parking Barrier


Manufacturer/brand name: ZKTeco Device/solution: TS2000 Tripod Turnstile
Product description: With a cabinet made of SUS304 stainless steel, the Manufacturer/brand name: ZKTeco
PB2000 parking barrier’s boom prevents entry of unauthorised vehicles Product description: The TS2000 is a semi-automatic, bidirectional,
to restricted areas. It can be raised by the linkage between the gate bridge tripod turnstile. Offering a well designed, two-legged casework
and a remote control, access control system, long-distance reader or made of stainless steel, this series is ideal for sites where large flows of
number plate recognition system. The PB2000 has the option of 3, 4 or 5 people and robustness are issues. The TS2011 and TS2022 models have
metre boom length. ZKTeco controllers and readers built in.
Application: Access control Application: Access control
Contacts: Johannes Tlhabi, johannes@zkteco.co.za, +27 (0)12 259 1047, Contacts: Johannes Tlhabi, johannes@zkteco.co.za, +27 (0)12 259 1047,
www.zkteco.co.za www.zkteco.co.za

ZKTeco ZKTeco
Device/solution: ZK-D3180S Device/solution:
Walk Through Metal Detector TS1000 Tripod
Manufacturer/brand name: Turnstile
ZKTeco Manufacturer/
Product description: The brand name:
ZK-D3180S walk through ZKTeco
metal detector has 18 mutually Distributor: ZKTeco
overlapping detection zones Product
whose sensitivity can be description:
individually adjusted. With The TS1000 is a
an easy, modular assembly semi-automatic,
design, the metal detector bidirectional,
can be operational within vertical tripod
10 minutes from unpacking. turnstile. These
The unit comes with a 5,7” stainless steel,
display that automatically compact models
displays the user count and alarm offer high operating
count. reliability in a small casework, ideal for sites where space is an
Application: Access control, issue. In case of emergency, the horizontal arm will drop. The
security inspection TS1011 and TS1022 models feature built-in ZKTeco controllers and
Contacts: Johannes Tlhabi, readers.
johannes@zkteco.co.za, Application: Access control
+27 (0)12 2591047, Contacts: Johannes Tlhabi, johannes@zkteco.co.za,
www.zkteco.co.za +27 (0)12 259 1047, www.zkteco.co.za

72 Access & Identity Management Handbook 2017 www.securitysa.com


ACCESS SELECTION GUIDE

ZKTeco ZKTeco
Device/solution: LH4000
Mifare Hotel Lock
Manufacturer/brand name:
ZKTeco
Product description:
The LH4000 Hotel Lock is
manufactured specifically for
small to medium hotel door
installations. It works with
13,56 MHz Mifare cards that
are programmed for a certain
room for a certain period.
The door locks are set up via
programming cards from
the ZKBioLock Hotel Lock
Device/solution: ZKBioLock Hotel Lock System software.
Manufacturer/brand name: ZKTeco Application: Access control
Product description: The ZKBiolock Hotel Lock System is specially Contacts: Johannes Tlhabi,
designed to meet the needs of small to medium hotels, motels johannes@zkteco.co.za,
and bed-and-breakfasts. The system offers maximum security, +27 (0)12 259 1047,
individual style and low operation costs. This Hotel Lock System covers www.zkteco.co.za
comprehensive access control features in a user friendly interface.
Application: Access control
Contacts: Johannes Tlhabi, johannes@zkteco.co.za, +27 (0)12 259 1047,
www.zkteco.co.za

ZKTeco ZKTeco
Device/solution: LH5000 Device/solution: SKW-V
Mifare Hotel Lock Manufacturer/brand
Manufacturer/brand name: ZKTeco
name: ZKTeco Product description:
Product description: The SKW-V is an outdoor, IP65
LH5000 Mifare Hotel Lock rated, vandal-resistant
is a lock especially metallic RFID reader with
designed for the small to a backlit keypad. It has a
medium size hotel door built-in 12 V relay contact
lock installation. The which can be connected
LH5000 comes with an directly to a 3rd party
American standard electric lock. SMK-V also has
mortise with 5 latches. The a built-in Wiegand-Out port
lock gets programmed via which can be connected to
programming cards from almost any access
the ZKBiolock Hotel Lock control panel, including the
System. ZKTeco range of controllers.
Application: Access control Application: Access control
Contacts: Johannes Tlhabi, Contacts: Johannes Tlhabi,
johannes@zkteco.co.za, johannes@zkteco.co.za,
+27 (0)12 259 1047, +27 (0)12 259 1047,
www.zkteco.co.za www.zkteco.co.za

www.securitysa.com Access & Identity Management Handbook 2017 73


ACCESS SELECTION GUIDE

Zonke Monitoring Systems The Access Selection Guide


The Access Selection Guide could be called the non-biometric selection
guide. In this section we focus on all the products and solutions aimed
at the access control market, excluding biometrics. The result is a mix
of products organisations use in their access endeavours, from readers
accepting cards, tags and PINs, through to software designed to better
control and manage access to locations, through to the latest turnstiles,
handheld devices and other solutions, including a hosted system.
As one can see in the articles in the Access & Identity Management
Handbook, however, the industry is focused on offering integrated
solutions. This means that in the vast majority of cases users will make
use of a variety of access solutions, not standardising on one. At the
same time we are also seeing multi-factor authentication becoming more
popular in certain environments. For this reason, a few of the solutions
in the Access Selection Guide do include biometric features as users
Device/solution: SAM (Security Asset Manager)
may be granted access based on a card or a fingerprint, for example, or
Manufacturer/brand name: Key Systems Incoporated
a combination when entering highly secure locations.
Distributor: Zonke Monitoring Systems
All the information listed in these pages will also be online where
Product description: Control and monitor valuable assets using
one can search through the products, searching or organising them by
high security, electronically controlled cabinets. Assets are assigned
brand, type of product and more. It’s also worth remembering that the
to one or more users based on pre-determined rules. PIN user
Hi-Tech Security Business Directory is also available to find more informa-
access comes standard and many other access options are
tion, such as contact numbers and branch locations for hundreds of
available. The cabinets can be tailored to the client’s needs and
companies spanning the gamut of security operations in South Africa.
specifications.
Application: Electronic key and asset management
Integration support: API
Contacts: Hosea Malope, info@zonkems.co.za, +27 (0)11 880 1000,
www.zonkems.co.za

74 Access & Identity Management Handbook 2017 www.securitysa.com


ELECTRONIC LOCKS

Electronic locks are the new black


By Andrew Seldon.

The use and versatility of electronic locks is growing and gaining


traction in more organisations.
According to an IHS report from July 2015, expensive wiring and can provide solutions associated with conventional access control
electronic locks are one of the fastest growing where conventional access control is just not systems.”
segments of the access control industry. The feasible or is too cost prohibitive. A digital cylinder lock is the conversion of a
research group predicted that the market for “It is proven globally that electronic locks are standard mechanical cylinder into an electronic
electronic locks would be over $1 billion globally less expensive, need little or no maintenance, are cylinder, in which the key is replaced with an
in 2015, divided over three categories: mecha- quicker to install and offer more solutions in all RFID card. Mechatronic cylinders use the existing
tronic, electromechanical and digital cylinder. verticals,” he explains. “They can work in a single mechanical cylinder, but create an electronic-
Moreover, electronic locks are expected to door environment or in major projects with mechanical key with a built-in RFID chip.
continue their growth pattern, clocking in a CAGR thousands of doors. Adding these devices to “Our solutions are based on using the
(compound annual growth rate) of 3.8% to 2017. existing systems is also very easy and the disruption mechanical lock in the door, and when it comes
In the report, Blake Kozak, principal analyst to the business is minimal because most of these to the cylinder, replacing it with an electronic
at IHS notes, “Although electronic access solutions install in under 30 minutes.” cylinder. Using mechatronic cylinder locks gives
Riaan Erasmus, Aperio product manager at you the high security required and the mechanical
control solutions remain expensive, more
ASSA ABLOY agrees, noting, “We see more and cylinder replacement is inexpensive, but the
end-users are seeing the value of being able to
more channel and end users using these locks. electronic keys used are very expensive,” adds
control access rights securely and efficiently,
These locks are not only price competitive, but Du Toit. “The problem with keys is that when you
monitor door status in real time, create audit
also provide an aesthetically better looking lose this key, it is also expensive to replace.”
trails and the ability to lockdown all doors
solution, all locks and cables are not visible to
immediately in the case of an emergency. As
the naked eye (cables run inside the door and Electronic lock security
a result, electronic access control solutions
then through the door frame into the wall).” Readers will notice that a common trend
are still forecast to have stronger growth rates
As noted above, electronic locks is a title throughout the Access & Identity Management
than mechanical globally from 2013 to 2017
that covers a number of different types of Handbook is that of the security of our physical
both in terms of revenues and units.”
devices. Erasmus explains that ASSA ABLOY security equipment. In a growing Internet of
In addition, IHS forecasts that by 2019,
systems are broken into primarily its magnetic, Things (IoT) world, security products are generally
electronic locks will exceed the revenue of both
strike and electromechanical ranges of locks. unprotected from cyber attacks (although this is
the readers and panels market, making it the starting to change), creating a vulnerable point
largest segment for electronic door access control. Different types of locks for criminals to either gain access to a premises or
What is happening in the local market with Du Toit explains further. An electromechanical via a connected lock, to the network.
respect to electronic locks? Are we seeing a locks is a combination of a mechanical lock Du Toit admits there is always the perception
similar growth curve? Salto Systems’ Wouter and an electronic strike, this lock can be use in that data can be compromised or stolen from
du Toit says Salto has seen strong growth in both standard mechanical configuration an electronic device, but Salto’s data-on-card
the South African and African markets over the or by running a cable to it and using the provides more secure access functionality
past couple of years. He attributes this largely strike driven by an output. “This is, how- because the user’s access plan resides on
to educating the end user, architects and ever, a very expensive type of lock that still their card. “It allows standalone wireless locks
consulting engineers and demonstrating the requires cabling, but provides better security to read, receive and write information via an
flexibility of these solutions, which don’t need because of its location in the door. It is typically encrypted and secure data-on-card system

www.securitysa.com Access & Identity Management Handbook 2017 75


ELECTRONIC LOCKS

that uses the capabilities of RFID read/write Du Toit, however, says battery power is not a securely. No information is stored in the cloud
technology.” real concern. Salto allows for up to 40 000 open- that could compromise the security of the
In the Salto Virtual Network (SVN), all access ings on a single device and the battery status lock. The company runs its own Salto private
data is stored on and distributed by its operating is written back to the system for maintenance cloud for Salto KS. “We’re talking about a 100%
smartcard. When presenting a smartcard to reporting and support. When the unit gets to the owned cloud as a result of Salto’s acquired
an SVN standalone door, not only does this last 1 000 openings it will visually warn each user knowledge and expertise.”
control access rights to that door, but thanks that enters as well as the system administrator. If A supporter of cloud technology, Du Toit says
to two-way communication, the door also all warnings are ignored, there are also PPDs and advances in cloud technologies allow function-
writes data like blacklist information or battery portable battery packs that will power the unit alities that were previously impossible to be
status back to the smartcard. “The smartcard from the front to allow for battery replacement. implemented, including multi-site location and
then transmits this information back to the “Some clients do opt for a mechanical key connected services, as well as CCTV integration
server via online wall readers that are able to override,” says Du Toit, “but this adds more cost with a cloud-based surveillance solution.
update and receive information from the cards to the system and then you have the problem The ranges of both Salto’s and ASSA
anytime and anywhere in the building. When of managing the keys.” ABLOY’s electronic locks are suited for a variety
the lock is wireless online, we can also receive of industries and uses. The companies have a
the data through the wireless network.” Cloud control great deal of experience in the access industry
Another concern, already mentioned in this As cloud or hosted access control grows in the and have therefore designed these systems
publication is that of battery power. One does market, it would make sense for organisations with a view to integration with other systems
not want any hold-ups because the battery on to manage their electronic locks via a cloud- which are able to drive the locks according to
an electronic device has failed and you have to based access management system, or larger the processes developed and approved by the
wait for someone to arrive and open the door security management system. Erasmus says this organisation.
or change the batteries. isn’t a problem because his company’s locks can
Erasmus notes that ASSA ABLOY locks have the work with almost any access control system. For more information:
cylinder-override function, which allows for the Salto’s electronic locks are also cloud ASSA ABLOY: www.assaabloy.com
door to be opened manually if the batteries do fail. driven, but Du Toit says they use the cloud Salto Systems: www.saltosystems.com

Keyless connected smart lock


Safety first is key, whether at home, work or school. The Yale Handsfree
Video Intercom system has a 4.3-inch LCD monitor allowing full colour
visibility and clear audio identification of visitors at your door or gate,
before you let them in.
The system is easy to install and can be connected to a gate motor
or electronic lock, using the gate release function to control access. At
the door station, audio and visual notification happens automatically when
a visitor presses the pushbutton on the gate station. The selected
melody sounds and clear footage is displayed automatically on the
colour monitor, in 420TVL resolution with a horizontal viewing angle
of approximately 78° wide, from the gate stations 3.6 mm built-in outdoor conditions. And from the inside, the monitor offers a choice
camera. The homeowner can then decide at a push of a button to of 16 selectable call melodies while volume, brightness and contrast
activate two-way communication or to simply press the release trigger are also fully adjustable. For fitment convenience, the unit is supplied
button for their gate or door. with a 12 V 1 A power adaptor, premade 10 m audio/video cable,
For night vision you need not worry either as integrated LEDs in the additional connectors for users that need to make up longer cable
gate station ensure that additional illumination, when ambient lighting lengths, mounting brackets, release connectors and fixing screws.
is poor, guarantees optimum night vision right down to 1.5 Lux. Coupled
with the units rain shield, the gate station achieves an IP54 rating For more information contact Yale Security, +27 (0)11 781 9110,
ensuring that the unit to be suitable for both covered and exposed za.yale.info@assaabloy.com, www.yalelock.co.za.

76 Access & Identity Management Handbook 2017 www.securitysa.com


IP ACCESS CONTROL

IP’s access control capture


By Andrew Seldon.

IP delivers many benefits to the access market, but it’s a case of slow
and steady wins the race.
Unlike the surveillance market, the access con- recent acquisition of Impro shows this is the building or security system will be judged on
trol sector of the security industry is not known beginning, not the end, of consolidation in our the solution it offers for the price: How much
for constant innovation – not that it has been market as the global players look to acquire bang for your buck from a single source.”
resting on its laurels. Perhaps this is because new technology or buy market share.”
the concept of controlling access to a building Brian Wynberger, national technical manager Benefits of IP
or campus has always been a fairly standard at Reditron, adds, “the move to IP can be If users are to migrate to IP, they first need to
process. Over the past couple of years, how- attributed to a few reasons: the utilising of understand the benefits they can obtain and
ever, the industry has followed the surveillance existing cabling infrastructure makes sense why the move is worth the effort. Too many
market in making the move to IP-based access economically, eases installation and enable easier companies have been taken in by the promises
control, but without the fanfare we hear from integration of security systems.” of new technology, only to find they fail to
the CCTV world. Taking a somewhat more philosophical deliver when it counts, or that simplicity or
The move to IP could be seen as a natural approach, John Loudon, brand manager for other benefits expected are not realised.
evolution, or perhaps the requirement to more access control and fire at PinnSec, notes that IP technology enables the integration of an
easily integrate access with other security as well all access control systems (ACS) have always existing security system, which might consist
as building management systems. The integra- incorporated an element of IP in them, even if it of CCTV, access control and intruder alarm into
tion of access control and video surveillance is a just a basic server/client environment. “Most of a single user interface platform, says Drayton.
popular example of this. With everything running the popular ACS in Africa provide IP connectivity “However, the proprietary cabling and protocols
on the same network, management becomes between all their components and promote this for legacy systems makes this almost impossible or
simpler and the skills required for maintenance IP option as the preferred configuration. I do not at the least hugely complex and expensive. Today,
and repairs are also consolidated. And, of course, think any one company dominates the move to there are many integration options for installers to
the ability to host your access solution in the cloud IP, but I enjoy the perceived competitiveness IP use. For example, all Paxton integrations are
is also simpler. Of course, this is not completely has brought the ACS industry.” available free of charge, while most of the market
dependent on simply adopting IP as your base He is of the opinion that the move to IP is still charges, further delaying their adoption.”
infrastructure, but it helps. being driven by current entrenched players that Echoing these sentiments, Wynberger says
In a ‘pure’ IP access controlled solution, the can offer the best of both worlds (IP and other- having your security system of CCTV, access control,
idea is that more functionality is also to be found wise). Newcomer solutions seem to offer IP only fire and intruder operating in an integrated
in the reader/controller, once again expanding and the African market may still have some trust solution is undeniably useful, and “this is what IP
the scope of the access control system beyond issues regarding redundancy when it comes to technology has enabled”. For example, he says
simply allowing someone through a door or relying on an exclusively IP solution. “People like Reditron can now supply customers with a fully
not. While it is fairly clear today that IP is the and trust what they know and IP networks in integrated Avigilon, Paxton, and ViRDI system
future of access control, Hi-Tech Security Solutions Africa contend with a set of issues not commonly working as a single seamless solution.
asked a number of people active in the industry experienced in First World environments. I would As access control does not consume
locally for their take on how the African market is imagine this could be an issue for newcomers with bandwidth like a CCTV implementation does,
moving (or not) to IP. Are we about to see a mass an IP only system.” it is simpler to implement access control on
migration or a more conservative approach? However, he does add that Africa is starting the same network as the e-mail, Internet and
to trust IP reliability, understand the ease of business systems. Loudon says this also means
Consolidation or not implementation and although IP equipment is the user’s IT department can take ownership,
Dan Drayton, Paxton’s country manager for slightly more expensive, it is a lot less costly on provide first line support and have total control.
South Africa believes the launch of global the labour and implementation side. Loudon “Sometimes the challenge is getting these
companies such as Paxton into the South does not expect IP to be a big integration IT departments to accept responsibility and
African market in recent years has helped drive driver; however, expecting integration and ownership for yet another business process.
the change to IP, making some of the domestic multi-faceted solutions will eventually dominate In my opinion, it is a major benefit for an
brands move quickly to bring their own IP the environment because that is what customers installer/integrator to pass the database and
solutions to market. Moreover, he says, “the demand. “We believe in the very long term a Continued on page 80

78 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 79
IP ACCESS CONTROL

Continued from page 78 attendance, which in turn influences the access


networking infrastructure maintenance to the control system. Therefore, for example, when
client’s IT department. The installers can then you put in leave on the self-help payroll system,
concentrate on what they are good at, install- you will automatically be denied access onto site
ing security solutions.” by the ACS. Should you be black-listed on the
An IP installation is much simpler than payroll, you will be arrested when trying to gain
traditional infrastructure, he explains, as the access on-site. Maybe the South African
rules are the same for any IP system. In the universities should adopt this functionality.”
past, many access control systems used the Yet, while integrating access silos may
RS-485 communication infrastructure and seem like a good idea, using IP as your basic
had their own preferred tweaks to the rules infrastructure also raises the question of cyber
of RS-485 to enable optimal communication attacks, or hacking.
performance for their specific system. Not only “We have to accept that having an inter-
did this hinder the integration process, but also connected system with common protocols on a
the interoperability of different brands. single network does expose our security system
to the potential for cyber attack,” says Wynberger.
Integration delivers value Brian Wynberger. “However, manufacturers all have their own
It is a common refrain that IP allows for systems encryptions for managing their hardware and
to be more easily integrated and managed. software so that customers can feel secure.”
Drayton explains that each of the disciplines in Drayton adds that one cannot rule out the
the security industry has a clear value proposition, be possibility of being attacked, but the greater
that recording events and the analytic potential threat to a building’s integrity is the quality of the
of CCTV, prevention of unauthorised access with system used. “Many buildings still utilise low-cost
access control, or multi-layered intrusion detection. solutions, where the door control hardware is
“It is undeniably useful for these systems to housed in the reader, which can make the system
operate seamlessly in a single user interface vulnerable to a security breach. We would always
where the event in one system triggers an event, advocate a client to install a system built on a
an alarm or an action in another.” door control backbone, with readers attached to
This can be achieved at very low cost with a provide the highest quality solution.”
Hikvision or Dahua/Paxton integrated solution Loudon agrees, “Like all IP-based systems,
for example, or in a much more feature-rich your IP access control system is equally likely to
way when you explore the possibilities of be corrupted by cyber issues as your VoIP (voice
integration with a VMS solution from a brand over IP) or any other IP system. The important
Dan Drayton.
like Avigilon, NUUO or Milestone. As we bring thing is the way these IP systems are managed.”
in further functionality, such as T&A (time and a cost-effective solution that satisfies legal When considering the move to IP-based
attendance), customers can start to build a requirements on a multi-discipline level will access control, there are many benefits to offer
system that really works for them rather than dominate. Some manufacturers are already users. The conservative nature of the physi-
finding them complex and not fit for purpose. moving in this direction.” cal access control industry, however, will see
Wynberger adds that education is critical, but the uptake of IP remaining steady, but slow.
professional security installers and integrators are Digital convergence? There will be continual growth of the number
actually very well educated on IP through widely As access moves to IP, the potential for further of IP systems installed over the next few years,
available training programmes and their desire value add is there in integrating all physical partially because of the integration benefits
to add greater value to end customers. Drayton access functions with logical access. With one’s IP delivers. The benefit of IP is that customers
supports this saying Paxton’s nationwide free credentials stored in an enterprise directory, are not forced to go with major upgrades and
training is helping installers and integrators to for example, logical and physical access can be can migrate when necessary and convenient,
better use IP technology, showing them all they controlled from a central point. mixing and matching as they go and creating
need to know to install, setup and maintain a Loudon says one would expect these hybrid solutions. It is these hybrid solutions we
Net2 system for the benefit of their customers.” traditionally independent access functions to will see dominating the market in future.
While the idea of integration is the buzz in the be merged, but this is generally not the case. The key to moving to IP-based access control
market at the moment, IP conformity, like using There have been converged physical/logical is control: your management of the system and
HTML for a website, has allowed for integration solutions on the market for some time, but the its integrations will determine the success of
between different disciplines to be easier than uptake has not been dramatic. the project in the long term. And, of course,
ever before, agrees Loudon. He believes a reliable “I only know of one site in South Africa that refraining from opting for the cheapest product
system that combines multiple disciplines (access will not allow you to log into your computer on the market that is offered with a full basket
control, people and time management, CCTV, unless you have first clocked on at the reception of promises but only delivers problems.
PA, EVAC, intrusion and basic IO BMS) and that is T&A clocking point,” Loudon says. “However, most
affordable will eventually dominate the small to of the time this is an impractical function as many For more information:
medium market sector. In addition, he says, “As of us like to work from home occasionally. With Paxton: www.paxtonaccess.co.za
legislation starts to dominate and influence even respect to time management, there are several PinnSec: www.pinnsec.co.za
the smaller companies’ way of doing business, sites where the payroll influences the time and Reditron: www.reditron.co.za

80 Access & Identity Management Handbook 2017 www.securitysa.com


TURNSTILES

A turnstile for every


requirement
By Andrew Seldon.

Turnstiles are a versatile and reliable tool in an


organisation’s access control toolkit.
We often see turnstiles when entering buildings
and venues of various sorts, and even some
supermarkets, but turnstiles are much more
than the old metal bars that clanked every time
someone pushed their way through. While still
performing their basic function of controlling
access, turnstiles have evolved to take their
place in the technological world we live in
today.
Hi-Tech Security Solutions asked local manu-
facturing companies Turnstar Systems and Rossouw says there are two
BoomGate Systems to tell us more about what ways technology is used today.
turnstiles they offer and what goes into making “We use technology like laser
these access control devices. cutting, robotic bending and
To start with, we asked about the specific robotic welding to manufacture
turnstiles the two companies produce. Craig our turnstiles; we then use
Sacks, CEO of Turnstar Systems explains that electronic technology to control
the company manufactures turnstiles in an the system.
ISO 9001:2015 certified factory, which ensures “About 90% of today’s
a quality product. “Turnstar turnstiles use the turnstiles are controlled with
latest electronic controllers with an extremely biometric readers. We can also
reliable, tried and tested solenoid operated use breathalysers in mantrap
locking mechanism which is guaranteed for turnstiles to prevent persons
five years, irrelevant of usage. entering a site if they are over
“The turnstiles are available in a number the legal alcohol limit. We can
of finishes, including powder coated mild steel, also deliver systems that use
hot dip galvanised mild steel and cameras to ensure legal entry, as
304 and 316 grade brushed stainless steel – the well as smart cards.”
galvanised and stainless steel finishes being three-arm or four-arm, glass, metal (mild steel Understanding the importance of integration
the best option for corrosive environments. or stainless steel); in today’s world, Sacks states that Turnstar
For customers who are more security conscious, • Half-height turnstiles: double and single, turnstiles will work with any type of access
the turnstiles are available in four-arm con- three-arm or four-arm, glass, metal (mild steel control system and are fitted with a pro-
figuration, while for customers who need a or stainless steel); grammable logic controller that enables the
bit more comfort (even though the security • Waist-height turnstiles: double and single, customer to carry out diagnostics, and which
level decreases), a three-arm configuration is three-arm only, glass, metal (mild steel or simplifies the installation. “Turnstar’s factory
available.” stainless steel). is geared up to manufacture reader mounting
Sacks adds that Turnstar’s products are Rossouw adds that BoomGate has a new brackets for the integration of the many
used in a wide variety of industries, including range of turnstiles which are similar to the old readers available on the market.
factories, warehouses, gatehouses, commercial models, but have better electronics and offer “Turnstar manufactures a full range of full-
estates, universities and on construction sites. more security. The new models are also stronger. height, half-height and waist-height turnstiles as
“Our turnstiles are used to control the These systems are used in many markets, including well as single reader turnstiles and speed gates.”
movement of people in and out of areas and mining, industrial, stadiums, universities, schools, BoomGate’s range includes the Twister,
also to prevent unauthorised entry and also gyms, rest rooms, casinos, theme parks and any Tornado, Hurricane and Cyclone models.
to ensure that the correct person is entering area that needs access control.
the premises,” says Sandy Rossouw, general For more information contact:
manager, BoomGate Systems. The company Turnstile technology Turnstar Systems: www.turnstar.co.za
produces a range of turnstiles, including: When it comes to the technology used in the BoomGate Systems:
• Full-height turnstiles: double and single, manufacturing and operations of turnstiles, www.boomgatesystems.co.za

www.securitysa.com Access & Identity Management Handbook 2017 81


TURNSTILES

Best barrier practice on


residential estates
Craig Sacks, CEO of Turnstar discusses the various physical
access barriers available to estates and other secure
environments.
Keeping unwanted visitors out of residential
estates can be tiresome and frustrating. Given
the fact that humans are fallible, technological
intervention is required to ensure enhanced
security. Craig Sacks, CEO of ISO 9001:2015
accredited Turnstar discusses the various
physical access barriers available to estates
and other secure environments.
Access control in residential estates can
be divided into vehicular control and
pedestrian control. The ideal is to provide
heightened security measures, without
causing unnecessary aggravation to residents
due to delays instituted by the access control
system.
Not all visitors arriving at a residential
estate will be in vehicles. Examples include
estate employees and employees of residents.
Controlling pedestrian access into an estate
will typically include the use of turnstiles.
Sacks explains that a number of external and
internal options are available, with varying
levels of security. Turnstiles are preferable
to doors, since they can limit the number of attendance, such as is required
people who can enter and exit on each for estate employees, a version
presentation of a credential. In addition, one with integration to a biometric
can control the direction of passage. reader is suggested. Turnstar’s
Using the Turnstar range to illustrate best Tribune turnstile requires the
practice, he says there are turnstiles designed input of biometric data in
specifically for internal use and which blend mid-rotation operation in order
in with the ambience of the interior. These to facilitate the full opening of
include an automatic motorised half height the turnstile.
glass turnstile which is suited for applications
requiring medium volume access and medium Materials and
levels of security and, due to its aesthetics, is construction
ideal for prestige installations. Two full height In all instances, Sacks recom-
turnstiles, contained in either octagonal or mends a number of standard
curved glass, provide a higher level of security, features to ensure extended
with a pressure mat preventing entry from the longevity and reliable operation.
wrong direction. The material of construction is
Turnstiles that can be used either internally important, specifically where the
or externally include a half-height option turnstile is being used outside.
that provides a low visual barrier, as well as a All steel used to manufacture
three-quarter height version which is suitable the frame and arms should
for high volumes and which provides medium be certified to recommended
security levels, ideal for operating under SABS levels and where possible,
severe conditions. A number of full-height should be corrosion resistant.
turnstiles provide varying levels of security Components should provide
for high volume areas. For added time and minimised maintenance to

82 Access & Identity Management Handbook 2017 www.securitysa.com


TURNSTILES

guarantee maximised uptime and continuity is capable of withstanding harsh environmental


of operation. A self-lubricating mechanism is conditions and which should be unaffected
advised. by dust, dirt and moisture. The base should be
A number of safety and security features mounted in a concrete base of 450 x 450 x
should also be included in the design and 450 mm deep at 20 MPA. It should be lockable
manufacturing of a turnstile. Examples are a by padlock in both the open and closed positions
mechanical key override, a self-centring and should have rubber buffer contacts in both
rotation which allows the turnstile arm/s to positions. Automatic traffic booms should
return to the start position after every rotation, contain an infrared transmitter and receiver
an anti-trapping system which means that or loop detector to ensure that they do not
should one lose power to the system there mistakenly close on a vehicle.
will be no mid-rotation locking or trapping of A second vehicle barrier option is the tyre
people, battery backup for continued operation spike, which is available in a standalone version
and an anti-reverse system. or in conjunction with a traffic boom, and
In addition, turnstiles should be able to which can be surface mounted or recessed. The
seamlessly integrate with popular access standalone version is ideal for medium volume
control and time and attendance systems access and high levels of security and allows
for enhanced security and management uni-directional traffic flow. The combination
of visitors, residents and employees. By spike/traffic boom alternative is designed for
providing a self-validation function, using high volumes of traffic and security levels, with
barcodes, magnetic stripes, PIN codes, RFID bi-directional traffic flow facilitated.
or NFC cards and biometrics, the burden Durability and strength should be
on security guards is lessened, allowing hallmarks of spike barriers and in the case of
them to concentrate on their primary job the standalone version, a heavy-duty spike
function. return mechanism is necessary. Each spike
Turnstiles should have the ability to be should be linked to its own spring return
programmed to default to either fail-safe or mechanism, thereby minimising the risk of
fail-secure operation on loss of power. Fail-safe an aided escape. The automatic spike barrier
unlocks or opens the turnstile and it remains requires an ultra-heavy-duty electromechanical
open for free flow of pedestrians without mechanism and heavy-duty deep groove ball
authorisation. Fail-secure means that the bearings. The tension spring counterweight
turnstile remains locked when the power fails, system should be self-lubricating, with an
thereby disallowing entry or exit through that industrial plastic bush. A double buffered
entrance. Typically, one would set the system mechanism will allow decreased mechanical
to fail-secure for entry and fail-safe for exit, stress, resulting in longer operational
preventing people from entering the estate but life.
allowing people to leave the estate. To ensure maximised safety levels, there
should be a three-stage opening and closing
Vehicle access procedure whereby the vehicle driver is unable
Vehicle barriers are now ubiquitous in resi- to drive under the barrier arm before it is raised
dential estates and in addition to serving as and the spikes have been fully lowered. The
an immediate deterrent to criminals, they opening procedure therefore entails – spikes are
create a choke point and allow security guards lowered, barrier arm raises, traffic light changes
to acquire visitor details and conduct vehicle to green and vehicle drives through. Closing
searches where necessary. These barriers can be procedure – traffic light changes to red, barrier
both manual and automatic. arm descends and spikes are raised.
Most commonly used at residential estates The choice of pedestrian and vehicle barrier
is the traffic boom, which can be manually is dictated by the specific requirements of the
lifted by the security guard or opened estate in terms of security levels required,
automatically by the guard using a pushbutton, volumes of traffic and the attendance or
RFID/NFC card or token or a keypad. These non-attendance of security guards. In all
methods can also be facilitated by a third party instances, Sacks recommends that Homeowner
(resident, contractor, employee or visitor) and Associations visit previous estate installations
the deployment of a biometric fingerprint completed by the supplier or installer and
reader adds another dimension which can be ensure that the systems are manufactured to
used by the third party. the highest quality standards.
Sacks recommends the following as
prerequisite elements when selecting a For more information contact
traffic boom. The stand, base and arm should Turnstar Systems, +27 (0)11 786 1633,
be manufactured from heavy-duty steel which craig@turnstar.co.za, www.turnstar.co.za.

www.securitysa.com Access & Identity Management Handbook 2017 83


KEY MANAGEMENT

Ergonomic design delivers


practical benefits
By Fernando Pires, VP sales and marketing, Morse Watchmans.

Ergonomics was fundamental to Morse Watchmans’


key control and management design.
As early as the 18th century the workplace has been Ease of use
studied as it relates to the worker. Fast forward to the On the physical level, security key cabinets are
21st century and the principle is still being studied, designed to offer the flexibility needed for installation
but now under the broader name of ergonomics. at almost any height that allows for the user to easily
The word ergonomics originates from the Greek reach the cabinet and interact with it. A slanted
word ergos (work) and nomos (natural laws). In an console provides a natural viewing angle and makes it
ergonomic workplace, tasks and tools are designed easier to swipe a card or use fingerprint identification
to fit individual capabilities and limitations so to access the key cabinet. Once the cabinet is opened,
people can do their jobs with greater comfort and the requested key location is illuminated so the user
convenience, and without being injured. More can easily identify it. Both larger touch screens and
broadly, ergonomics can be applied to optimise audio prompts help make the interaction faster and
larger systems like resource management, work more convenient and can help improve productivity.
design, human-machine interfaces, etc. within the
organisation (hence the term ‘organisational Productivity / performance
ergonomics’ from http://ergonomics.about.com/ Keys are attached to a fob that features an identification
od/M-R/g/Organizational_Ergonomics.htm). microchip and a stainless steel locking ring. The security
When Morse Watchmans was first making its way key fob fits into a cabinet key slot and, critically, auto-
into the security industry with an automated key matically records all access activity. No more time spent
control and management system, ergonomics was manually recording key activity. The recorded data lets
fundamental to its design. We studied how people authorised users more easily determine who has keys
of all shapes and sizes would use the device to make out and when they are scheduled to be returned;
sure the display was properly positioned for correct meanwhile, instant email or text alerts reduce the
viewing; that actual key access was swift and unen- burden on management even further, letting them
cumbered; and when two or more cabinets were know an overdue key or when it has been returned. And
installed that the door openings were uniform. of course, key inventory systems with integrated tracking
These particular findings, along with a multitude can help prevent lost keys and reduce vulnerabilities –
of other tests and studies, were used to develop a key not to mention wasted time and user frustration.
control system that encompasses four main principles
of ergonomic design; those being safety, ease of use, Aesthetics
productivity/performance and aesthetics. Following The aesthetically pleasing key cabinet with its visual
are the benefits of smart key control systems that display of organised key placement is far more
align with these ergonomic design principles. appealing than a messy box of keys. Cabinets are
designed for horizontal or vertical placement and
Safety multiple units can be precisely installed to maintain
It goes without saying, but misplaced keys and lost a professional appearance. System maintenance is
assets can compromise the safety of the individual. also considered in the design, which allows servicing
To this end, a vandal-resistant cabinet design helps of the unit to be accomplished with minimal
security personnel ensure that important keys are safe disruption and/or disassembly.
from unauthorised access, while stainless steel locking These and other benefits of key inventory
rings add to key security by deterring tampering. The systems are cumulative, helping make life easier for
design is complemented by an on-board alarm system users, while also supporting the company’s activities
that will sound if the cabinet itself is tampered with or and reducing the risk of losses. All of this is welcome
if incorrect codes are repeatedly entered. news for the business itself – who says good design
Access to the cabinets and to individual keys is con- can’t support good economics?
trolled at all times, and every key is accounted for. When
networked, a firewall and AES256 encryption technology For more information, contact Morse Watchmans,
for data exchanged between the cabinet and the server +1 203 264 4949, morse@morsewatchman.com,
help protect the system and the organisation’s assets. www. morsewatchmans.com.

84 Access & Identity Management Handbook 2017 www.securitysa.com


VISITOR MANAGEMENT

Managing visitors and contractors


By Andrew Seldon.

Visitor and contractor management has become more important than


ever, and it is also much simpler.
Accessing gated communities and campuses, implementation is too onerous to the operator which can read vehicle licence discs, drivers’ cards
be it business, government or residential, has or too inconvenient to residents.” and which can also ask customised questions.
become a key point for newer access control He says the process of pre-authorisation, • The scanner should incorporate a way to record
technologies. But while it’s relatively simple to ensuring the person is meant to be coming proof that the visitor has given permission
grant access to residents, employees, students onto site at that time, scanning of a driver’s for their details to be recorded and stored for
and people who need to be on site every day, licence in order to capture accurate identity health and safety compliance. This can be done
visitors and contractors are a different matter. details, and scanning the vehicle licence to using a fingerprint as a digital signature as well
Visitors to restricted areas need to be given capture the registration number as well as as a traditional signature on the touch screen of
access quickly, but not without some form of make and model of the car, is a good start. the device.
security beyond the infamous ‘visitors’ book’. “It is, however, important to note that • The scanner should be able to store information
Many companies have developed electronic different sites may want something a little in offline mode so that in the event of connec-
access systems, ranging from simple intercom different. A logistics company may want to tivity downtime it can continue operating.
solutions that expect someone to allow scan the barcode on the security seals of all the • The system should offer live ID checking to
people access and take responsibility for vehicles leaving their site, or another company ensure accurate visitor screening and to deter
them, through to more complex systems that may want to capture the odometer reading of fraud.
capture identity information of visitors – some all their internal fleet vehicles whenever they • Information should be stored in a managed
requiring pre-registration. are leaving,” he says. “The flexibility of the PoPI-compliant environment – preferably in
Hi-Tech Security Solutions investigates what solution is therefore also important.” the cloud.
solutions there are for visitor management, Mark Paynter, head of business development • Visitor information should be readily available
how they work and how easily they slot into at Ideco expands on this, noting that visitors in a searchable and indexed format, to
the security processes of business parks, should be recorded in a manner which is quick authorised management, via a readily
residential estates etc. and simple so that the process is optimised available web portal interface or mobile
When considering what the optimal and efficient with minimal delays for visitors app.
method/process of managing visitors to a and minimal complications for the guards. The • For health and safety purposes the system
location is, there are naturally many different process also should process and record visitor should offer the ability to quickly check how
opinions. GateBook’s MD, Grant Hancock information in a PoPI-compliant manner. many visitors are on the site at any given time.
says we need to balance security against Over many years of piloting various • The system should record a visitor’s mobile
convenience and the hassle factor. “It’s electronic visitor management solutions, he phone number so that visitors are easily
possible to implement a highly secure solution says Ideco has found the following to be the contactable in the event of an emergency.
today that falls over in a few months, not simplest, yet most reliable: • It should offer the ability for authorised
because the technology fails, but because the • A battery powered handheld mobile scanner personnel to ‘prebook’ selected visitors online

www.securitysa.com Access & Identity Management Handbook 2017 85


VISITOR MANAGEMENT

which requires minimal IT capability and which


leaves virtually no room for error.”

Preparing for PoPI


It should be common practice that a company
holding personal information, such as identity
data, should automatically have the processes
in place to keep this information secure. For
those that do not, the PoPI Act (Protection of
Personal Information Act) will soon make it a
legal necessity.
Many people assume PoPI refers only to
data collected electronically via licence
scanners and similar devices. The reality is even
the old visitors’ book is a source of personal
information, assuming visitors enter their
Mark Paynter. John Powell. details correctly, and needs to be handled with
the appropriate care.
so that they can be processed with minimal use, yet it must also have certain security Powell explains that it is important to make
delays at entry to the premises. functionality to ensure the information use of PoPI-compliant security companies and
• The system should offer the ability to blacklist collected is accurate and stored safely. systems. Stringent regulations and processes
or flag unwanted and high-risk visitors in real “We are handing over one of the most are required to safeguard the information
time to minimise the potential security risks important functions of our security to guards gathered. Since identity theft is rife, this
to the organisation. that may not be very technology savvy,” notes information must be stored securely.
• The device should be robust, yet easy to use. Hancock. “Not only that, but when there is a “PoPI requires that all reasonable steps are
shift change or a guard is swapped out for the taken to store this information securely, and
Access control integration night, it must be easy for the new guard to pick that only the relevant information is stored
According to John Powell, CEO of Powell Tronics, up where the previous one left off. and only utilised for the purpose for which it
the methods of controlling access to residential “The key is to keep things simple and have was obtained and that it is only stored for as
estates and business parks are very similar. They a clean step-by-step process for the guard to long as required/stipulated in the sites rights
should ideally be undertaken with a system that follow. Keep each page clear and uncluttered of entry,” Powell says. “It is essential that access
checks and records the credentials of any person for the guard to follow only a simple instruction. to this information is password protected and
entering the premises. The details of the vehicle GateBook follows this philosophy in all its access to this information is only available
being driven also needs to be linked to the driver. software, it is made very clean and clear at the to those that require access, such as security
This can be done via several commercially user end, and all the intelligence is handled in managers and or approved members of the
available systems. However, for this to be effective, the cloud and behind the scenes.” body corporate.
linking this to the estate’s access control system Training is key to making any system work, “A necessary rider is that access to this
being used by the residents is a huge advantage. says Powell. “Even with the visitors’ book, one information is available only when it is required
“Linking the vehicle and driver to the person or needs to have a literate guard in place. Since for security purposes, for instance, when an
company being visited is first prize.” there is often a high turnover of guards, it is incident has occurred. The best place to store
When the person being visited can register essential that the security manager responsible the information is in the access control data-
a visitor online and a one-time PAC (personal for the estate, business park or educational base, in compliance with the PoPI Act rather
access code) sent to the visitor in advance, it institution is properly trained in all aspects of than in the cloud, where erratic connectivity in
speeds the system up tremendously as the the system being used. They can then train South Africa is common place.”
guard does not have to make a call to confirm new personnel as and when required. Paynter adds that proof of user consent
that the visitor is expected or should be allowed “Most of the electronic systems are menu is vital. Electronic systems that record visitor
access. This PAC code should allow for one entry driven and are not difficult to use. If the guard details without proof of consent are not PoPI
and one exit only and should have an expiry is capable of writing details down in a book and compliant. He adds that a biometric reader or a
date, for example, 24 hours, or in the case of a issuing a temporary visitor card, they can also digital signature pad/screen is the best way to
contractor, for the period of the contract. be trained to use an electronic visitor system.” secure proof of visitor consent.
Paynter boasts that in surveys done on 100 Companies or residential bodies are
Keep it simple security guards, Ideco found that they prefer the responsible for compliance and can be held
It will not surprise anybody to hear that South EVIM device to the traditional visitors’ book. accountable in the event of non-compliance.
Africa’s guarding community is not the best “This is not only because it is quicker than the This is why it is vital to choose a visitor
trained in the world. While there are companies manual paper based process, but also because it management solution that is designed
that invest heavily in their security personnel, empowers them with accurate real-time around the PoPI Act. “Many systems casually
there are still those that only do the minimum, information and because it accurately records details. claim to be PoPI compliant when in reality
leaving customers with a problem. When “Anyone who can push a button can use they are not. Anyone recording and managing
implementing an electronic visitor management the EVIM solution. It is simple and easy to use visitors’ personal details is also required
system, it must be easy enough for anyone to and the process is based on barcode scanning by law to notify the Information Protection

86 Access & Identity Management Handbook 2017 www.securitysa.com


VISITOR MANAGEMENT

A random four-digit code will be sent back


via SMS to the registered/authorised person PoPI requirements
requesting the PAC and this can then be Ideco’s Mark Paynter provides a few
forwarded to the visitor. PT-Guest also pointers for those interested in what
accommodates a web interface login on an the Protection of Personal Information
intranet environment. Registered/authorised Act (PoPI) requires when collecting
persons log in via email and request a single information for visitors or contractors at
or multiple PACs which will be sent via email, access control points.
which they can in turn send to their guests. • The information must be collected for a
“These solutions obtain the best functional- specific and lawful purpose, and there
ity, value add and ROI for sites when there is must be limits to your processing of the
an experienced team of professionals with a information. Data must not be used for
track record of successful visitor management anything other than the purpose it was
installations working together to ensure that recorded for. It should never be sold or
all the expectations of the customer are met,” made available to other organisations.
concludes Powell. • The integrity of the information must
be secured. The server hosting the
Product focus: EVIM information should be hosted in a
Ideco offers the EVIM solution which is a compliant, secure audited environment.
rugged handheld mobile device supported A PC in a guardhouse or a reception is
Regulator of all information processed.” by a comprehensive backend solution, which not PoPI complaint.
Hancock says that GateBook does not keep offers a PoPI-complaint visitor management • The integrity of the information must
transactions stored on its devices. As soon as solution. EVIM offers a combination of PoPI be secured. The communication link
the scan is completed, the transaction and compliancy, live identity checking, biometric between the mobile scanner and the
information is sent to and stored on its remote recording of visitors’ as well as the visitor hosting platform should be suitably
servers. “Our server and cloud solution have welcome and notification SMS in one secured and encrypted.
the strictest security policy to ensure compliance system. – An unencrypted Wi-Fi link to an
with the act. We also make sure that all “Because EVIM is a hosted solution we open PC in a guardhouse is not PoPI
individuals on the estate that have access to work with EVIM SCPPs (Specialised Crime complaint.
the data understand that they can use this data Prevention Partners) to maintain a dynamic – A handheld scanner which stores infor-
for security reasons relating to the site, but can comprehensive national ‘flagging’ system for mation onboard in an unencrypted
not pass this information on.” high-risk identities of vehicles and persons,” format is not compliant.
states Paynter. “This means that if a listed high- – A scanner which stores visitors details
Product focus: GateBook risk vehicle enters an EVIM-secured property, on the device and which allows for
Describing what GateBook offers to the it would be flagged with the relevant law onboard information to be down-
market, Hancock says, “GateBook offers a enforcement agencies and authorities notified loaded from the device is not PoPI
complete visitor and contractor management automatically. This greatly reduces the risk to complaint.
solution, our modular approach means that we your site.” • There must be openness and subject
can treat our visitors differently to contractors, User companies can also locally blacklist or participation, and the data subject has
or even deliveries, and this can be operated flag people who are banned from their property. a right to ask for and be given, free of
completely independently of any other access In the event of an emergency, EVIM has the charge, details of any information that
control system onsite. What’s more is there ability to do a live ‘roll call’ to verify exactly how you have about them. A notification
is no requirement for a costly server to be many visitors are on site at a given time. must also be given to the data subject.
installed and maintained on site, which makes The EVIM SDK offers a web feed service which This is why every EVIM device offers the
the GateBook solution very quick and easy to gives software OEMs the ability to integrate host the ability to automatically generate
implement. We have also created a number visitor data with their access control, ERP or other a welcome SMS to every visitor which
of modules for our devices to handle the in-house systems. It also offers visitor analytics so gives them a unique reference number
integration into onsite access control such as clients can see their visitor traffic patterns as well for their visit and a number to call should
the Impro system. as their entry point patterns. they wish to query how their information
EVIM also stores visitor contact details is stored and used.
Product focus: PT-Guest which helps streamline emergency evacuation • The information must be accurate. The
PT-Guest is a programme designed and contact procedures and in future versions will information must be accurately recorded.
developed by Powell Tronics for the management offer ‘visitor broadcast’ functionality whereby This is why EVIM scans barcodes for 90%
and control of visitor and contractor access to a host can broadcast an emergency SMS to all of visitor information so that there is no
estates and business parks. It uses an Internet to onsite visitors at the click of a button. room for human error. It is also one of
GSM service to request a PAC (personal access the reasons why EVIM incorporates live
code) via a registered/authorised person from the For more information: identity checking.
access control database. The code is requested GateBook: www.gatebook.co.za Failure to comply with the above will
by means of an SMS containing a short code (for Ideco: www.ideco.co.za be a criminal offence.
example, 31171) with the visitor details. Powell Tronics: www.p-tron.com

www.securitysa.com Access & Identity Management Handbook 2017 87


CYBER SECURITY

Accessing cyber security


By Andrew Seldon.

Tyco Security Products is taking a proactive role in securing its range of physical
security products by developing its Cyber Protection Programme.
As if the job of specifying, installing and move has started and there is no stopping it. as possible when they do arise. To date Barkley
maintaining physical security products is not The traditional physical security approach says Software House access control solutions,
hard enough, recent news reports have shown to cyber security is to ignore it as the whole American Dynamics video management systems
that many of these devices – mainly cameras cyber issue is seen as an IT problem and left to and Illustra IP cameras are all on board, with
and DVRs at the moment – are being used in the people who manage servers and data further products from the group in the pipeline.
botnets. These are networks of devices, which centres. As everything in the access world
can be anything from computers to cameras moves to IP and being connected, this is no Six-step programme
(or any electronic devices) that have not been longer an acceptable approach. The Cyber Security Programme has been
properly secured and as a result are infected Of course, security of any sort is never divided into six parts. This is to ensure that the
with malware. one person or department’s responsibility programme covers all the aspects of security,
This malware normally sits on the device (although many try to make it so). It takes not simply covering certain components of
and doesn’t cause any trouble until the owner, collaboration across the board, from manu- the solution while ignoring others.
or those renting the botnet from the owner, facturers to installers and end users to make
decide to target a company or person. Then, security work. 1. Secure product development practices
all the devices work together to carry out Tyco Security Products is taking a proactive Tyco trains its developers and engineers to
their attack plans. A recent example can be role in securing its range of physical security code and test their products securely
seen at www.krebsonsecurity.com/2016/09/ products by developing its Cyber Protection throughout the development cycle. It has
krebsonsecurity-hit-with-record-ddos. Programme. Jeffrey Barkely, product manager also launched a Cyber Protection Team, an
While access and identity devices are not at Tyco Security Products, spoke to Hi-Tech independent branch of the development team
known to be involved in already identified Security Solutions and explained that the with the authority and responsibility to manage
botnets in any number, it stands to reason multifaceted programme is focused on the development process and final product
that network connected devices, especially delivering a holistic approach to cyber security release. This team is tasked with monitoring
Internet-connected devices, form part of the awareness, covering all the bases from the compliance according to the company’s ‘secure
global Internet of Things (IoT) network. As manufacturer to the end-user. development best practices’.
such, they can be used for cyber attacks The idea is to reduce the risk of cyber crime
either on the company using them, or on happening to end users by minimising the 2. Inclusive protection of components and
third parties. Access control has been a slow potential for the introduction of vulnerabilities systems
learner when it comes to moving to IP, but the into products as well as resolving issues as fast This step is to ensure that all components

88 Access & Identity Management Handbook 2017 www.securitysa.com


CYBER SECURITY

of a solution are tested and verified before on the products to verify their security status As noted above, security requires
reaching the customer. Some of the steps in and compliance. buy-in from all parties and the Cyber
the process include end-to-end encryption, Security Programme from Tyco covers all
encrypted database communications, system 5. Rapid response to vulnerabilities the bases, from the product manufacturers
auditing, alerting and management, and denial Since vulnerabilities are being discovered through to the end users. As many integrators
of service attack protection. every day – or so it seems – the Cyber Security will testify, the end users are probably the
team is continually on the lookout for new most important link in this chain as they are
3. Configuration guidelines for compliance threats. The team consists of engineers from often the ones who opt for the cheapest
Taking the process beyond the development product security, development, quality and solution that is almost guaranteed to be
stage, the team also provides integrators and tech support. They evaluate each threat insecure – although no company would say
installers with documentation to assist them and decide if it can be dealt with in the next that publically. Hopefully, the training and
in installing systems securely, and to comply upgrade process or if they need to send out a advocacy Tyco is involved with will be echoed
with various standards and regulations. For hotfix as soon as possible. throughout the physical security industry
example, Tyco uses the Risk Management Barkley notes that recently the team was and both users and integrators will come
Framework from NIST 800-53 – ‘Security able to develop, test and release patches for to understand the importance of effective
and Privacy Controls for Federal Information critical vulnerabilities such as Heartbleed (en. security, even if it’s only in the interest of
Systems and Organizations’ – to help users wikipedia.org/wiki/Heartbleed) and Shellshock self-preservation.
configure access control and video systems (en.wikipedia.org/wiki/Shellshock_(software_ For more on the programme, please see
that require a high level of compliance. bug)) in just two weeks. http://www.tycosecurityproducts.com/pdf/
cyber_protection/Cyber_Protection_Program_
4. Ongoing rigorous testing 6. Advocate and educate eBook_REVE.pdf (short URL: s­ ecuritysa.
The Cyber Protection team continues The sixth step of the programme is the educa- com/*tyco1).
testing products against known and new tion of partners and customers regarding the
vulnerabilities to ensure properly installed necessity of securing their infrastructure. This For more information contact
solutions remain as secure as possible. This includes training and development certifi- Tyco Security Products,
testing also applies to software updates and cations, and the team also travels globally +27 (0)82 566 5274,
new configurations. Moreover, third parties are advocating for the rigorous protection of all emallett@tycoint.com,
also employed to conduct independent tests security systems. www.tycosecurityproducts.com.

www.securitysa.com Access & Identity Management Handbook 2017 89


IDENTITY AS A SERVICE

Making the case for


Identity-as-a-Service
An EMC white paper.

The different evaluation criteria in approaching cloud-based Identity


and Access Management (IAM).
Identity-as-a-Service (IDaaS) is a topic that has these solutions have achieved a reasonable level hybrid approach is inevitable – consider how
picked up considerable momentum recently as of maturity and market acceptance, it’s a good your organisation is choosing to take their next
the IT landscape has continued the shift toward time to evaluate whether it is the right solution for step to the cloud. Some organisations choose
SaaS applications, to the point where today you and your organisation. The more an organisa- to deploy only new business applications in the
many organisations are seriously considering tion can ask the right questions and understand cloud as a first step. Other organisations choose
running security applications from the cloud. what the key criteria are, the more confident can to deploy certain aspects such as development
Many organisations today are considering IDaaS, the organisation be in its decisions. and test in the cloud and deploy production
but as with many new concepts, the unknown The first consideration is to create, validate, systems inside the firewall. It all depends on the
presents both exciting and daunting aspects. and gain a deep understanding of your organisa- business and technical strategy behind your
As organisations consider IDaaS, it is natural to tion’s business and technical goals as they relate organisation’s approach.
have questions and concerns that need to be to IAM. These goals serve as the most critical Finally, bring it up a level higher and
addressed before proceeding down that path. guideposts that set the direction in the decision question what value a cloud-based IAM
First, not all paths are created equal. It may path. Common goals include reducing opera- solution will bring to your organisation.
be tempting to think that there is a step-wise, tional costs, creating a simpler user experience, Various drivers organisations consider include
one-size-fits-all approach to IDaaS, but the truth or even building a more secure system. Dig deep a reduced operational effort, a smaller on-
is that there are multiple variables that influ- into what the primary problems and challenges premise deployment footprint, and a financial
ence this decision. It is critical that organisations your organisation is facing, from both a business shift from capital expenses to operational
understand what these variables are, which and technical perspective. Once you have this expenses. At the end of this evaluation, the
questions to ask, and the context in which their as the foundation, you can take the next step in end game is to be sure that, in the right context,
organisation sits in order to understand whether evaluating whether a cloud-based IAM solution a cloud-based IAM solution fits with your
a cloud-based IAM system is the right approach. will work for your organisation. organisation. Now that you’ve asked all the
Second, again, as with any new concept, The next consideration is to look at the right questions and made the assessment that
there are always doubts and perceived barriers to volume and types of Software-as-a-Service IDaaS is the right choice for your organisation,
tackle. The goal organisations should reach for is (SaaS) applications that your organisation it is natural that doubts will surface and make
to dig deeper into these barriers and understand uses. This will provide a good indication of way for a few more questions.
what the reality, drivers, and constraints are for what your organisation’s level of acceptance
their particular organisation. The ultimate goal is for SaaS applications. Beyond your organ- Overcoming barriers to IDaaS
should be to address any doubts and confidently isation’s appetite for SaaS applications, you Common (or at least, commonly perceived)
proceed down the right path for you at the will also need to understand the level of trust barriers to IDaaS that we often see include
moment. First, let’s explore the topic of whether a being placed in the cloud. In other words, questions around stability, security, cost and
cloud-based IAM solution makes sense for you. assess how ‘business-critical’ the SaaS apps are interoperability with existing systems. We
– for example, are only basic HR systems being believe the best approach for each of these is
Is cloud-based IAM right for you? stored in the cloud, or are critical files being to tackle them head-on, so we can understand
Cloud-based Identity and Access Management stored in the cloud as well? whether each obstacle is truly an obstacle.
(IAM) solutions have come a long way. Now that As organisations move to the cloud, the Continued on page 92

90 Access & Identity Management Handbook 2017 www.securitysa.com


ACCESS
IDENTITYCONTROL & IDENTITY MANAGEMENT
AS A SERVICE

Continued from page 90 ensure that the systems are secure and up-to- vendors claim to provide ‘enterprise identity
date, and in many cases, surpass the level of management’, but if you take a closer look,
Stability testing that on-premise solutions undergo. they oftentimes only connect to on-premise
Contrary to popular belief, cloud-based solu- directory systems and not with on-premise
tions do not necessarily offer less stability than Cost applications. Take a close look at what vendors
an equivalent system deployed on-premise. SaaS solutions have shifted the cost and claim they do when it comes to application
By design, many enterprises do have a single consumption model for enterprise applications. access and understand what it really means.
point of failure in parts of their IT infrastructure. The models have shifted from the on-premise After all, the ability to access only external SaaS
In fact, organisations can rarely justify fully licence associated with an upfront capital applications provides only half of the equation
redundant infrastructure for 100% of their expense and annual maintenance costs. This when it comes to business impact.
applications and are faced with selecting just has shifted to a subscription-based approach,
a few key systems. In comparison to a cloud- which usually can be classified as operational Fit with existing processes
based solution, it runs on commercial-grade expenses. Given this, it’s important to When it comes to IAM systems, especially
cloud infrastructure, which is more robust than understand how your organisation treats IDaaS solutions, this is an ideal time to engage
an organisation’s standard infrastructure. This, in capital expenses vs. operational expenses. In with the line-of-business (LOB). Take this as an
turn, provides a higher level of uptime. some scenarios, it’s easier to secure funding opportunity to analyse and improve your
and execute for operating expenses, which current business and technical processes.
Security would help make the case for IDaaS. During time of change, it is always a good
Now that your data is stored in the cloud, a Then, it is important to understand the total chance to re-evaluate current processes and
common fear is the loss of control, given it cost of ownership behind on-premise vs. SaaS determine whether changes are required. The
sits outside your organisation’s traditional solutions. At first glance, the sticker prices will key in choosing an IDaaS vendor in this process
boundaries. Again, contrary to popular belief, naturally vary, but also think about hidden costs is to find one that is flexible and can adapt to
on-premise deployments are not automatically associated with implementation, customisation, your current (or proposed) processes.
more secure than cloud-based deployments. time-to-deployment and maintenance. If There is no quick answer when it comes to
The notion of a traditional security perimeter has your organisation requires complex use cases, understanding whether IDaaS is right for your
been shattered, and in place of that, organisa- oftentimes custom coding is far more involved organisation. The best thing you can do for your
tions are responding to the demands of business and costly than a simpler configuration-based organisation is ask the right questions, assess
agility and have opened up internal applications deployment. Most organisations find that your organisation’s business and technical goals,
to partners, customers, and suppliers. cloud-based solutions are easier to deploy and and of course, apply it all in the context of
By doing so, they have of course also faster to derive immediate value from, which your business. With the right level of thought,
opened up their vulnerability to an evolving translates to a lower cost of ownership. planning, and reflection, IT can successfully
generation of hackers. IDaaS solutions are leverage cloud-based IAM across the organisation
deployed with a very limited set of entry Interoperability with on-premise applications for maximum impact.
points, which reduces the potential in an As valuable as it is to access external SaaS To download the full white paper, go to
attack. IDaaS vendors also typically go through applications, it is just as critical to access http://www.emc.com/collateral/white-paper/
rigorous and ongoing penetration tests to on-premise applications as well. Many IDaaS h13026-making-case-idaas-wp.pdf

92 Access & Identity Management Handbook 2017 www.securitysa.com


OPEN PLATFORMS

Access control solutions need to


embrace open platforms
Astute users want a cohesive and non-proprietary access control system.
Optimising video and access control within systems that are not able to generate alarms allow for co-operation between access control
the broader surveillance or security solution is and investigate the incident within the same and VMSs.
no longer about synergy, interfacing or inte- technology platform.” With the open-platform concept already
gration. Today, astute users want a cohesive Furthermore, having separate systems established in the video surveillance industry,
and non-proprietary access control system means operators and users need to know and the new trend towards non-proprietary door
that can talk, and interface with a video man- understand two separate systems that may, controllers in the access control industry is on
agement system. or may not, talk to one another. Unlike the PC the increase. The result is that the unified plat-
“While the industry made big advance- industry, which has succeeded in interoper- form is a comprehensive software and hard-
ments when it moved from traditional inter- ability, the security industry is not able to plug ware solution that manages access control,
facing to a more integrated approach, there and play because there are so many different intrusion and video functionalities through
were still limitations. What users want is unity hardware and software vendors with different non-proprietary security appliances.
between video, access and intrusion systems types of implementation. As a result, de Lorm De Lorm says an open-unified platform is
with built-in reporting and alarm manage- says the industry is a long way behind the PC not only starting to transform the access con-
ment functionalities,” says Marnix de Lorm industry in terms of interoperability: trol industry, but more importantly it is meet-
director, IP Video Solutions (IPVS). “It is likely that it will still be a long ing the needs of the user with a single, con-
He says that it goes beyond the basic time before the security industry is able to sistent software suite: “In taking this approach
functionalities of interfacing and integration achieve what the PC industry has in terms of the users investment is also protected through
or even PSIMs: “It is about offering end-users interoperability.” interoperability and the security needs are met
an efficient, flexible and cost-effective option Despite this lag, integration has improved in an affordable way.”
to system unification.” collaboration within the security industry and Since a unified platform supports com-
He warns that the viability of develop- moved it forward in terms of interfacing. But, moditised products, the end user’s hardware
ing this next generation platform lies in it de Lorm says there are still drawbacks as most investment is protected. The power of this
addressing users’ specific criteria while still integrated solutions still require two systems approach, according to de Lorm, is that the
offering functionality can be made to work as very few vendors offer video and access end user still has the freedom to make changes
using standard software platforms, and avoid- control systems in one unified interface. if the solution is not working: “They simply
ing the requirement for bespoke integration change the hardware components.”
which is cumbersome and costly. Move to non-proprietary access The next generation of video and access
“The limitations of standalone access control control integration has adopted this approach:
Improving efficiency systems are obvious; most of them do not “It offers the most flexible and cost effective
In understanding the user better, de Lorm support interfaces that allow for video stream- video and access control application that
says that the point of having security employ- ing, camera playback or PTZ control. Access protects the business as it grows and needs
ees is to monitor, investigate and react to control – which is largely hardware-based – change and more importantly allows the cus-
low and high priority situations and not to has largely evolved outside of the IP network tomer to use the specific hardware that suits
manage complex technology: “In reality and it is for this reason that the link-up with their budget and their application.”
the technology used should assist them to video and access control is happening primar-
become more efficient and not slow them ily on the VMS side where software can be For more information contact IP Video
down. This is further aggravated by disparate easily developed to create the modules that Solutions, +27 (0)11 706 2679, info@ipvs.co.za

www.securitysa.com Access & Identity Management Handbook 2017 93


DIGITAL IAM

Eight best practices for identity


and access management
A DellEMC white paper.

Eight key identity and access management practices that will help you improve your
identity management system to ensure better security, efficiency and compliance.
Identity and access management (IAM) isn’t identity management system to ensure better 2. Define identities
something you do once and then forget about. security, efficiency and compliance. The next best practice is to implement a single,
It’s an ongoing process, a critical part of your integrated system that provides end-to-end
infrastructure that demands continuous man- Eight best practices management of employee identities and that retires
agement. Even if you have a fully implemented 1. Define your workforce orphaned or unneeded identities at the appropriate
directory, it’s never too late to take advantage Your organisation’s workforce is managed by time. This is where IT responsibility formally begins
of best practices to help continuously manage your personnel or human resources depart- in the identity management lifecycle. Typically, you’ll
this crucial part of your environment. ment. They also have to manage information identify the following:
A key insight about identity and access about people who are not employees, such • A primary directory service (often Active
management is beginning to emerge in our as contractors and consultants. Most of these Directory).
industry: contrary to common practice, IT people require access to company resources. • A messaging system (such as Exchange Server or
should not be heavily involved in identity The first best practice is to use your HR Lotus Notes).
management. Too often, IT is placed in the role systems as much as possible as an authorita- • A primary Enterprise Resource Planning (ERP)
of “gatekeeper” simply because only IT has the tive source of data for your identity and access system (such as SAP).
tools needed to manage identity. But with the management system. This will help you avoid Once identified, these crucial systems are
right identity management tools in place, IT repetitive work, errors, inconsistencies and integrated into the overall identity management
maintains the tools and infrastructure, and the other problems as the IAM system grows. architecture. Why focus on these three kinds of
business controls the actual identities. Ideally, you’ll provide some kind of managed systems? Primarily because they deliver a “quick win,”
Here are eight key practices, gathered front-end, such as a web-based interface that providing identity integration across the most-visible
from years of experience and informed by this can be used to verify the quality of the imported and most-used resources that users interact with on
key insight, that will help you improve your data, revise data as needed and so on. a daily basis. More systems can be integrated later.

94 Access & Identity Management Handbook 2017 www.securitysa.com


DIGITAL IAM

In reality, each disparate system will


continue to have its own user accounts.
Your integrated system simply maps identi-
ties to these accounts, and you’ll often use
a web-based front-end to manage that
mapping process. There will be invariably
a few identities that can’t be automatically
mapped, and the front-end will allow those
to be handled on an exception basis.

3. Provide knowledge and control to business


owners
You also need to regularly answer the
question, “Who has access to what?” IT
coordinates the inventory of identities and
permissions and provides that information
to business data owners and custodians.
Again, a web-based front-end is ideal for
this. The idea is to let business data owners
manage access to their data and to provide
central reporting and control over those
permissions.

4. Implement workflow
Although technology is always about embrac-
ing change, unmanaged change causes prob-
lems. Implementing a ‘request and approval’
workflow provides an efficient way to manage
and document change. A self-service user
interface (often web-based) enables users to
“Use your HR systems Define compliance rules step by step,
and assign each step to a responsible
request permission to resources they need. as much as possible as an job role. Integrate rule checking in your
Data owners and custodians can respond to
these requests, helping the business ensure
authoritative source of identity management system and work-
flow operations to help automate reme-
appropriate access, while removing IT from data for your identity and diation of incorrect actions; this will help
the decision-making role in permissions
management.
access management improve consistency and security as well as
compliance.
You might begin by defining different system.”
kinds of permission sets, each with its own 7. Check and recheck
workflows. This enables different kinds of These provisioning tasks typically involve In a well-designed identity management
data and tasks to be treated appropriately, connections to numerous systems, includ- system, permissions are typically assigned to
depending upon their sensitivity. Take the ing email, ERP and databases. Prioritise job roles rather than to individuals, but organ-
time to define who can control that list of these systems so that the most important isations are still likely to simply assign permis-
services, who is responsible for managing and visible ones can be automated first, and sions as needed and never review them again.
workflow designs, and so on. For example, clearly define and document the flow of data This practice invites security risks.
financial data might require more extensive between these systems and your identity Permissions require periodic recertification –
approvals when changing permissions than management toolset. Focus first on automat- you need to review who has access to what
company-wide information (such as details ing the basic add/change/ delete tasks for and determine whether or not they should
about the next company picnic), which might user accounts, and then integrate additional still have those permissions.
be changed with relatively little workflow tasks such as unlocking accounts. Define job roles within your organisation
required. that can recertify permissions, such as system
6. Become compliant owners, managers, information security
5. Automate provisioning Many companies are now affected by one officers and so forth. Recertification can be
You need to manage new users, users who or more industry or governmental regula- defined in a workflow in which data owners
leave the organisation, and users who move tions, and your identity management system and custodians review a current permission
or are promoted or demoted within the can play a central, beneficial role in helping set and verify the accuracy (or inaccuracy) of
organisation. Provisioning, de-provisioning you to become and remain compliant. You’ll that set. The idea is to regularly make sure
and re-provisioning are often time-consum- need to focus on clearly defining and docu- that the roles and people who have permis-
ing manual tasks, and automating them can menting the job roles that have control over sions to resources should continue to have
not only reduce overhead but also reduce your data, as well as the job roles that should those permissions.
errors and improve consistency. have access to auditing information. Continued on page 96

www.securitysa.com Access & Identity Management Handbook 2017 95


DIGITAL IAM

Continued from page 95


“Permissions require implementation, often making them
This process should also include recer- impractical. Many companies instead
tification of job role membership to ensure periodic recertification – opt for ad hoc IAM, cobbling together
that the users assigned a given job role you need to review who home-grown and third-party tools into
are still performing that role within the a disjointed workaround that basically
organisation. has access to what and gets the job done – but at a high cost in

determine whether or efficiency and security. Ultimately, identity


8. Manage roles management becomes driven by what IT is
Permissions are best assigned to job roles not they should still have capable of, and not by what the business
rather than to individuals. Making those those permissions.” needs.
roles correspond to real-life job tasks and Dell One Identity Manager, a part of the
job titles is a powerful way to manage You’ll also need to define who will Dell One Identity products, helps organ-
identities and access over the long term. A manage these roles in order to ensure isations achieve effective IAM for less
certain amount of inventorying and mining that roles are created, modified and money, and with markedly less effort, than
will be needed to accurately identify the deactivated only by authorised individuals previously possible. Employees enjoy full
major roles within your organisation, based following the proper workflow. access to their applications, platforms, sys-
at least, in part, on the resource permissions tems and data throughout their time with
currently in force. Choosing the right tool the organisation, and your organisation
Through user self-service IT shopping Traditional approaches doesn’t have to invest in long, expensive
cart, users request access to the appropri- Unfortunately, it’s unlikely that your busi- customisations or never-ending consult-
ate resources and services. This way, a ness can rely on native tools to effectively ing engagements. You can even enable
user can request access to “non-personal implement these eight best practices. line-of-business employees to manage the
human resources information” (for example) You simply have to deal with too many identity lifecycle process through self-
without needing to understand the under- native toolsets, such as Microsoft Active service, offloading IT overhead onto actual
lying technical details required to make that Directory, SAP, PeopleSoft, Unix or Mac business data owners and custodians. Dell
happen. Once a user places such a request, OS. You need a central place to manage One Identity Manager also provides full
the owner or custodian of the affected data the identities used by all of these systems, workflow, including separation of duties
has the opportunity to review and either and you need to do so in a consistent, that are often lacking in IAM solutions.
approve or deny the request – taking IT secure, efficient and controlled fashion.
out of the permissions management loop Traditional IAM frameworks are For more information, go to
entirely. often expensive and require extensive www.dell.co.za.

Dell One Identity Manager provides comprehensive yet simplified identity and access management, which enables organisations to follow the
eight best practices for IAM outlined in this brief.

96 Access & Identity Management Handbook 2017 www.securitysa.com


www.securitysa.com Access & Identity Management Handbook 2017 97
PERIMETER

The perimeter security challenge


By Kelly Mclintock, Blacklight Technology Solutions.

Kelly Mclintock looks at various technologies and their applicability for


perimeter security.
The rising threat of violent and organised another can be deployed to protect a perimeter: possible. Although expensive, the life span
crime in South Africa in recent months has • Thermal cameras. is 10 plus years so the total cost of owner-
undoubtedly increased awareness of perim- • Video analytics. ship is more affordable long term than other
eter security and security in general, espe- • Smart electronic fencing. mediums.
cially in the residential,wildlife, commercial • Underground and fence mount seismic Thermal cameras, I believe, have become the
and industrial environments, to name a few. solutions. go-to for perimeter solutions in the market and
However, violent and organised crime isn’t • IR and microware poles. have had massive successes in both the residen-
the only threat. Political instability, industrial • Radar. tial and wildlife sectors. However, I must add that
action, vandalism and much more continue to • High megapixel cameras. thermal cameras have a very specific shortcom-
challenge perimeter security. • Licence plate recognition. ing in the ability to run the surveillance theory of
Furthermore, these sites typically encom- However, in the deployment of these tech- Detect, Identify and Recognise. Thermal cameras
pass a wide area and pose a physical challenge nologies, the following needs to be considered have the ability to see immense distances (over
to security personal as the perimeters require to not only deliver a secure perimeter, but also one kilometre with a 60 mm lens), but this causes
efficient monitoring to enable rapid response operational efficiencies: an immediate problem in detecting and identify-
to a potential breach or actual breach. • Accuracy, above all exceptional and reliable ing what the object is on the screen.
Historically the approach has been deploy- detection at fair distances is paramount and This shortcoming isn’t directly related to the
ment of personal to walk or drive a perimeter this varies per technology. camera, but rather the video analytics engine
as well as deployment of an electric fence as a • Ability to adapt technology to site-specific it is running. After using and testing multiple
deterrent. requirements. thermal cameras, from the low cost to the
In the past five years, however, the develop- • Integration, solutions that easily integrate with ridiculously expensive, from a 13 mm to 60 mm,
ment of advanced technology to monitor and auxiliary systems. it is my opinion that for an end user to guarantee
protect perimeters has become big business • Low false alarm rates, where complex algo- 100% detection, analytics on thermal cameras
and in this writer’s opinion, been the single rithms differentiate between real and false should not be expected to work (in the sense of
largest catalyst driving the cost of previously alarm events. detect and identify) beyond 350 to 400 metres.
inaccessible technology down to make it more • Real-time monitoring. The infrastructure There are cases where the technology functions
affordable to a much larger percentage of the being deployed to carry the detected events beyond the stated distance, but this will vary
market. must be reliable, have redundancy, and able based on time of day and weather. The colder the
Advanced perimeter security technologies, to transmit at a high rate ( preferably Gigabit weather, the better the thermal image is, and in
as of the release of this article, encompass the speeds). I personally recommend single turn, the better the video analytics functions. In
following technologies which in one form or mode fibre on large site deployments where essence, the accuracy increases.

98 Access & Identity Management Handbook 2017 www.securitysa.com


PERIMETER

More on the perimeter


I have also in recent months seen the increase in requests for radar.
This is still, in my opinion, beyond the majority of end users’ budgets,
but does have its place. Originally designed for military applications, a
number of manufacturers have dumbed-down their offerings to avoid
ITAR regulations. This has led to the increase of commercial radar.
Designed to secure sites, commercial radar is compact, lightweight
and reliable, and operates in all weather conditions and detects every-
thing over vast distances. However, depending on the type of radar, it
has its flaws, Cost is possibly the largest, but in the last month I have
seen a radar test where a R100 piece of foam was used to avoid detec-
tion by the radar – foam absorbs the signal. The last of the radar flaws,
which could be considered a benefit, is its ability to detect everything,
so with this, the number of alarms created increases substantially.
A number of residential estates and critical infrastructure site histori-
cally have bought into seismic sensor technology. This is where smart
underground or fence mounted sensor systems, varying from fibre to
individual detectors, are run around the perimeter of a site.
These sensors broadcast signals to a central control room where an
alarm is created should a sensor pick up seismic vibrations: a bird on the
fence, a warthog digging under the fence or a human climbing a fence.
My experience with these types of systems has varied from a 50% up
to 70% detection rate, but once again false alarms cause a number of
issues.
IR and microware poles have been around for decades and have
been the go-to for a number of verticals in the industry, non-more so
than residential homes. However, for a large scale and distance solution,
in this writer’s opinion, they have a 50/50 chance of false alarms.

High megapixel cameras


A number of manufacturers have recently released 4K and above
cameras which have the ability to function at both day and night, and
can provide incredibly detailed and quality pictures that allow for very
accurate video analytics. I have yet to test this in poor weather and dark
moon environments, and over large distances. The things I believe any
reader, considering this technology for their perimeter should take into
consideration are the file sizes of these video feeds. They are immense
and use volumes of bandwidth, and with this, a massive amount of data
storage and processing is required, but once again, I have not tested
these cameras in extreme conditions.

Licence plate recognition (LPR) and biometrics


In order to lock down the perimeter or access to the site, biometrics and
card systems have been the industry standard, however LPR is becom-
ing more prevalent in locking down access to sites and the development
of the technology has not only dropped the costing, but also allowed for
integration.
LPR and biometrics were recently taken by a residential estate where
they were integrated as a single access control solution. A number of
fingerprints from different residents were added to an access record and
bound to a vehicle licence plate. In so doing, a process of verification
and authentication was brought into a single access record to eliminate
unauthorised drivers using a vehicle and entering or leaving the estate.
In conclusion, I don’t believe there will ever be a silver bullet within
budget to give a zero perimeter penetration guarantee as this is always
the desired outcome, but the above technology or a blend of it is defi-
nitely a step in the right direction.

For more information contact Blacklight Technology Consulting,


+27 (0)11 026 7582, kelly@blacklightconsulting.co.za

www.securitysa.com Access & Identity Management Handbook 2017 99


CASE STUDY

Improving security at Helderberg


An effective electronic access control system that manages every visitor or
­contractor on site is the first layer of residential estate security.
Access control remains the crux of residential safety and security now,” Nielsen points out. procedure occurs, with recordings of the
estate living and homeowners’ associations are Nielsen explains that the main entrance face of the visitor or contractor, as well as the
realising the benefits of deploying an electron- (east) gate at Helderberg Village is used by vehicle’s number plate and the vehicle itself,
ically driven system to eliminate human error residents, village staff and all other categor- taking place.
and inaccuracies in information gathering. ies of visitors, while the west entrance gate Tracking of visitors is instantly enabled,
Vagn Nielsen, CEO of the Helderberg Village provides access for residents and pre-approved and in the case of contractors, project-based
Master Homeowners Association (HVMHA) visitors. Pedestrians are required to report visitors or villager visitors, time windows will
NPC in Somerset West, is extremely pleased to the security gatehouse where their ID is be allocated. The management components
with the higher levels of visitor and contrac- scanned, they are photographed and they are enable reports to be sent to security managers
tor management that the new access control biometrically enrolled on the access control regarding who is on estate and who has left
system affords Helderberg Village. Prior to system. The fingerprints that they present for the estate. The system automatically provides a
installing the Morpho Sagem biometric finger- enrolment are then used to operate a turnstile report on the expiry of allocated time periods
print readers, PT-Guest visitor management into the estate. of visitors and contractors and an alert will be
software running on an Impro access control sent to the control room for follow-up and fur-
backbone, together with keypads utilising per- Visitor registration ther action. In addition, visitors who have been
sonal access codes (PACs), the estate adopted When a vehicle arrives at the main gate, issued with a one-time PAC will be unable to
the route followed by so many other estates – the visitor or contractor is asked for his/her leave the village and then re-enter without
the infamous visitor log book. destination in the village. The resident is called going through the registration process again.
“The difference since deploying this system, to confirm whether the visitor or contractor is Visitors can also be pre-registered online
which was provided by Powell Tronics and expected. Once confirmed, the driver’s licence by villagers via PT-GUEST. The four-digit PAC
installed and commissioned by onsite contrac- and the vehicle’s registration disc are scanned number will be sent via email or SMS to the
tors Xone, has been amazing. Not only can we to provide verification both of the person’s visitor and they are required to enter this code
identify at any one time where on the estate identity as well as the registration status of the into the keypad at the entrance boom. This,
a particular visitor or contractor is through a vehicle. The system then generates a printout says Nielsen, forms part of the HVMHA’s man-
carefully placed, integrated solution of access containing a four-digit personal access code date to make security on the estate a shared
control readers, facial and licence plate cam- (PAC) which the visitor or contractor enters responsibility. In instances where the visitor
eras and CCTV surveillance cameras, but our into the boom-mounted keypad to open the has not been pre-registered, the resident is
1 200 residents have a much greater sense of boom. Camera surveillance of the entire access responsible for providing permission for the
person to enter the gate.
The deployment of the access control com-
ponent formed part of a larger overall security
upgrade undertaken in 2014. All contracts
were awarded through a tender process and
consultant Rob Anderson was responsible for
coordinating the project in conjunction with
village management.
Nielsen explains that the security system
is the culmination of what the HVMHA had
reviewed on similar estates and can be con-
sidered best practice. Feedback from local
community policing forums and the villagers
themselves has been enthusiastic and general
consensus is that the estate’s security system
is considered to be a major deterrent to
criminals.

For more information contact Powell Tronics,


0861 787 2537, marketing@powelltronics.com,
www.p-tron.com

100 Access & Identity Management Handbook 2017 www.securitysa.com


CASE STUDY

Mantrap access control for data


centre in Qatar
Mantrap cubicles control access and enhance security at leading international
communications company in the Middle East.
Ooredoo is a leading international communica- maximises security while concurrently minimising automatically, with a built-in safety system ensur-
tions company with a customer base of more than inconvenience to the employee or visitor. ing that people accessing them are not harmed.
one million across the Middle East, North Africa “Because the mantrap cubicle has two This is achieved by the fact that the door auto-
and Southeast Asia. It is the leading communica- interlocking doors that can never be opened matically detects the presence of an obstacle and
tion company in Qatar and its Qatar Data Centre simultaneously, there is no chance that criminals prevents closing of the door while the obstacle is
is a sophisticated and advanced compliant data can leave this facility if an alarm has sounded. present.
centre, and a leader in the region. Lockdown will occur immediately. Either one of The Ooredoo Data Centre mantrap cubicles
The facility has been designed to comply with the doors can be unlocked and opened, as long as are linked to a card reader access control system,
world-class carrier standards and provides local the other door is locked and closed. Furthermore, which is in turn linked to the company’s time and
and regional organisations with a range of services because the mantrap cubicle admits only one attendance system for accurate assessment of
that include hosting and co-location, web content person at a time, it ensures that gangs of robbers employee hours worked and business continua-
delivery, data backup and restoration, business are unable to enter en masse,” says Turnstar MD tion auditing.
continuity and disaster recovery, Internet and Craig Sacks.
network connectivity, reporting services, infra- Having earned a reputation as a product of For more information contact Turnstar Systems,
structure monitoring and management, as well choice in the sensitive banking environment, as +27 (0)11 786 1633, craig@turnstar.co.za,
as IT security. In 2014 the Ooredoo Data Centre well as in retail stores, tertiary education facili- www.turnstar.co.za
received the prestigious ISO 22301 Certification – ties, office blocks and commercial buildings, the
Business Continuity Management Systems (BCMS) Turnstar mantrap cubicle is ideally suited to
certificate at QITCOM. applications such as the data centre where it is
Handling such high volumes of sensitive client critical to separate a non-secured area from a
data means that access into the data centre needs secured area.
to be carefully controlled and monitored. Not only The mantrap cubicles are designed with
does the facility employ hundreds of people, but reliability and durability in mind. The direct pivot
it also hosts numerous visitors who come to the design ensures that the door is precisely aligned
centre daily to discuss fit-for-purpose data solu- and eliminates the need for clumsy, noisy hinges.
tions for their businesses. Similarly, the frame structure and door are manu-
Turnstar supplied six automatic mantrap factured from steel to prevent sagging and door
cubicles to allow Ooredoo to control the entry warping.
of people into the data centre in a way that The doors are motorised and open and close

www.securitysa.com Access & Identity Management Handbook 2017 101


CASE STUDY

Engineering secure access


Engineering firm installs CEM Systems’ AC2000 access control software, combined
with S610 intelligent readers in turnstiles and S3040 portable readers.
Located in Belfast, Northern Ireland, Harland
and Wolff is one of Europe’s largest heavy engi-
neering companies to the maritime, offshore
oil and gas and renewable energy sectors.
Purposely developed to create some of the
world’s largest ocean going vessels, Harland
and Wolff required a first class security solution
to secure its vast site, to help ensure the safety
of all employees and visitors and to improve
overall business efficiency.
The CEM AC2000 access control system and
range of access control readers and terminals,
provides Harland and Wolff with security that
is both comprehensive and flexible to meet its
unique security demands.
As a large scale and potentially hazardous
environment, with large numbers of people,
the Harland and Wolff site presents a unique
range of security challenges. environmental
health and safety management is a vital part emerald TS300f – intelligent access fingerprint terminal.
of Harland and Wolff’s business, so selecting
“The AC2000 solution was on the AC2000 access control client PC to
the right security management solution was of be accessed locally and securely at the door
paramount importance. extremely effective for through its range of remote applications.
Controlling and keeping track of persons
Harland and Wolff, bring- It displays realtime security information
on board a significant engineering project was and statistics such as card status, scheduled
the initial key driver for Harland and Wolff to ing the time for mustering visitors, top system alarms and most recent
engage with CEM Systems. With the potential
from an evacuation drill alarms on the terminal. The built-in audio
for up to 1 200 people to be on the rig at any intercom also allows visitor communication
one time, in a potentially hazardous environ- down from 45 minutes to with the reception desk and remote door
ment, Harland and Wolff needed a realtime,
9 minutes.” opening.
scalable solution to know who was on board.
CEM worked with Harland and Wolff on including Zone Monitor and Mustering, allow- Biometric security
the initial project to track people on a rig for ing the realtime monitoring of cardholder High security areas, including the Harland and
health and safety purposes. This was a large movements and also counts people in an Wolff server room and equipment warehouse,
project which was extremely condensed, with area, a feature that is valuable in emergency are secured with emerald TS300f fingerprint
large numbers of concurrent activities and situations. AC2000 Time and Attendance also readers, requiring biometric verification for
personnel required to carry out the work on records employee attendance. the entry of authorised staff. The emerald
the rig. The key challenge was to co-ordinate TS300f Intelligent Fingerprint Terminal from
and control the activities and personnel and AC2000 Security Hub CEM Systems is a multifunctional touch screen
manage this in emergency situations. Harland and Wolff uses the of AC2000 Security access terminal with biometric verification. The
CEM Systems’ AC2000 access control soft- Hub for alarm and CCTV event management. TS300f not only provides more intelligence at
ware with key modules including Mustering Security Hub is the centralised command and the door with remote applications, but now
and Zone Monitor, combined with S610 intel- control application for AC2000. It seamlessly ensures more security where an additional
ligent readers in turnstiles and S3040 portable blends IP security surveillance systems and level of biometric verification is required. In
readers for the dry dock, provided a solution alarm processing into a single, simple and the equipment warehouse, emerald’s Checklist
that ensured accurate person count data in intuitive user interface. Entry feature allows Harland and Wolff to
case of an emergency. emerald, intelligent access terminals, are prompt staff on exit to sign the register if they
Following the success of this project, installed at the Harland and Wolff reception are removing any tools or equipment.
Harland and Wolff implemented a compre- building. Featuring a touch screen reader and
hensive AC2000 security management system controller in one, and built-in Voice over IP For more information contact Tyco Security
rollout and installed a range of access control (VoIP) intercom functionality, emerald removes Products, +27 (0)82 566 5274,
readers across the site. Harland and Wolff use the need for an additional intercom system. emallett@tycoint.com,
a range of AC2000 access control applications emerald enables data normally only available www.tycosecurityproducts.com

102 Access & Identity Management Handbook 2017 www.securitysa.com


CASE STUDY

Emergency access for National


Sea Rescue Institute
The NSRI installed Paxton access control to ensure secure, yet easy access for
emergency personnel.
The National Sea Rescue Institute (NSRI) is a charity that responds 24 “Once we understood the full Paxton
hours a day, 365 days a year, to save lives on South African waters.
Established in 1967, the organisation now has over 1000 unpaid volun- product range, quoting the new Net2
teers across 31 locations. system became quite easy. Installing
The NSRI base in Port Elizabeth required an improved access control
system, which would enable its offsite control room to allow the rescue Net2 is very simple, the entire installation
team to gain access to the building during a rescue operation. took just one day.”
Anton Lamprecht, of Mars Technologies specified Paxton’s Net2 access
control system to meet the NSRI’s requirements. Net2 is a user-friendly and -Anton Lamprecht, director, Mars Technologies
flexible networked access control system, designed to make the manage-
ment of any building straightforward.
Easy to use and with a range of features, it moves beyond the basics of Type of site: Emergency Response Service
controlling the flow of people around a building, offering benefits such as Location: Port Elizabeth
building control and system integration. The Net2 system is easily scal- Number of doors:
able making it perfectly suited to a large organisation like the NSRI, as it • 1 door
enables multiple sites to be managed remotely from one central location. • 15 staff
A KP-50 Proximity keypad has been installed on the main door to the
site. This allows access to authorised personnel only, when a valid token or Solution required:
PIN is presented. The Net2 software has been installed on one PC, which • Keyless solution
is managed by a single administrator and an additional four users have • Remote access control of secured door, for emergency access
been given the necessary permissions to grant access remotely during an and egress
emergency situation.
Stefan van den Berg, NSRI Port Elizabeth crewman, says: “The Net2 Result:
software is very user friendly and easy to configure. It took me only 30 • Improved access management
minutes to feel confident managing the new system.” • Remote access control during emergency situations
The team at Port Elizabeth now have plans to develop their new
system, including an alarm integration for remote deactivation during sea Paxton products used:
rescue emergencies, and time-based access permissions, to improve the • KP-50 Proximity Keypad
smooth running of day-to-day operations. • Net2 software

For more information, contact Paxton, +27 (0)21 427 6691,


support@paxtonaccess.co.za, www.paxtonaccess.co.za.

www.securitysa.com Access & Identity Management Handbook 2017 103


CASE STUDY

Access module eases admittance


When Turvatiimi moved to new premises at the
Flamingo Shopping and Entertainment Center
in the suburbs of Helsinki, a new automated
access control system was needed.
Turvatiimi have multiple offices at the
premises, meaning that a total of 19 doors
must have secured access. Employees will
move between the offices throughout the
day and the company has a high number of
visitors daily. A traditional reception or access
control system would be impractical to handle
this flow of people due to Turvatiimi Oyj’s high
security level needs.
All persons entering or leaving have to be
identified; visitors have to be handled securely
and efficiently, with no tailgaiting of visitors,
misused access cards or spoofing of access.
These are all inherent risks with traditional
access control systems.
Hi-Sec Supply installed 18 cameras (Axis expensive, high-maintenance control panels The recordings and access control data
M3007, P8514, M3014, M3005 and P1425-LE) to convey information and often use propri- are kept for two to three weeks in case of the
and 19 Axis A1001 Access Control units for etary hardware that does not integrate with need for investigation of an access event.
controlling the doors. All are controlled by other systems. It is important to understand Furthermore, the use of Milestone XProtect
Milestone XProtect Professional video man- that a traditional access control system is only VMS with its open platform technology
agement software (VMS) with full integration registering events based on the control panel. enables Turvatiimi to add analytics as needed.
to the Axis A1001 door controllers using the It might detect that a PIN code is used, but the An example of this could be people counting,
Milestone Access Control Module with Axis system is unable to detect if it is an authorised giving the exact number of persons at their
integration. All employees now have access person typing the PIN code. If an incorrect pin premises at all times. This is essential informa-
tokens that can be used at all locations. The code is disclosed, the security of the system is tion in case of fire or other emergencies.
system integrates fully with the Responda 113 compromised. Initially the system was implemented in
alarm system, ensuring rapid and informed Access control systems using cards or Turvatiimi’s headquarters with 50 employees.
response if unauthorised access is detected. security tokens suffer from the same type The rest of the 25 locations are to follow.
The Advantage: the Milestone video- of weakness, as cards may be lost, stolen or
enabled access control system enables swapped. Again the system is only able to Integrated access solutions
Turvatiimi Oyj to keep track of all persons on detect that a certain card has accessed a card The Finnish corporate landscape is currently
the premises, while at the same time provide reader. If a card or a pin code has been used to being shaped by a rising number of small-
excellent service to visitors. An employee gain unauthorised access, any video security to-medium-sized enterprises. This has led to
expecting a visitor will get a notification upon system can only be used to detect unauthor- increased construction activity in the com-
the arrival of the visitor, with a picture. This ised entry after the fact, unless a manned mercial sector and raised the demand for
ensures that all persons at the premises are solution is used. integrated and efficient security solutions.
identified. The system will link access to a A video-integrated digital solution based The ability to integrate alarms, access
door with the video from a camera. In this way on Ethernet cabling for data and power simpli- control and video security is a key to keep
the identity of a person entering or leaving is fies installation and offers a higher level of costs down and improve efficiency in alarm
ensured. If access tokens are swapped, it can security because the video can link a person to handling. If incidents can be documented
be detected. Tailgating can also be detected an event, such as a door being accessed. The using integrated access and video security
through the use of the video verification. integration between an access control system systems, then guarding services can be
Visitors who are temporary staff such as work- and a VMS (Video Management Software) better informed and thereby more efficient.
men can be identified and tracked if attempt- enables a unified operation if the VMS client is It could be that a door has been kept open
ing to access the premises during unauthor- used for controlling access, because the visual by a contractor or it could be a malfunction
ised hours or to access-restricted areas. identification is an added level of security to of a door-closing mechanism. Video verifies
the access control system. the situation for more appropriate response
Need for secure but easy access The extended security and the simplified to alarms.
Turvatiimi realised that a traditional access operation were the main reasons for choos-
control system would not be a viable solu- ing the integrated Axis/Milestone solution for For more information contact Milestone
tion for the company because of their need Turvatiimi. Use of the Milestone Mobile client Systems, +27 (0)82 377 0415,
for a high-security solution. Traditional simplifies operations further and all employees arms@milestonesys.com,
panel-based access control systems require can verify request for access if needed. www.milestonesys.com

104 Access & Identity Management Handbook 2017 www.securitysa.com


CASE STUDY

Full security solution for Garanti


GarantiBank is one of Turkey’s largest private
banks, with an established history dating
back to 1946. The bank’s dynamic employees,
its customer-centric approach, its innovative
products and services, all establish Garanti’s
pioneering position in the Turkish banking
sector. Garanti’s successful, solid and consis-
tent performance makes it a “universal bank”
well recognised around the globe.

GarantiBank Romania
In 2009, GarantiBank was authorised access
to the Romanian market by the National Bank
of Romania, becoming operational by the
end of May 2010. GarantiBank is a universal
bank offering a large range of products and
services to all business segments. In Romania,
GarantiBank benefits from the support of
its established international and Turkish
operation. Security installers began with the implementa- recorders now provide video surveillance.
tion of a full-blown solution. While in the past each site was managed
Pre-existing situation independently, GarantiBank Romania’s central
Like most banks, GarantiBank pays special UTC solution security operations is now equipped with UTC
attention to the safety and security of its GarantiBank’s Romanian sites have been Fire & Security’s Alliance security manage-
assets, but more importantly, that of its equipped with UTC Fire & Security’s ATS Master ment tool. This software tool allows security
employees and clients. In order to build control panels, covering intrusion detection personnel to monitor, operate and maintain
a robust and reliable security solution, and access control. Over 150 ATS panels have all aspects of the UTC Fire & Security, security
GarantiBank started looking for a solution that been installed, connecting approximately 1400 solution. This solution allows GarantiBank
would offer access control, intrusion and fire intrusion detectors and 600 badge readers. Romania to optimise its security operations,
detection and video surveillance. Looking at In addition to this, a fire detection system has while increasing safety and privacy.
the different options in the market, UTC Fire been installed, supported by over 1500 heat
& Security was selected as its manufacturer of and smoke detectors. For more information, contact UTC Fire & Security,
choice throughout Romania. After evaluating To complete the system, more than 100 +27 (0)11 579 7300, utcfs.ssa@fs.utc.com,
the current lay-out of the sites, local UTC Fire & of UTC Fire & Security’s TruVision digital video www.tcfssecurityproducts.eu

Mexico selects Anviz biometrics


Mexico’s government selected Anviz biometric solution.
Mexico’s environment ministry, SEMARNAT (Secretariat of Environment DR Security integrated the Anviz OA1000 Mercury Pro after strict
and Natural Resources) is charged with the mission of protecting, testing and evaluation with the Anviz R&D professional support team.
restoring, and conserving the ecosystems, natural resources, assets and The Mercury Pro is one of Anviz’s fingerprint flagship models, based
environmental services of Mexico with the goal of fostering sustainable on the Linux operating system, with features of dual-core high-speed
development. CPU; large memory support; and 1: 30000 matching high speed in
SEMARNAT has 40 branches and 2000 employees nationally. The prin- less than 0.5 seconds. Multiple communication solutions are avail-
cipal office is located in Mexico City that manages 40 branches in other able, including TCP/IP, WI-FI & 3G (optional). Its built-in web server
cities. Users need to access their different branch buildings every day, with allows fast, easy access to the device settings and record searching.
two identification modes required on the integrated system. After the installation of the Mercury Pro devices, SEMARNAT
One consists of the visitor only with card identification and the other received users’ positive feedback and realised real-time monitoring
employees with card and fingerprint identification mode. Every two of employees and visitors’ entry/exit times, improved office security
Anviz OA1000 Mercury Pro devices controls one single lane flap barrier. levels and saved labour costs. Other institutions of Mexico govern-
When employees scan their card and/or place a fingerprint on a reader ment are now interested and may apply this system.
to gain access, the single lane flap barrier will open. The Mercury Pro with
fingerprint identification increases the security level and makes it a secure For more information contact Garth Du Preez, Anviz SA,
choice to build intelligent and secure access control application systems. garth@anviz.com

www.securitysa.com Access & Identity Management Handbook 2017 105


CASE STUDY

Stellenbosch University secures access


Stellenbosch University controls access to computer labs with five Speedgate Secure
Lanes installed at strategic access points.
Listed amongst the top 300 universities detection increases security levels and ensures
worldwide, the picturesque University of that the system maintains the highest levels of
Stellenbosch is probably South Africa’s most integrity and reliability.
prestigious tertiary educational facility. With The system is both aesthetically pleasing
29 000 students and 300 permanent staff and highly practical, with the design allow-
members, this iconic learning facility has ing for the glass wings to seamlessly retract
shaped the futures of many promising South into the stainless steel cabinet for high-speed
African and international scientists, engineers, access. The Speedgate Secure high-volume
educators, lawyers, theologians and medical units at the university are full-height wide lane
students in its 10 faculties. (900 mm wide) and contain an optical safety
Sensitive research, learning and examina- scanning. All areas are air-conditioned and sensor array that prevents accidental closure
tion material, together with student assign- have 24-hour DVR security camera surveillance. when people are passing through.
ments and post-graduate theses are compiled The need to control access into the Together with an appealing design, the
in the university’s computer laboratories. FMHSCUA was a top priority for the univer- hand-made Speedgate Secure barriers are
The need to provide educators and students sity and led to a collaborative agreement for focused on ultra-heavy-duty high-speed
with complete peace of mind with regard to Turnstar to provide five Speedgate Secure operation, through the incorporation of a high-
the integrity and protection of their data is Lanes at strategic access points into the spec motor drive and gearbox.
a critical factor in the facility’s integrity and computer rooms. Craig Sacks, CEO of Turnstar, Feedback from the university has been
reputation. explains that each student at the University extremely positive and centred on the ease
Students have access to the Internet of Stellenbosch is issued with an RFID student of use of the systems and the elimination of
through a dedicated computer user’s area card that provides them with access to pre- pedestrian bottlenecks, with a simultaneous
(FMHSCUA) opposite the library. The FMHSCUA defined areas, such as the computer rooms. increase in security of valuable assets within
has 148 computers, 121 in two multifunc- The Speedgate Secure is Turnstar’s highest- the computer laboratories.
tion laboratory/e-classroom facilities, 26 in level security wing gate/flap gate and is
a small e-classroom, and the remainder in designed to integrate with all popular access For more information contact Turnstar
a small room providing specialised services control software systems and readers. The Systems, +27 (0)11 786 1633,
such as CD/DVD burning, colour printing and sophisticated anti-tamper and anti-tailgate craig@turnstar.co.za, www.turnstar.co.za.

Passage to luxury
Besam door system facilitates passage of luxury vehicles through showroom.
The seamless operation of Besam bi-parting and the mechanism was completed with a evacuation, for safety and ease of use the door
sliding door system from Assa Abloy Entrance Technical Data Besam Frame BreakOut unit. sensors can be toggled to an option of the
Systems allows for the easy passage of vehicles According to Aiton, these units can open the user’s choice. For example: OPEN, the door
in and out of a luxury vehicle show room in full length to enable vehicles to be moved in stays permanently open, or AUTO, for normal
Fourways, Johannesburg. and out of the showroom with ease. two‑way operation, other settings include,
Managing director of ASSA ABLOY Entrance Ultimately, the doors keep adverse weather AUTO PARTIAL (door can be opened partially
Systems South Africa, André Aiton, explains conditions such as heat, cold and wind (even with the inner and outer activation units), ONE
that the new doors required for the vehicle insects) outside, while maintaining a constant WAY (passage from one way only), OFF (door
showroom had to be specially designed to comfortable indoor climate. By preventing the cannot be opened from either side and RESET
withstand continuous use at a high degree of air conditioning from escaping, this environ- (door will return to the closed position and
safety to avoid injury to customers and staff as mentally friendly solution reduces energy function as normal).
well as damage to vehicles. Alongside con- consumption, saving electricity costs for the ASSA ABLOY Entrance Systems partnered
venience, the doors also needed to be visually vehicle dealership. with Edelweiss glass and aluminium to com-
appealing to customers. A further requirement Additional benefits include a 12-month plete the installation to meet the customer’s
from the customer was that the door system warranty (beginning at time of delivery), deadline.
be reliable to ensure a maximum lifetime. regular service inspections by a trained quali-
The order included Besam bi-parting doors fied individual and a one-year maintenance For more information contact ASSA ABLOY
complete with side screens and break-out, contract (with an option to extend). Entrance Systems SA, +27 (0)11 761 5000,
beam mounted solutions. A total of three bi- All sliding door operators are linked to andre.aiton@assaabloy.com,
parting break-out unit operators were installed the fire alarm systems for safety and easy www.assaabloy.co.za

106 Access & Identity Management Handbook 2017 www.securitysa.com


CASE STUDY

Integrated biometric access


Net2 biometric integration simplifies and secures access control at John Roan School.
The John Roan School is a secondary com-
prehensive in Greenwich, south-east London.
Founded in 1677, it is one of the oldest state
schools in the country. With a brand new, state-
of-the art building at Westcombe Park, and a
fully redeveloped facility at Maze Hill, John Roan
required an improved and upgraded access
control solution.
The John Roan School contracted Ideal
Security to provide a solution that would enable
the school security administrators to manage
and control the movement of people across
the school grounds. The students at the school
had got into the habit of sharing access tokens
and PIN numbers, in order to take advantage
of restricted areas on the premises. John Roan
required a solution that would prevent this
practice. by the BioLite Net readers; PIN, fingerprint, and “The John Roan School
token, enabled the users to continue using their
Biometric solution existing PINs and tokens, with the additional level admin loved Net2 for its
Russell Webb, of Ideal Security recommended of security and peace of mind from the biomet- simplicity and flexibility
integrating the school’s existing Net2 system ric authentication. The new system provides a
with Suprema BioConnect’s identity manage- unique record of who is on site, preventing any both for reporting and in-
ment platform, to provide a simple end-to-end unauthorised persons from gaining access to tegration options. The new
system for the school security administrators. restricted areas or from using a borrowed token.
Net2 is a user-friendly, flexible networked Utilising the existing means of identification, platform needed to show
access control system, designed to make the while integrating with the new readers has ‘technology leadership in
management of any site straightforward. The meant disruption to the staff and students was
ease with which an additional identity manage- kept to a minimum. their field’, and we believe
ment system can be integrated into the Net2 they now have this with
software, meant it provided the ideal framework Fast rollout
to meet the school’s growing requirements. The simplicity of the Net2 software integration Paxton and BioConnect.”
The installation of 31 BioLite Net Readers with the BioConnect platform means that John -Russell Webb, Ideal Security
was initially used to manage the movement of Roan has been able to roll the new system out
the 300 members of staff across the two school to more users than anticipated, in a short period to deliver a much improved solution and, most
sites. With the completed BioConnect and Net2 of time. importantly for the John Roan School, a simple
software integration, the new system is now Russell said “The John Roan School admin administration tool.
fully operational, managing the flow of over loved Net2 for its simplicity and flexibility both
1 600 students and the 300 staff across the for reporting and integration options”. The Net2 For more information contact Paxton,
school grounds. and BioConnect platform integration has capi- +27 (0)21 427 6691, support@paxtonaccess.co.za,
The multi-factor authentication required talised on the simplicity that Net2 is known for, www.paxtonaccess.co.za

www.securitysa.com Access & Identity Management Handbook 2017 107


CASE STUDY

Access controlled data centre


Tyco delivers centralised access control and physical security for Cogent
Communications’ Amsterdam data centre.

Cogent Communications was planning video surveillance systems, intruder detec-


to open its 18th data centre in Europe tion and an access control system using
when a unique opportunity emerged near card readers.
Amsterdam: a large data centre had moved
to a new location. That made property avail- Flexibility delivers advantages
able that already contained the necessary By taking a flexible approach, the existing
security and technical infrastructure and cables and as many components as possible
only needed to be upgraded to the latest were retained in the new system, resulting
technology. in significant cost savings and a lower total
In terms of construction and security cost of ownership. The extensive knowl-
technology, the location met the high edge, experience and flexibility of Tyco’s
standards set by Cogent. Its strategic posi- consultants ensured that the security plan
tion close to the capital and its proximity to met the strictest modern requirements and
a large international airport proved to be was installed as quickly as possible.
deciding factors. After considering potential The company chose to deploy access
alternatives, an easy decision was made to control using C•CURE 9000 from Software
select this location and the property was “As one of the world’s larg- House. With this centralised enterprise
acquired. est Internet service provid- solution, the access control is fully man-
The next step was to prepare the prem- aged from Cogent’s Network Operations
ises and ensure it was operational as soon ers, Cogent delivers com- Centres (NOC) in Washington DC in the
as possible. A considerable part of the petitive pricing coupled USA, Frankfurt in Germany and Madrid in
technical infrastructure was already in place Spain. The high degree of standardisation
and what was lacking was added, along- with superior quality and that Cogent strives for with its security
side Cogent’s own systems that had to be support. We continue to access systems also has its advantages here;
installed and organised. simplifying the process of providing access
“We were excited as a company to offic- grow and always strive to privileges to employees so that it is fast
ially open the data centre to our customers improve. Customer satis- and efficient to manage. With standardised
as soon as possible. Fortunately, we already systems and processes across data cen-
had a business relationship with Tyco in faction is very important tres in Amsterdam, London, Frankfurt and
the United States. Through this connec- to us, and working with throughout the United States, the system
tion, we were able to quickly make contact is highly streamlined and can be operated
with the Dutch account manager and the Tyco helps to ensure that easily and quickly.
team was able to complete the project our data centre customers Physical security constitutes an increas-
within just three months,” explained Richard ingly important aspect of data centre
Rademaker, director of data centre opera- get the security they need operations. After all, the economic value of
tions for Cogent. for their mission critical data increases as additional applications are
developed.
The solution equipment.” No one stops to think that every
Cogent is a multinational internet service -Richard Rademaker, smartphone app or every photo that is
provider that prides itself on offering the director of data centre operations. backed up in the cloud is found some-
best value in the market to its customers where in the world on actual physical
while setting very high standards for net- Before a detailed plan could be formu- servers and storage that are connected via
work performance. lated, an extensive inventory of the existing thousands of kilometres of cable. Cogent
Cogent strives to create a very high security measures was carried out. For days, Communications and Tyco’s partnership
degree of standardisation in its data centres a team of specialists meticulously studied helps to safeguard these files, ensuring
to simplify maintenance and management: the resources already installed, ascertaining they are stored safely and easily accessible
one of the biggest cost items in the sector. their specifications and assessing whether whenever they are needed.
That is why Cogent turned to Tyco for the they could be used in the new security plan.
integral physical security solutions as they Based on this survey, Tyco consultants For more information contact Tyco Security
have been responsible for the security sys- developed a plan of action to deploy an Products, +27 (0)82 566 5274,
tems in all of Cogent’s data centres in the integrated solution using the existing fire emallett@tycoint.com,
United States. alarm system alongside new intercom, www.tycosecurityproducts.com

108 Access & Identity Management Handbook 2017 www.securitysa.com


PRODUCT NEWS

ZKTeco launches ZKBioSecurity 3.0


By Johannes Tlhabi, sales manager, ZKTeco.

ZKBioSecurity 3.0 is an all-in-one web-based security platform developed


by ZKTeco incorporating access control, video linkage, elevator control and
visitor management.
For years ZKTeco has sold numerous access third-party database applications through the
control solutions that catered for standalone use of Middle Tables, which act as a staging
and small to medium size installations. These platform for data sharing, both in and out
are the type of systems that made ZKTeco a of ZKBiosecurity 3.0. This makes it easy for
well-known brand in as far as small, medium, systems like time and attendance, student
and inexpensive access control solutions are management applications and other human
concerned. resources applications to import data to as well
The beginning of 2016 saw the launch of as export data from ZKBiosecurity seamlessly.
the ZKBioSecurity 3.0 platform which now The hardware components of this system
offers ZKTeco the opportunity to compete include the inBio controller series and the
head-to-head with the regular names in the FR1200 RS485 slave biometric readers. The
medium to enterprise level access control inBio carries out the matching of fingerprints
market globally, but at a much lower price on the panel, instead of on the reader device.
point. This means the same quality, the same The inBio controller supports up to 20 000
product lifespan, with a 3-year carry-in war- fingerprint templates, 60 000 card users and
ranty on the hardware, but with a much higher stores up 100 000 events and transactions.
profit margin for the system integrator. The FR Series slave biometric readers
ZKBioSecurity 3.0 is the ultimate ‘All-in-One’ transmit fingerprint templates to the inBio via
web-based security platform developed by RS-485 for fast and accurate matching with
ZKTeco. It contains four integrated modules: templates that are stored in the controller’s
access control, video linkage (HikVision, database. Wiegand inputs are also provided
Dahua), elevator control and visitor manage- for traditional RFID card readers. This technol-
ment. With an optimised system architecture ogy eliminates the need for the deployment of
designed for high level biometric identification Johannes Tlhabi, sales manager, ZKTeco. intelligent biometric devices (which are com-
and modern-user friendly UI, ZKBioSecurity 3.0 • Advanced access control functions. monly very costly) and as such keeps deploy-
provides an advanced solution for a new user • Global anti-passback and linkage. ment costs lower.
experience with a sleek and compact design. • Video integration compatible with third-party The inBio controllers come in three sizes
The system offers the following functions: devices (such as Hikvision and Dahua). to suit project needs and reduce the cost
• All-in-one solution (access control, video • Automatic data backup. of unused capacity. The options are 1-door,
surveillance, elevator and visitor). • Alarms and events email notifications. 2-door and 4-door models which can be mixed
• Simple structure and smooth workflow. • System log monitoring system. in an optimised system architecture.
• Many doors management capacity (up to • Supports all ZKTeco push access panels and
2000 doors in single server and 8000 in selected standalone terminals. For more information contact ZKTeco (SA),
multi-server configurations). The database design structure of the +27 (0)12 259 1047, hendrik@zkteco.co.za,
• Stable, fast and consistent communication. platform allows for flexible integration to www.zkteco.co.za

www.securitysa.com Access & Identity Management Handbook 2017 109


PRODUCT NEWS

Access control beyond the door


By Andrew Seldon.

VixNet introduces a new access control solution for electricity meters and
distribution enclosures, substation entrance doors and more.
To most people, access control means some- communications networks in Gauteng and the All these events are logged on the server to
thing you attach to a door or a gate. There are, greater Cape Town region, based on direct- keep an accurate record of who was involved
however, other areas where access control is sequence spread spectrum (DSSS) technol- on which jobs at what locations. The reader
beneficial. ogy. The DSSS system provides bidirectional itself will also keep a list of past access events
Take a utility box at the side of a road, communications and does away with the need in memory, replacing the oldest events with
whether it is used for electricity or telecom- to manage SIM cards. More importantly, it is the latest.
munications is irrelevant. What is relevant is designed to be jamming resistant and triangu- Not only does SACU permit access to these
that access to these boxes is fairly simple to lation techniques provide positioning that is enclosures, it is also able to send a warning
allow for easy and fast access by technicians. accurate to within 4 metres. if a door has been left open. SACU includes
However, this is also why it is so easy for crimi- To control access to enclosures with SACU, other monitoring functions, such as built-in
nals to sabotage Telkom communications or companies can attach electronic access con- temperature monitoring and shock detection.
hook up illegal electricity cables. To implement trolled locks to the doors they wish to protect. Accurate positioning through triangulation
access controls in these situations has been The locks are linked to a central command via VixNet’s towers, and an audible alarm is
difficult in the past because there could be any server over VixNet’s network where a central also on the reader. In case of a power failure, a
number of technicians sent to work on a box, command station controls who has access battery, charger and monitor is also included
and if an access card or PIN was compromised, and at what times. Technicians working in the to ensure authorised people have access in any
anyone would be allowed to gain access. area permanently could be given 24x7 access, circumstances.
VixNet is a technology company with a long or individuals could be assigned to specific SACU takes traditional access control and
history of developing communications solu- jobs, with only the appointed technician being gives it a new, remote controlled role for use in
tions for the security industry. The company granted access for a specified time. cabinets and enclosures that are of necessity
recently came up with a new access solution When the individual arrives at the enclosure, located in open, public areas, but still need
that takes its communications expertise and they present their access card to the reader. The to be protected from unauthorised access.
combines it with access control. SACU is a system then communicates to the central sta- Utilities can now protect their electronics more
solution from VixNet that targets these public tion where the server will decide if that person easily while keeping exact records of who was
enclosures, including electricity meters and is allowed access at that particular time. If he/ where and what they were doing.
distribution enclosures, substation entrance she is, then the door is unlocked; if not, the
doors, mini-sub access doors, street lighting door stays locked. Should the enclosure have a For more information, contact VixNet,
control panels and so forth. rear door, permission to open this is granted if +27 (0)11 100 1969, clintonl@vixnet.co.za,
SACU makes use of VixNet’s RF appropriate once the person has badged in. www.vixnet.co.za

110 Access & Identity Management Handbook 2017 www.securitysa.com


PRODUCT NEWS

XTime goes beyond T&A


By Brett van den Bosch.

XTime has evolved into a control, time and attendance and visitor
management solution.
When G4S Secure Solutions first developed its new features they want, and our software devel- as that portion can be generic across various
XTime workforce management solution about 15 opment strategy is to always be open to new suppliers. The system is very flexible and can be
years ago for a couple of large mining clients, it ideas for improvement and added functionality,” configured and segmented in various ways to
could not have imagined what the system would he states. Some of the extra features that have accommodate a wide variety of physical limita-
eventually grow to become. Through continual been added in this way over the years include tions, such as network speed, down-time and
in-house development, XTime has evolved into a the likes of health and safety, fatigue manage- lack of infrastructure.
fully fledged access control, time and attendance ment and canteen management, among others. “Another strong point is our generic interface
and visitor management solution capable of Since no two organisations’ requirements are platform which forms the foundation of most
interfacing with all the major enterprise report- the same, the system is modular to allow each of our payroll and ERP system interfaces. XTime
ing systems (ERS) and payroll platforms. client to fine tune it for their particular needs. It is caters for a vast range of identification and verifi-
According to G4S software development licensed as a core module, with optional activa- cation mediums, i.e., RFID, active tags, biometrics
manager, Johan van Heerde, XTime has thus far tion of additional modules such as for mining (finger, facial, vein) etc. The system has been tried
enjoyed the best adoption by clients operating or equipment. Typically hosted on the client’s in tested in many sectors and environments,
in mining, heavy industry and government/para- own server as per IT policy and in line with PoPI including mining, oil and gas, and manufactur-
statals, with a footprint covering roughly 60% (protection of personal information), G4S is also ing, to name just a few,” van Heerde says.
of the large mining and industrial sites in South able to host the system and database on its own Van Heerde says G4S’ strategy is to continue
Africa. However, he points out that it offers ben- servers. to expand XTime’s penetration into markets
efits to any organisation with a large workforce Further flexibility is demonstrated by XTime’s beyond those in which it already has a strong
that is typically paid according to time worked, or extensive integration between many hardware foothold. He believes its already powerful
not worked, in order to keep track and manage vendors’ platforms and the G4S system control- capabilities, combined with the company’s
overtime, short time and so on. “We are currently ler, allowing it to be used in existing installations. commitment to listen to what the market wants
exploring how features that have already been For new projects, G4S has partnered with local and enhance it accordingly, will see the XTime
developed for XTime can benefit clients in other manufacturers in order to offer its own hardware solution grow from strength to strength in the
industries such as construction, hotel and leisure, solution. years to come.
and others,” he states. “The system controller itself includes a subset
Van Heerde believes that XTime offers of the database onboard to ensure full valida- For more information, contact G4S,
significant advantages over competing solutions. tion on- or off-line,” explains van Heerde. “The +27 (0)10 001 4500,
“By taking the time to speak with our clients face strength of the controller lies within our firmware customer.care@za.g4s.com,
to face, we are in a perfect position to learn what and not so much the actual controller hardware, www.g4s.co.za

www.securitysa.com Access & Identity Management Handbook 2017 111


PRODUCT NEWS

AXXESS-E wireless access control


MiRO has added the locally designed AXXESS-E range of wireless access control
solutions to its portfolio.
Since its inception, MiRO has focused on a secure transmission of data and the RF interface developed, the turnaround time for delivery to
strategy of providing the market with converged and jamming monitoring add further security our customers is fast and efficient,” Van Jaarsveld
wireless technology solutions. By adding the benefits. concludes.
locally designed AXXESS-E range of wireless “One of the primary aims behind all of
access control solutions to its portfolio. our product lines is to make life easier for our For more information
According to Bertus van Jaarsveld, CEO at customers. Wireless, in particular, provides users contact MiRO Distribution,
MiRO, the company’s appointment as a distribu- with a number of tangible benefits. Topping the 086 123 MIRO,
tor for the AXXESS-E range of wireless access list is the elimination of hardwiring, which in turn lerize@miro.co.za,
control solutions will provide its customers with results in reduced installation time and costs; the www.miro.co.za
further scope to expand their security portfolios. removal of the need to damage existing infra-
Marco de Ru, CTO at MiRO, says due to its structure due to the fact that no digging or chas-
wireless nature, the AXXESS-E solution is quick ing is required; and no interference with exist-
and easy to deploy, provides considerable cost ing services. And, because AXXESS-E is locally
savings on wiring and cabling and is highly
scalable. Using a Wiegand interface, the software
seamlessly integrates with biometric card readers
for full wireless functionality. In an industry that is
dominated by hardwired access control systems,
the technology is a welcome addition to avail-
able solutions.
AXXESS-E also uses graphic-based software
with customised reporting and time and atten-
dance data exporting templates. The AXXESS-E
system can manage up to 1 000 door controllers,
each controlling two 600 kilogram maglock
doors, multiple tags and four readers. Using AES
128-bit encryption and rolling code ensures

SharpV fixed ANPR camera


Genetec is launching an affordable, precise and easy to install fixed ANPR camera.
Genetec has announced its AutoVu SharpV, transferring through a Power-over- Ethernet of image precision, combined with ease of
a new fixed ANPR (automated number plate plus (PoE+) connection, and a varifocal lens installation at a lower price point. With our new
recognition) camera with onboard processing, design that allows installers to easily adjust the SharpV, ANPR has never been easier,” said Chris
precise settings, easy and flexible installation focal distance of the camera on site for opti- Yigit, program manager for AutoVu.
and affordable pricing. The AutoVu SharpV mal image capture, the new SharpV simplifies The SharpV can also be integrated with
camera is expected to be available in early system specification and provides flexibility Omnicast, the IP video surveillance system of
December 2016 from Genetec channel part- during deployment. Security Center, the Genetec unified security
ners and resellers. With high-definition ANPR and context platform. The SharpV can simultaneously
AutoVu SharpV is designed for fixed ANPR cameras and onboard processing in a single stream live video to Omnicast, doubling as
installations. It can be tied into citywide video device, the SharpV can detect and read any video surveillance unit and recorded video
surveillance systems to improve forensic inves- type of licence plate on the edge, and includes can be associated with ANPR hits to enhance
tigations, reporting, monitoring, and is ideally various analytics such as vehicle make and awareness and investigations. SharpV also sup-
suited for controlling access to corporate direction of travel. ports the AutoVu Free Flow parking enforce-
facilities, as well as managing off-street parking “The new AutoVu SharpV is the result ment module to increase parking enforcement
facilities. The SharpV-ITS model will offer a of over 15 years of specialised ANPR design efficiency by providing a real-time inventory of
solution specifically targeted at the intelligent experience, so it’s much more than an upgrade. vehicles parked illegally in monitored parking
transportation sector. It features premium performance without lots.
Featuring a completely new design that any of the challenges that often accompany
makes it easy for integrators to install, the ANPR projects. Not only does it include all the For more information about
AutoVu SharpV can be easily mounted on features of previous generation Sharp ANPR Genetec AutoVu SharpV,
walls or poles. With power and communication cameras, but it also brings a whole new level visit: www.genetec.com/sharpv.

112 Access & Identity Management Handbook 2017 www.securitysa.com


PRODUCT NEWS

Fides integrates Suprema


Biometric access to secured information in the cloud.
Fides recently announced the integra- background screening checks, authentica- can be viewed individually or administered
tion of Suprema’s BioMini Slim fingerprint tion measures and or biometrics that the from Fides’ web portal for company man-
authentication scanner into its biometric person you are in contact with is in fact agement. User access is determined by user
solutions. These solutions can be used the correct individual. Fides aggregates privileges.
to manage authentication, user logins, a number of identity verification and The web portal allows for visibility at
customer identification as well as time identity management services to provide every level, including access to customer
and attendance. For organisations that a single trusted identity service, always and/or employee vaults and a look at what
rely on historical data – like employers, accessible and fully audited. checks have been performed on these
banks, insurers, credit lenders and hospi- Fides’ offering includes identity checks, individuals. The Trusted Vault is PoPI com-
tals – biometrics serves to protect against the majority of these being in realtime pliant and all activity performed by users
identity fraud. with the aim of stopping identity theft and is recorded in a secure audit log and each
Suprema’s BioMini Slim is packed with reducing incorrect capturing of demo- function has a unique tracking ID.
features that make it perfect for providing graphic information. Examples include IDV The next release of this integration,
a high level of security. This ergonomic fin- real-time checks, real-time bank account scheduled for November 2016, will feature
gerprint scanner with FBI PIV and Mobile verification, credit checks, demographic the integration of Suprema’s RealScan
ID FAP20 certification has an IP65 rated checks and criminal checks. (See more at series, offering more options and state-
form factor, making it resistant to dust http://www.securitysa.com/6707r.) of-the-art livescan equipment, ideal for
and water. Its large platen size provides These checks are available through government civil, criminal and AFIS compli-
for easy and reliable fingerprint captur- Fides’ front-end or can be integrated into ant implementations.
ing, which includes Live Finger Detection, existing systems via web service calls. Using biometric identity data from the
using Suprema’s latest 500 dpi slim optical Fides also provides an electronic safety Trusted Vault will be directly integrated into
sensor. deposit box, the Trusted Vault, for all Suprema’s BioStar 2 access control and time
Fides is a technology company focused information related to an individual. This is attendance solution. With this, a single and
on delivering cloud-based identity solu- where all the biometrics, identity checks, secure identity used throughout HR, from
tions. Fides aims to prove, either through documents and photos are stored. Vaults point of vetting, identity checks, secure
document storage through to provid-
ing employee access control, closing
the loop introduced by segregated
identities.
“At Fides we are all about trusted
identities and we are proud to now
offer our clients access to the renowned
Suprema range,” says Fides Cloud MD,
Hedley Hurwitz. “We are also glad to
offer Suprema’s trusted partners access
to our offering and are looking forward
to the new opportunities that this will
generate.”
“Synergistic and integrated offerings
is what Suprema prides itself on,” says
Walter Rautenbach, MD of neaMetrics,
authorised distributor of Suprema in
Africa. “It is a pleasure working with
dynamic experts in the field of biomet-
rics and we love it when solutions solve
real problems for our partners.”

For more information contact


neaMetrics, 0861 632 638,
info@neametrics.com,
www.neametrics.com.
Suprema, +27 (0)11 784 3952,
enquiry@suprema.co.za,
www.suprema.co.za.

www.securitysa.com Access & Identity Management Handbook 2017 113


PRODUCT NEWS

Long-range access control


Farpointe Data’s Ranger transmitter supports long range, proximity and smartcard
presentation technologies.
Farpointe Data has announced that access Regarding other security issues, users entrances, marina gates, facility lock-
control manufacturers, distributors and can take advantage of the read range, downs, remote door opening and more.
integrators can now add a 13.56 MHz contact- which allows the Ranger receiver to be It can be used in any application where
less smartcard module with MIFARE Classic or installed on the secure side of an instal- pressing a button is more convenient
today’s benchmark, the DESFire EV1, to their lation, out of harm’s way. Secondly, an than presenting a card. And, once at the
customers’ Ranger long range transmitters, element of the Ranger transmitter-to- facility’s front door, the transmitter can
making them compatible and interoperable receiver long-range, over-the-air proto- still be used in lieu of a card.
with Farpointe Data contactless smartcard col takes advantage of a secure, digital Ranger has been used for applications
readers and credentials. anti-playback routine. It is based on a where it’s critical to move larger vehicles
The Ranger product line has always been custom enhanced rolling code variant of through a secure portal, such as aircraft
compatible with Farpointe Pyramid proxim- the Tiny Encryption Algorithm (TEA). in and out of a hanger or tractor trailers
ity systems, being equipped with potted The anti-playback feature virtually moving in and out of terminals. For the
proximity supporting 26 bit Wiegand as well eliminates the risk of code sniffing and latter, oftentimes the private property
as custom Wiegand formats plus certain unauthorised cloning. Lastly, Ranger on the unsecure side of a gate allotted
HID and AWID 125 kHz proximity protocols. supports MAXSecure, a unique Farpointe for trucking is limited and local authori-
Transmitter coding is sequential, exactly as option, providing a higher-security ties frown greatly on a spill over onto
ordered, with no over or under runs. handshake, or code, between the trans- public roadways. Competing solutions
“EV1 sets the security benchmark for mitter and receiver to help safeguard may have inconsistent range and cannot
presentation technology,” emphasises Scott against credential duplication and quickly move multiple, large vehicles
Lindley, president of Farpointe Data. “Access ensure that a specific end-user’s receiver through these areas.
control system manufacturers, integrators and will only collect data from these specially The added range reliably provided by
dealers promoting long range reading will coded transmitters. the Ranger can eliminate this stack-up.
be able to tout greater security over MIFARE Used in conjunction with smartcard Gated housing communities appreciate
Classic smartcard technology because MIFARE technology, the Ranger Transmitter the long read range of Ranger, up to
DESFire EV1 uses 128 AES encryption, the supports both long range and smartcard 60 m, and marinas value the ruggedised
same as used by the US federal government. presentation technologies with a wide construction of the Ranger, which is both
MIFARE DESFire EV1 is based on open global range of end-user applications. Long weather- and vandal-resistant.
standards for both air interface and crypto- range access control solves a number
graphic methods. It is compliant to all four of demanding access applications that For more information contact Scott
levels of ISO/IEC 14443A and uses optional call for extended read ranges, such as Lindley, Farpointe Data, +1 408 731 8700,
ISO/IEC 7816-4 commands.” parking lots, alarm activation, building scottl@farpointedata.com.

114 Access & Identity Management Handbook 2017 www.securitysa.com


DIRECTORY LISTINGS

Directory of access and identity management providers


4C Technology Boomgate Advertising
Installer/System integrator Distributor/supplier

4C Technology designs, installs and services access The Boomgate Advertising Barrier is designed to place
control and identity management systems. We advertisements 830 mm (h) up to 4.2 m (l) underneath the boom arm and offers
integrate ‘best-of-breed’ technology that best fits additional advertising on the cabinet which has a light box. This patented design is
your requirements and budget and offer turnkey projects with a detailed scope- the first in South Africa. It can interface with any parking management system.
of-work and project plan to optimise delivery and client satisfaction.
Contact: Andre Rossouw or Sharon Findlay
Contact: Paul Frewen Tel: +27 (0)82 410 4921 or +27 (0)82 448 1488
Tel: +27 (0)11 608 0596 andre@boomgatesystems.co.za or findlay1@telkomsa.net
paul@4c-technology.com 18 Minerva Avenue, Leaglen, Roodepoort
14 High Street, Modderfontein www.boomgatesystems.co.za
www.4c-technology.com Branches: Cape Town

ADI Global Distribution Boomgate Systems


Distributor/supplier Manufacturer
Installer/System integrator
Offering the widest and unparalleled range of security
products and solutions for intrusion, fire, CCTV, networking solutions, access control, Manufacturer of vehicle and pedestrian
building management, as well as a comprehensive complementary range of access control equipment and high security anti terror equipment such as traffic bar-
accessories. riers, spike barriers, road blockers, hydraulic bollards, turnstiles, speedstiles, security
booths, canti-lever gates, manual barriers, re-usable rubber traffic islands.
Contact: Gordon Moore
Tel: +27 (0)11 574 2500 Contact: Andre Rossouw
gordon.moore2@adiglobal.com Tel: +27 (0)11 674 4441
5 Platinum Drive, Longmeadow Business Estate, Modderfontein, Johannesburg, andre@boomgatesystems.co.za
Gauteng 18 Minerva Avenue, Leaglen, Roodepoort
www.adiglobal.com/za www.boomgatesystems.co.za
Branches: Durban, Pretoria, Johannesburg, Bloemfontein, Cape Town, Nairobi, ADI Branches: Cape Town
has a dedicated export office in Johannesburg to service all other parts of sub-
Saharan Africa and Indian Ocean islands.
Bytes Systems Integration
Installer/System integrator
ASSA ABLOY Distributor/supplier
Manufacturer
Distributor/supplier Identity Management Solutions, a business unit of Bytes Systems Integration, provides
identity management solutions for governments, businesses and individuals. IDM
ASSA ABLOY’s product range includes SMARTair access control systems, Aperio wire- focuses on biometric and technology solutions designed to manage the complete ID
less door locks as well as a range of HID cards, readers and peripherals. ASSA ABLOY’s lifecycle by securing, protecting and validating IDs.
Yale brand provides a range of digital door locks targeted at the residential market,
which integrate to home automation systems. Contact: Nick Perkins
Tel: +27 (0)11 450 3092
Contact: Riaan Pretorius nick.perkins@bytes.co.za
Tel: +27 (0)11 761 5019 11B Riley Road, Eastwood Office Park, Tuscan Suite 1, Bedfordview, Gauteng
riaan.pretorius@assaabloy.com www.bytesidm.co.za
ASSA ABLOY Commercial House, 9 Nickel Road, Technikon, Gauteng Branches: Southern Africa, East Africa, West Africa, UAE, Indian Ocean Islands.
www.assaabloy.co.za
Branches: Namibia, Kenya, Ghana, Zimbabwe, Zambia, Nigeria, Tanzania, Uganda. CAME BPT South Africa
Manufacturer
Axis Communications Distributor/supplier
Manufacturer
CAME BPT SA is a subsidiary of CAME Group
With its products for physical access control, Axis which incorporates companies like CAME, BPT, Urbaco and Parkare. A wide range
Communications offers an open and future-flexible alternative to IP. These prod- of access control technologies are available: gate and door automation, parking
ucts cover a variety of application needs, from identification and entry control to systems, turnstiles, access control systems, audio and video intercoms, CCTV and
advanced access management and integration with other systems. automatic bollards.

Contact: Vanessa Tyne Contact: Riccardo Battaini


Tel: +27 (0)11 548 6780 Tel: +27 (0)11 616 3222
vanessa.tyne@axis.com info@camebpt.co.za
Microsoft Office Park, 3012 William Nicol Drive, Bryanston, Gauteng 21 Davies Road, Malvern East, Gauteng
www.axis.com www.camebpt.co.za
Distributors/resellers: ADI Global Distribution, Pinnsec, Duxbury Networking, NIT Distributors/resellers: Contact company for details
Branches: Cape Town, Durban. Branches: Johannesburg, Cape Town, Durban, Pretoria.

Disclaimer: The information in this publication is furnished for the exclusive use of subscribers and is based on the most reliable data available to Technews
­Publishing. However, the information was obtained from sources which Technews Publishing does not control and, although every effort has been made to
verify it, the data is volatile. In furnishing this information, Technews Publishing in no way assumes any part of the users’ or suppliers’ risks, does not guarantee
its completeness, timeliness or accuracy and shall not be liable for any loss or injury whatever resulting from the use of or reliance on the information, or from
negligence.

www.securitysa.com Access & Identity Management Handbook 2017 115


DIRECTORY LISTINGS

Card Control EOH


Systems Installer/System integrator
Installer/System
integrator EOH offers a best fit for all your access control
and ID Management needs. Ensuring the right people with the right
Card Control Systems specialises in the design, installation and
integration of access control, CCTV and fire detection. From small access at the right time. EOH can integrate workforce management
to full turnkey projects, the company strives to use the best suitable into Security, HR, Payroll and H&S. An integrated management solution
technology and tailor systems to individual needs. thereby unlocking the full potential and ROI.

Contact: Sakkie Coetzee Contact: Wayne Schneeberger


Tel: +27 (0)11 907 3192 Tel: +27 (0)11 844 3200
info@cardcon.co.za wayne.schneeberger@eoh.com
11 Helston Street, New Redruth, Alberton, Gauteng 6 Trinity Close, Paulshof
www.cardcontrolsystems.co.za
www.eoh-fss.co.za
Branches: Johannesburg, Cape Town, Durban, Port Elizabeth

CEM Systems
Manufacturer
GeoVision SA
CEM Systems, part of Tyco Distributor/supplier
Security Products, is a leading provider of access control and fully
integrated security management systems. With a reputation for GeoVision’s award winning sur-
designing industry firsts, CEM continuously develops innovative veillance products provide total
software and hardware to incorporate the very latest in technology. security for POS, LPR and CMS systems. With its advantages in video
surveillance techniques it is forging ahead to new fields of IP surveil-
Contact: Ernest Mallet lance, analytics, network video storage, access control and intelligent
Tel: +44 2890 456 767 security services.
cem.sales@tycoint.com
195 Airport Road West, Belfast, BT3 9ED, United Kingdom Contact: Jacques Taylor
www.cemsys.com Tel: +27 (0)12 664 0411
Distributors/resellers: Pentagon Distribution, Mustek Security sales@geovisionsa.co.za
Technologies, Protego Worldwide Unit 10, Central Office Park, 257 Jean Avenue, Centurion, Gauteng
Branches: Johannesburg www.geovisionsa.co.za
Branches: Pretoria

Controlsoft Honeywell Building Solutions


Manufacturer Installer/System integrator
Distributor/
supplier Honeywell Building Solutions is a leading provider of integrated
technology solutions that support innovative ways of working. It
Committed to excellence in products, customer service and support, develops, installs and maintains critical building systems that help
Controlsoft develops, manufactures and provides comprehensive keep customer workplaces safe, secure, comfortable and cost-efficient.
access control solutions. Platinum partnerships with leading brands Global experience across diverse markets positions Honeywell as a
HID, Safran Morpho, ASSA ABLOY and LG Iris provide leading edge technology leader renowned for delivering value.
technology such as HID Mobile Access.
Honeywell House, Treur Close, Waterfall, Midrand
Contact: Marilize Munro Tel: +27 (0)11 695 8000
Tel: +27 (0)11 792 2778 servicehbsza@honeywell.com, www.honeywell.co.za
africasales@controlsoft.com Contact Name: Richard Creighton
6 Graphite Park, Fabriek Street, Strijdom Park, Gauteng
www.controlsoft.com
Distributors/resellers: Security Communications Warehouse and
certified integrators. Ideco Biometric Security
Solutions
Installer/System integrator
Elvey Security Distributor/supplier
Technologies
Distributor/supplier Ideco sells biometric products, services and solutions for visitor
management, access control and all aspects of identity management.
Elvey provides a wide range of access control technology for the The company offers scalable solutions that empower business owners
most extensive range of applications. From time and attendance to to circumvent transgressions and transform everyday transactions into
monitoring solutions, integrated or standalone, Elvey provides for all trusted transactions.
its customers’ typical and diverse needs.
Contact: Marius Coetzee
Contact: Elvey Security Technologies Tel: +27 (0)12 749 2300
Tel: +27 (0)11 401 6700 contact@ideco.co.za
info@elvey.co.za Ideco House, 1287 Embankment Road (Cnr Embankment Road &
27 Greenstone Place, Greenstonehill, Edenvale Lenchen South), Centurion
www.elvey.co.za www.ideco.co.za
Branches: Bellville, Benrose, Bloemfontein, Botswana, Cape Distributors/resellers: ADI, Reditron, Softcon, Controlsoft, Afiswitch,
Town, Centurion, Durban, East London, East Rand, George, MASS Solutions, Pinnacle, Bidvest Protea, Coin, Du Pont Telecom,
Greenstone, Marlboro, Namibia, Nelspruit, Pietermaritzburg, Visionway, VCam, Business Connexion, Bytes, CEOS, Jarrison Time,
Polokwane, Port Elizabeth, Pretoria, Rustenburg, Vanderbijlpark Johnson Controls, Schneider Electric, Muvoni, Secuscan
and West Rand Branches: Centurion

116 Access & Identity Management Handbook 2017 www.securitysa.com


DIRECTORY LISTINGS

IDS Johnson Controls


Manufacturer Installer/System integrator
Distributor/supplier
IDS offer GSC access control solutions such as access
control and time recording systems including simple Our software has advanced fea-
stand-alone programmable readers, medium sized systems for up to 20 tures that bring together many building systems to give you a single
readers and large systems supporting up to 1000 card readers. MS-DOS and overall picture of its security. Not just alarms/alerts, but reactions to
Windows based software also available. them, managing everything from access control to intercoms, eleva-
tors, intrusion detection, video surveillance and more.
Contact: Alison Renwick
Tel: +27 (0)31 705 1373 Contact: Marius Brits
alison.r@idsprotect.com Tel: +27 (0)11 921 7100
91 Escom Road, Cnr Escom and Henwood Roads, New Germany, marius.brits@jci.com
KwaZulu-Natal 42 Electron Avenue, Isando, Gauteng
www.idsprotect.com www.johnsoncontrols.com/en_za
Branches: Durban, Johannesburg, Cape Town, East London, Port Elizabeth, Distributors/resellers: Servest, Intellepark
Bloemfontein, Nelspruit, Polokwane Branches: Johannesburg, Durban, Cape Town, Carltonville.

Impro Technologies Milestone Systems


Manufacturer Manufacturer

Milestone Systems is a global


Impro offers pioneering access control
industry leader in open platform IP video management soft-
solutions for small, medium and enterprise installations. Integrated ware. Milestone technology is easy to manage, reliable and
services include CCTV, intrusion and biometrics, among others. Along proven in thousands of customer installations, providing flex-
with its 30 years of experience in the industry, Impro offers free 24 hour ible choices in network hardware and integration with other
systems.
support and a no quibble warranty for South Africa.
Contact: Armand Steffens
Contact: Mike Kidson Tel: +27 (0)82 377 0415
Tel: +27 (0)11 469 5568 arms@milestonesys.com
info@impro.net Stoneridge Office Park, Building B, 8 Greenstone Place, Edenvale
Head Office and Factory, 47B Gillitts Road, Pinetown, KwaZulu-Natal www.milestonesys.com
www.impro.net Distributors/resellers: ADI Global Distribution, Compass Visual
Distributors/resellers: Powell Tronics, Access & Beyond, Elvey Security Security, MiRO, Pinnsec.
Technologies
Branches: Durban, Johannesburg
MiRO
Distributor/supplier
Integrated People Management
Installer/System integrator MiRO is a leading supplier of best-
Distributor/supplier of-breed IP convergence products and services to the ICT
and security markets. It has enlarged its security and access
Experts at integrated people management and electronic control portfolio with the addition of Axxess-E’s range of wire-
security solutions. The company’s physical access, work- less access control products for a simpler and a highly scalable
force management, integration tools and custom software development solution.
enable seamless integration to existing systems such as SAP, Oracle, SALTO,
Impro, Saflec, VIP and many more. Contact: MiRO Sales
Tel: 086 123 6476
Contact: Dale Corby sales@miro.co.za
Tel: +27 (0)87 550 0760 9 Landmarks Avenue, Kosmosdal Ext 11, Samrand, Gauteng
dale.corby@ipm.za.com www.miro.co.za
156 Cape Road, Millpark, Port Elizabeth, Eastern Cape Branches: Gauteng, Nelspruit, Durban, Cape Town.
www.ipm.za.com
Branches: Port Elizabeth, Cape town, Gauteng
Morpho South
Africa
JCM Technologies Manufacturer
Installer/System integrator
A global leader in identity and security solutions for an increas-
Provide integrated CCTV, access control, fire ingly digital and connected world. Backed by more than 40
detection and suppression, intercom, alarm years of experience in biometrics, Safran develops innovative
intrusion and PA systems. Data and fibre net- technologies for a wide range of markets and applications for
work installations and audio visual and people, governments and business.
boardroom solutions.
Contact: Craig Dubois
Contact: Peter Reed Tel: +27 (0)11 286 5800
Tel: 086 111 5359 sec.san.contact@safrangroup.com
peter@jcmtech.co.za Wierda Court Block B, Wierda Valley, 107 Johan Avenue,
Unit 13A, Pinelands Business Park, New Mill Road, Sandton, Gauteng
Pinelands, Cape Town www.safran-identity-security.com
www.jcmtech.co.za Distributors/resellers: Ideco Technologies, Gallagher Security,
Branches: Cape Town, Gauteng EOH, Impro Technologies

www.securitysa.com Access & Identity Management Handbook 2017 117


DIRECTORY LISTINGS

neaMetrics Regal
Manufacturer Distributors SA
Distributor/supplier Distributor/supplier

neaMetrics develops customised, integrated A comprehensive range of biometric devices; RFID and keypad read-
software solutions for biometric ID (finger- ers available as standalone or combined technology readers, PAC
print, face, iris), identification (AFIS), card software and hardware such as maglocks, and an extensive range of
personalisation (Smartcard, RFID, ID cards). request to exit buttons for any application from entry level to com-
Exclusive distributor of Suprema and other mercial access control installations.
identity products, providing specialised
turnkey ID solutions. Contact: Andrew Levell-Smith
Tel: +27 (0)11 553 3300
Contact: Walter Rautenbach sales@regalsecurity.co.za
Tel: +27 (0)11 784 3952 9 Electron Street, Linbro Business Park, Marlboro Drive, Sandton,
info@neametrics.com Johannesburg
108 11th Street, Parkmore, Sandton www.regalsecurity.co.za
www.neametrics.com Branches: Johannesburg, Pretoria, Vanderbijlpark, Nelspruit, Witbank,
Branches: Johannesburg Polokwane, Cape Town, Bellville, East London, Port Elizabeth, Durban,
Pinetown, Bloemfontein.

Paxton Access
Manufacturer Ringmaster Security
Installer/System integrator
A global brand of networked access control and Distributor/supplier
door entry systems, providing simple and reliable
security, ideal for small to medium sized applica- Ringmaster Security provides commercial and
tions. Paxton products move beyond access control to offer energy industrial proximity and biometric access control
saving, building control and CCTV, fire, intruder alarm and biometric sytems which include vehicle barriers, turnstiles, mantraps, sliding
system integration. doors and many more. We offer the finest quality products to ensure
your access control needs are met.
Contact: Werner Geldenhuys
Tel: +27 (0)72 758 6485 Contact: Vincent Botha
werner.geldenhuys@paxtonaccess.co.za Tel: +27 (0)11 476 3381
Paxton House, Home Farm Road, Brighton, East Sussex, BN1 9HU, United sales@ringmastersecurity.com
Kingdom 12 Molope Road, Randpark Ridge
www.paxtonaccess.co.za www.ringmastersecurity.com
Distributors/resellers: Reditron, Pinnacle Security, Regal Security. Branches: Johannesburg

Powell Tronics
Distributor/supplier RR Electronic
Security Solutions
Impro, Safran Morpho, Golmar Installer/System integrator
and its own brand of P-tron Distributor/supplier
software solutions and door
furniture, provide the market Electronic solutions is a company
with top of the range local and equipped with a highly qualified and
global product offerings, unri- experienced team with over a decade of
valled expertise and support experience, the company was established
and unparalleled integrated solutions. with the intention to satisfy our customers
requirements.
Contact: John Powell
Tel: 086 1787 2537 Contact: Rivash Raghubir
marketing@powelltronics.com Tel: +27 (0)11 021 1071
Unit 19-4, The Waverley Complex, Wyecroft Road, Observatory, Western info@rress.co.za
Cape Unit 12, Cycad Block, Cnr 9th Avenue and Rugby Road,
www.p-tron.com Weltevreden Park
Branches: Cape Town (Head Office), Durban, Johannesburg, Port www.rress.co.za
Elizabeth. Branches: Cape Town, Polokwane, Northern Cape

Reditron Saflec Systems


Distributor/supplier Manufacturer
Value-added Reseller
Reditron offers access and identity
management solutions from suppliers such as Safran Morpho, Paxton Local manufacturer of quality access control equipment and devel-
and ViRDI. Its range of products is supported by a strong Technical Team oper of the renowned SACS access control system, specialising in
that will assist with appropriate solution selection and post-sales support. offline access control. Saflec partners with Salto as a value-added
reseller of its Sallis electronic locks which are fully integrated into its
Contact: Jacques Bester access control system.
Tel: +27 (0)87 802 2288
sales@reditron.co.za Contact: Barend Keyser
18 5th Street, Wynberg, Sandton, Gauteng Tel: +27 (0)11 477 4760
www.reditron.co.za sales@safsys.co.za
Distributors/resellers: Regal Exports 48 Richard Road, Industria North, Roodepoort, Gauteng
Branches: Cape Town, Durban, Nelspruit, Port Elizabeth. www.saflecsystems.co.za

118 Access & Identity Management Handbook 2017 www.securitysa.com


DIRECTORY LISTINGS

Salto Systems UTC Fire and Security


South Africa Manufacturer
Manufacturer Distributor/supplier

Salto is driven by innovation. Guided Our access control portfolio


by its insights into customer needs, ranges from hardware solutions embedded with intrusion detection to
it delivers industry-leading, next software solutions with integrated video, and is scalable from small to
generation electronic locking solutions multi-site and multi-national environments. We fine-tune concepts and
without wires and without mechanical product solutions to meet customers’ requirements.
keys. By continually being first to aniticpate market needs in a
rapidly evolving marketplace, it sets new standards in security, Contact: Randhir Seodutt
manageability and scalability. Tel: +27 (0)11 579 7300
randhir.seodutt@fs.utc.com
Contact: Wouter du Toit 29 Angus Crescent, Longmeadow Business Park East, Edenvale,
Tel: +27 (0)11 534 8489 Gauteng
info.za@saltosystems.com www.utcfssecurityproducts.eu
50 Constantia Boulevard, Quadrum Office Park, Distributors/resellers: Available on request
Block 4 Ground Floor, Constania Kloof, Gauteng Branches: Johannesburg, KwaZulu-Natal, Cape Town.
www.saltosystems.com

Vixnet Africa
Softcon Manufacturer
Manufacturer Value-added Reseller

Softcon is a South African company Specialised security data DSSS tech-


focused on developing and manufac- nology communications on Vixnet’s own propriety network. Product
turing cutting-edge technology in the manufacturer and network service provider to the electronic security
access control field. industry. Immune to jamming and congestion, renowned for transceiv-
ing data out of difficult RF areas, i.e. malls, CBDs etc.
Contact: Theo Olivier
Tel: +27 (0)12 348 7301 Contact: Clinton Lemmer
sales@softconserv.com Tel: +27 (0)11 100 1969
475 Kings Highway, Pretoria, Gauteng clintonl@vixnet.co.za
www.softconserv.com Unit 2, Building 6, Pinewood Office Park, 33 Riley Road, Woodmead,
Branches: Cape Town Gauteng
www.vixnet.co.za
Distributors/resellers: Sabertek, C-Track, Accitrack
Suprema Branches: Johannesburg, Cape Town
Manufacturer
Distributor/supplier

Suprema is an international leader in


ZKTeco
Manufacturer
biometric & identity management solu-
Distributor/supplier
tions, including access control and T&A,
embedded fingerprint modules, PC
ZKTeco is a market leading manufac-
fingerprint solutions, live scanners and e-passport readers. Suprema’s
turer of security and time management solutions.
technology is aesthetically pleasing and supported with award win-
ning algorithms.
Contact: Johannes Tlhabi
Tel: +27 (0)12 259 1047
Contact: The Suprema Team
johannes@zkteco.co.za
Tel: +27 (0)11 784 3952
Block F, Wellness Corporate Park, Beethoven Street, Hartbeespoort,
enquiry@suprema.co.za
North West
108 11th Street, Parkmore, Sandton
www.zkteco.co.za
www.suprema.co.za
Distributors/resellers: Regal Security, ERS Biometrics, Security
Distributors/resellers: Located across Africa
Equipment Centre, SBE International, RFIQ, EOH Security and Building
Branches: Johannesburg
Technologies, Inhep Digital Security, Uniclox, Besmarter Technologies,
Sentri Systems, ASSA ABLOY, Workforce Superdata, Page Automation,
Pyro Tech Security Suppliers.
Turnstar Systems
Manufacturer
Zonke Monitoring Systems
Turnstar is an ISO 9001:2015 Installer/System integrator
certified manufacturer of Distributor/supplier
turnstiles, speed gates,
mantrap cubicles, security booths, vehicle barriers, bollards and Supplier of electronic monitoring
road blockers. Production takes place in a 7 700 square metre systems.
factory in Wynberg, with distribution warehouses in the Western
Cape and KwaZulu-Natal. Contact: Hosea Malope
Tel: +27 (0)11 880 1000
Contact: Scott Davey info@zonkems.co.za
Tel: +27 (0)11 786 1633 3rd Floor, South Wing, 160 Jan Smuts Avenue, Rosebank, Gauteng
scott@turnstar.co.za www.zonkems.co.za
18 6th Street, Wynberg, Sandton, Gauteng Distributors/resellers: Nonke Monitoring Systems, Man-Dirk – RSA,
www.turnstar.co.za Azbok – Botswana
Branches: Cape Town, Durban Branches: Main Office – Rosebank

www.securitysa.com Access & Identity Management Handbook 2017 119


Index to advertisers
ADI Global Distribution............................................................................ 25 neaMetrics............................................................................................ 9, OBC

ASSA ABLOY................................................................................................. 45 Paxton Access.............................................................................................. 79

Card Control Systems................................................................................ 31 Powell Tronics.............................................................................................. 97

CEM Systems................................................................................................ 11 Reditron......................................................................................................... 23

Controlsoft.................................................................................................... 27 Regal Distributors....................................................................................... 43

Elvey Security Technologies......................................................................5 Saflec Systems............................................................................................. 13

EOH.................................................................................................................. 17 Salto Systems................................................................................ IFC, 13, 77

Hitech Security Solutions................................................................. 21, 74 Softon............................................................................................................. 91

Honeywell Building Solutions............................................................... 35 Specialised Exhibitions............................................................................IBC

Ideco............................................................................................................... 47 Suprema................................................................................................ 9, OBC

Impro Technologies................................................................................... 39 Turnstar Systems........................................................................................ 19

Inhep Digital Security............................................................................... 41 UTC Fire & Security..................................................................................... 29

Johnson Controls........................................................................................ 49 Vixnet............................................................................................................107

Milestone Systems..................................................................................... 89 ZKTeco............................................................................................................ 61

MiRO............................................................................................................... 15 Zonke Monitoring Systems..................................................................... 83

Morpho South Africa....................................................................................3

120 Access & Identity Management Handbook 2017 www.securitysa.com