Answering some of the challenging questions on how modern commercial infrastructures in today’s metropolises ensure the safety of people and protection of physical and intellectual property.

Physical owners of commercial organizations today face unprecedented security issues that concern owners and occupants alike. Employee theft, property crime and information security are all now major concerns, with more than 1.1 million shoplifters and dishonest employees apprehended by just 23 major retailers in 2012. ‘Desperation crime’ is also emerging across the UK as an official issue, being cited in the most recent Police crime statistics. In response, companies are looking to invest in security technology such as burglar alarms, fire protection systems, video surveillance, intrusion detection devices and most critically access control, all to protect three things: people, assets and increasingly today, data or information.

Access control technology, in the hands of competent and capable security officers, can reduce property liability, cut material losses, and keep people safe. But keeping security staff trained on separate, stand-alone systems can be challenging, and must be addressed as part of broader security objectives. In an era when there are increasingly sophisticated and complex control systems available, it is very easy to lose sight of the basic facts and, in times of plenty there were the budgets available to invest in advances systems and maintenance. But in today’s more restrained times, every investment is likely to be scrutinized far more closely and so it is essential to build a strong case from the ground up. Employee theft, property crime and information security are the major security concerns for all UK companies. Reports continue to suggest a rise in crime in the UK, with the Federation of Small Businesses recently suggesting 64% of businesses have been victims of crime in the last year, but widespread austerity cuts limit the resources available to focus on economic crime. Burglary and vandalism also continue to rank high as additional concerns. This all translates to two priorities: keeping people safe and protecting buildings and content, or assets.

People protection

The people side may be relatively straightforward to protect employees and occasional visitors. At the other end of the spectrum, it may present a far more complex picture of protecting the general public and a wide range of different employees. But today’s security concerns also include catering for an increase in temporary and part time staff, and staff turnover generally is now much higher in many organizations. This has real implications for managing staff identities and access privileges and the simmering increase in levels of pilfering by staff and the general public must be considered in any security upgrade decision.

Asset protection

The assets range from the protection of physical buildings, to security equipment, through managing data. This current rise in pilfering ranges (latest research suggest a 5.5% increase) from petty theft of supplies that can be re-sold easily or used in domestic homes could easily extend to concerted efforts to steal higher value assets such as IT equipment. The latter then creates an additional security risk. Although it is annoying, the cost of replacing an 18 month old laptop is not bank breaking, but the confidential and identity related data contained on a stolen laptop is far more valuable in the wrong hands and open up the organization to a very different level of criticism and legal challenge. The key areas of emphasis for securing people and assets – authentication, identity and auditing – have not changed regardless of the size of the commercial building, its location or the level of security risks that need to be addressed today. But changes in how and where companies do business with all kinds of flexible deployment models now available for staff, along with rapid technological advances, are driving innovations in the security industries that are beginning to impact on commercial buildings as well. As a consequence, there is now a plethora of potential solutions for each security challenge, but also the fact that the choice is so wide may, in itself, be a problem for time constrained facilities managers.

One way to choose between the different options available is to use one simple planning tool in business, namely the ‘hurdle rate’ where specifiers and estate managers may consider the answers to the following questions. How many hurdles or barriers do you need to erect to deter or prevent a risk to security? How long do you need each hurdle to deter? What is the likelihood of detection and what is the response time on alarm? What are the consequences of failure?

Barriers to entry

So in critical areas it is perfectly appropriate to invest in several barriers to entry, with clear alarms and response times and routines. At the same time, there will be other zones which will not require anywhere near the same hurdle rate to provide an adequate balance between security, risk and cost. By assessing security requirements in this way, the need to purchase additional security systems can be justified as necessary at a time when every expense must bring return-on-investment (either by loss prevention, premium rental income or increased staff retention or obvious satisfaction.) Access control is the means by which people are granted or denied access to restricted areas, such as office suites, storage facilities or parking garages. Office buildings for example, can either house individuals tenants and companies in a multi-use property, or be owned and occupied by a single company.

Varying degrees of access are required depending on use, and administration of access control for personnel can be distributed amongst several individuals. With different needs for owner-occupied and tenant-occupied buildings, how does management begin to evaluate the various types of access control systems that are available? Furthermore, in a growing and changing office environment, what is the best kind of access control to meet future needs? A flexible form of access control uses cards with magnetic card readers, proximity readers, barcodes or smart cards with embedded microprocessors. Card access control at many large office buildings is coming today, and there are a variety of systems with different levels of sophistication. There are many advantages to card access control. Employees can be coded with access to specific areas dependent on their need, company affiliation or any number of factors. Individual privileges can expire on a given date if desired. And in areas where tighter security is required management can install keypads, keypad/card combinations or biometric devices that can scan fingerprints or handprints.

Triggering devices

When used as a stand-alone system, card readers and other electronic access devices offer a cost-effective and flexible way for owners of office buildings to control who has access to the various areas, with the system recording who has gone where, and when. The sequences of operations is for the access device to trigger the door lock, entry is granted and the event is recorded by the central system. But if a device can trigger the lock, why not use this inherent ability to trigger other security devices as well? As a stand-alone system, access control does the job, but does not fully leverage the connected sensors for broader security objectives. Faced with this complex balance of competing priorities, how can a security officer navigate an effective way forward, ensuring adequate security within the financial and technical parameters of their premises?

As discussion points, the following may provide useful indicators. Implement an up to date risk assessment using planning tools such as the ‘hurdle rate’ to gain a personal understanding of the risk factors to your commercial premises. This risk assessment must start with the likely level, frequency and severity of threat to the security and safety to premises and staff, quickly followed by the safety and security of other visitors and users of the site. It is important this risk assessment is informed by credible, relevant statistics and not by headlines, rumors, urban myths or local prejudices.

Achieving secure movement

Also, back up any findings with a free survey service provided by many leading access control providers. Finally take a hard look at the likely level of loss and the consequences. And factor in the quality of the staff (and management) experience by considering the ease with which secure movement can be achieved. How many different credentials are you considering (keys, pin codes, fobs, cards etc.) Traditionally access control systems have secured only 20% of the doors. This number is increasing with the introduction of low cost wireless technology. This also has the effect of reducing the number of credentials in use if planned properly. Select appropriate technologies Full access control functionality on all doors may not be needed. It is important to differentiate between the functionality you really need in different areas and significant cost savings can be achieved. Keyless institutions are now a reality. Where a site already has an existing access control system but which now needs to be extended to include new facilities, this is now possible with compatible wireless technologies at low cost. There is no doubt that for the commercial sector, security and access control is a complex and challenging issue. This is not only in light of the major shift in social and technology trends that are making such a big impact on the business communications landscape, but also mindful of the need to respond to the prospects of a long drawnout economic recovery, rather than a swift re-bound from recession. These factors alter the dynamics of security planning and forces designers and specifiers working with private sector developments to consider ‘people’ and ‘assets’ on a much deeper level with much greater focus than just a good choice of access control and other security devices.

A carefully considered security system, integrated in a flexible and scalable building automation system allows multiple systems to be used at once, expand applications of security for least cost, and protect the security system capital investment from becoming obsolete in the near future. Today maximum security is a blending of physical security, policies and procedures as well as technology to obtain a safe and secure environment.

By Damian Marsh Assa Abloy Access Control