Dramatic cost savings proposition for customers — In addition to eliminating up-front physical equipment costs for organizations, the managed service model also rids the customer of recurring costs associated with managing the IT infrastructure. For many organizations the cost of installing, licensing and provisioning a new rack-mounted server can exceed the cost of fully transitioning to a managed service model for Web-based access control. In some cases, this can save the enterprise customer upwards of 40% on recurring annual system support and licensing costs, according to Moran.
Access control as a service is by no means strictly an enterprise service. In many ways, the flexibility and affordability of a hosted or managed services model opens up these services to organizations that could not previously afford the up-front expenses and consequently were priced out of the market.
“RedCloud has seen significant traction to date for its broad set of access control solutions within the K-12 and higher education markets, as well as social and health facilities responsible for securing multiple facilities, patients, staffers and visitors,” Moran says.
At the same time, access control as a service can enable integrators to tap into a prospect’s operational and maintenance (O&M) budget, which for many organizations includes more readily accessible and greater amounts of funding, as opposed to straight out purchasing that comes from capital budgets.
Budgets, technology innovation and an opportunity to extend the benefits of access control to new sets of customers have created a strong opportunity for installing security contractors to cost-effectively deliver cloud-based access control as a hosted or managed service, without the need to invest in expensive servers or extensive IT infrastructure.
High Points of Smart Cards
On the books since 2004, Homeland Security Presidential Directive 12 (HSPD-12) initiated the creation of a standard for a secure and reliable form of identification to be used by all federal employees and contractors. The end result: Federal Information Processing Standard 201 (FIPS 201), which created the infrastructure needed to deploy and support an identity credential for physical and logical access.
This coincided with the creation of the Personal Identity Verification (PIV) card and the PIV-Interoperable (PIV-I), a non-federally issued credential designed to be used by state and regional employees as well as the first responder community. The Commercial Identity Verification (CIV) credential was developed to define a commercial credential that could take advantage of the PIV infrastructure.
Originally, when the FIPS-201 program was launched the government was most concerned with logical control. But those days are over, says according to Raj Venkat, business leader for readers and credentials, Ingersoll Rand Security Technologies. About a year ago the government issued a memorandum telling federal agencies to “aggressively step up their efforts” to use the FIPS-201 card as “the common means of authentication for access to that agency’s facilities … ”
In order to be compliant with the FIPS-201 PIV standard, cards that are solely contact or contactless cannot be considered. While there are specific standards required for the contact and contactless combination smart card, the card reader is a different matter.
“In general, at one’s facility, the only requirement of the card reader is that it be capable of reading the FIPS card and communicating with the access control system,” Venkat says. “Facilities can install any brand of reader that is FIPS compliant and will read either the contactless or contact portion of the FIPS card.”
Maintaining access to a facility while operating both proximity and FIPS-201 smart cards can be accomplished by installing multitechnology readers that simultaneously read existing proximity credentials as well as the new FIPS-201 cards.
Initially slow on the uptake, PIV card technology is beginning to take root outside the federal government and its contractors. A variety of companies and entities that do business with the federal government are adopting PIV-I. Transportation Worker Identification Credential (TWIC) in the private sector is also based on PIV.
Page 2 of 3 pages <
Mobile Access Control