Security is about people
Security systems are installed to ensure business continuity by mitigating security related risks. The aim in general is to limit the chances of incidents happening and to limit the effect when incidents happen. In access control that means that only authorized people should get access to secured zones. Which implies that people need to be identified and that doors need to open. Access control, by definition, is limiting the freedom of people to move around.
People in general are ok with the somewhat restrictive nature of access control systems. Most of them understand the need for security measures. They will support the system by using their access control badges (or their finger print or another identifier) to get access. They understand that some doors need to stay closed. And most of them even understand that access control systems monitor their whereabouts for safety purposes.
However people really do not like it when access control gets in their way while they are trying to do their jobs. If a door lock malfunctions too often or if a card reader is not working consistently, people will find their way around them. By physically keeping the door open for example. Which renders all your security policies and systems useless.
People will support systems that do not get in their way. And they might even support systems better if these systems offer a great user experience. And they will love systems that actually help them perform even better in their job. But how often do you see us, security managers, really focus on user experience? We tend to look at security policies and the technology to support them. Maybe it is time to widen our scope a little.
The Wheel of Convenience
When thinking about user experience in security and access control it probably makes sense to define what users are confronted with when they use an access control system. They must be enrolled. They receive a security credential when they do not have it yet. They need to carry around that credential. Present the credential to a reader of some sort. Then, if they are authorized, they need to gain access. And when they lose their credential it needs to be replaced. For which their enrollment needs to be verified and a new credential issued. And the process starts again. Like a cycle in which most steps need to be carried out again and again.
We have tried to visualize that cycle in the model underneath, which we named ‘Wheel of Convenience’.
Users are interfacing with the security system in each step. They are experiencing the usage of that system multiple times per day. Given the nature of this application, it is not likely that manufacturers and installers of access control systems are looking for a ‘WOW!-factor’. It is not their aim to amaze the users of their systems. Remember, the idea was that the system should not be in the way. And users are confronted with the access control system multiple times per day. But would it not be amazing if users felt comfortable using the system? Convenience is probably the key word to look for when implementing an access control system.
The Wheel in motion
So how does the ‘Wheel of Convenience’ help the decision-making process when designing, planning and implementing an access control system, whether it is a building access control system or a vehicular access control system?
The idea is to look at a combination of an identification technology, an access control system and the physical entry. For example, let’s use traditional access badges with any access system and doors with magnetic door locks:
- Enrollment is done at the reception. Which means that users must physically be at the reception. Potentially show an ID. They are then manually entered into the system.
- The user obtains the access badge personally from the receptionist.
- He/she is requested to carry it on a lanyard, so other employees can see the badge.
- When approaching a door, the user has to bend over to present the card to the RFID reader at a distance of a few inches at most.
- To gain access he/she hast to manually open the door that is now unlocked.
- If the user loses the card or if the card is not working, he/she must go to the reception physically to get a replacement card.
This does not sound like a great user experience to us. It is however more or less the reality of millions of users of security systems worldwide.
Spinning the Wheel
Now if you look at each step in the process, there tons of ways to add convenience to this access control experience.
Let’s for example compare the situation above with another combination: the card is replaced by a virtual access control card that is part of an app that uses BLE. The access control system is connected to BLE readers and has an interface to the Cloud. And the doors are replaced with automatic sliding doors:
- Enrollment is done through an online boarding process.
- The user obtains the access badge virtually in the app at a time and place that is convenient to him/her.
- He/she is instructed to carry the corporate (or BYOD) smartphone with the corporate app that includes the virtual access badge.
- When approaching a door, the user or an event triggers the app to present the card to the RFID remotely using BLE.
- To gain access he/she must just walk to through the sliding doors that have automatically opened.
- If something is not working right, he/she has use the app to get remote support and for example receive a replacement card.
From a use perspective this process looks much more convenient. There may be security considerations to rethink some of the steps in this process, but that will be very much depending on the context in which this process is executed.
Many other combinations can be held against the Wheel of Convenience as well. Think about vehicle access control systems. The identifying technology may be the license plate with an ANPR reader or a RFID tag with Nedap long-range readers. The barrier may be a gate or a bollard. Hundreds of combinations are possible. But applying the Wheel of Convenience may help to widen the focus when designing a solution.
Adding convenience to security
It is our firm belief that adding convenience to security very often equals raising the security level of your organization. Remember: users make or break your security policies. Why not enhance their experience and increase their commitment while doing that?
Please contact your Nedap representative to find out more.