Smartphone Mobile Access in Your Campus Security Plan

pexels-photo-891675.jpeg

Let’s face it, smartphones and tablets are everywhere. As a society, we do almost everything with our mobile devices. These handheld supercomputers deliver our news, entertain us, keep us connected, and even act as flashlights, cameras, and GPS systems. And this societal shift to constantly-connected handheld devices is most prevalent with today’s student population.

As locks, access control systems, and smartphone functionality continue to advance, we’ve seen a big increase in interest regarding the use of mobile devices within access control systems — specifically for college and university campuses.

There has been an interest in mobile device integration for several years. What's changed over the past year or so is that devices have become so widely used, and Bluetooth connectivity has become so easy, stable, and secure, schools now see mobile access as a very real and viable possibility.

Students and faculty alike are aware of a mobile phone’s ability to pair easily with compatible devices, so it’s a natural expectation that the same experience would apply to locks and access control systems. IT departments and facility managers see a no-infrastructure, no-cost way to advance the use and convenience of their systems, but there are still questions and concerns to address.

Early Adopter Risks?

Most of the inquiries about the transition to mobile are from campuses who already manage card-based access control systems. They want to know how to migrate their credentials from a card to a phone. Primarily, these are very progressive schools that have already deployed a variety of electronic access control technologies, including wireless.

While it's great that schools are asking about mobile, and yes, they can use a mobile device to present credentials, we need to put this into context. The discussion is really about using electronic access control. It doesn't matter whether you use a card or phone. 

We recommend starting with a card-based system, and then migrating toward a mobile credential implementation plan. Without proper planning, there is risk in not having proper policies and procedures in place. What happens if an employee is fired, or a student is expelled? How do you revoke credentials? What happens if a phone is lost? How is all this best managed?

Where to Begin

Schools currently using brass keys and considering piloting a card lock system typically want to test a system for a few months before making a final decision. We suggest testing mobile access the same way. A college or university who already has access control in place and is interested in mobile access should pick an area — a single wing, building, or floor perhaps — and test it before rolling it out campus-wide.

If the school is new to access control, that's a bigger transition. They would have no access control experience in the first place, which means there is a lot to manage at the same time.

It’s wise to take small steps, but don't be afraid to get started. Remember that the ultimate goal is protecting the students. If mobile is a driver for access control, start by deploying a card-based system and move away from brass keys. Once the card-based system is up and running, it’s much easier to make the move to mobile.

Private/Public Security

There are often concerns, because a brass key or a proximity card is owned and controlled by the institution, but with mobile access the smart phone belongs to an individual. Although a smartphone belongs to the student or faculty member, keep in mind that the phone is merely a device that can be used to hold the credential. The credential can easily be issued or revoked regardless of who owns the phone. 

Some institutions don't even want to consider mobile, because they charge a fee to issue and replace key cards. With a large campus and residence hall system, this turns into a significant revenue stream for the school. How will that revenue be replaced?

One university conducted a pilot with mobile, where students could choose a card for access at no charge or choose to use their mobile device for a $50 fee. They had a good number of students opt in and pay the fee for the convenience of using their smartphone.

Another important consideration is that students or employees might lose a key, or lose a card, but they rarely lose their phones. Phones are always in hand. People don’t share them, loan them or even let them out of their sight. Our phones are almost always conveniently within reach, and for this reason alone, phones may have the upper hand from a security point of view.

Connectivity Choices

For years, we’ve had the ability to support mobile access using Near Field Communication, or NFC. To date, NFC has been challenging, because the device manufacturer, the network operator, and the Trusted Service Manager all want a portion of the service. This involves extra costs, complexity, and a chain of systems that could result in reliability issues.

With today’s Bluetooth Low Energy (BLE) connectivity, any Bluetooth phone can be paired with a Bluetooth-enabled lock without any middleman, additional infrastructure or costs.  

While BLE has clearly been an impetus for mobile access, new developments with NFC could provide us with two very solid technology options. Regardless of what course this takes, ASSA ABLOY is ready to support your campus with a broad range of locks that support mobile access using both BLE and NFC. As with any security upgrade, we recommend a future-proof solution that can support rapidly evolving technologies and the growing needs of your campus. 

Additional Considerations

If you are considering going mobile, first, keep in mind the big picture. Mobile access is exciting, convenient, safe and something that people want, but remember the first priority is deploying access control to provide a safe and secure environment for your campus. The best way to do this is to start with a card-based system, and then bring in mobile access at a later date.

Also, note that not all mobile access is created equal. Do your homework - make sure the credentials within the phone are highly secure and that your locks will support inevitable changes in mobile technology. 

And as far as going entirely mobile, we don't yet know what that experience will be like. With the sharp increase in interest regarding mobile devices, I’m sure we’ll see our first all-mobile access control deployment very soon.

About the Author

Angelo Faenza is the General Manager, PERSONA and Vice President of Campus Electronic Access Control Security Solutions, ASSA ABLOY Door Security Solutions. ASSA ABLOY will be joining the conversation at The Great Conversation in Security on March 5&6 in Seattle, Washington.