There are many different types of Access Control System Types and identifying which is best for your type of business is ideal before you hire an installation company or purchase a system to secure your facility. This guide breaks down the different solutions to help you get started.
Access Control Defined
The term “access control” describes granting access in or out of any restricted area. It is basically identifying a person doing a specific job, authenticating them by looking at their identification using a card reader or biometric, and giving that person access to the required door or computer.
For a Facility, access control systems are one of the most crucial assets. These systems not only scrutinize people entering and leaving the premises, but also establish controls against those who cannot gain access. It requires a good knowledge to choose among the best access control system types that fits your facility's needs.
Electronic Door Access Control Systems are not created equal and there are several key mistakes we can avoid to create a successful new installation or upgradation that can dramatically improve the security of your facility.
Hospitals use access control systems to secure information and protect staff, patients, and visitors from those with malicious intent and people who, driven by intense emotions and stress, can grow violent against health care workers. Therefore, the hospital should select a unique solution from the access control system types and the specific features selected should address these security concerns.
Access Control System Types
There are alot of methods and best practices as to how access control systems are managed based on the operation or type of business you have.
Here are 13 Access Control System Types to secure your facility :
Cloud-based Access Control (CBAC)
It is the best solution when it comes to securing your facility, providing a much higher level of security, unlimited scalability, minimal effort, greater convenience and maintain simplicity. The access permissions are stored, managed and processed on a network of remote servers hosted on the Internet, rather than on local servers or personal computers. This allows an administrator to manage the permissions from anywhere and anytime, simply by using a browser. Unlike other Access Control models, which consumes lot of resources, CBAC saves internal resources and offers subscriptions that can increase your company’s bottom line.
On-premise Access Control (OOAC)
It offer a level of security and control that’s simply not possible in the cloud. Business can control, manage and handle the data by their own dedicated employee or IT staff. The access permissions are implemented on local servers or personal computers, that are managed daily by the internal security, IT personnel, or both. These access control software platforms needs regular maintenance to ensure proper functioning. There is no doubt that the traditional OOAC is proven to be a highly effective physical security solution all over the world.
Mobile or smartphone-based access control systems (MBAC)
It is the use of mobile device like smartphone, tablet or wearable to gain access to secured doors, gates, networks, services and more. Mobile-First is growing in demand globally making MBAC the most essential component to secure different businesses.
Highly intuitive “Tap” and “Twist and Go” gestures, employees can gain more convenient and efficient access.
Operational Efficiency and Cost Effectiveness
Administrators can create, manage, issue and revoke credentials through the cloud with the option for subscription billing, customers enjoy a more predictable cost as user licenses can be added or removed. This enables organizations to efficiently scale up or down in response to their business needs.
Mobile Access provides a highly reliable and secure cloud platform for data integration.
IoT-based access control systems (loTBAC)
IoT devices play a crucial role in helping organizations to compete in today’s digital marketplace, therefore IoT presents a unique set of access control challenges due to low power requirements of IoT devices, low bandwidth between IoT devices and the Internet, distributed nature of the system, ad-hoc networks, and the potential need for extremely large number of IoT devices. This model connects all the door readers to the internet and have firmware that can be updated whether for security reasons or to add new functionality. On a high level, there are two ways to implement access control for IoT.
The user accesses only cloud-based servers that authorize the request and relay data between the user and the IoT devices.
An access control server grants access tokens to users, who use them to access the IoT devices directly.
Attribute-based Access Control (ABAC)
It is also known as policy-based access control, an access control paradigm whereby access rights are granted to users using policies which evaluate attributes (user attributes, resource attributes and environment conditions). A next-gen technology to secure business-critical data determined by attributes such as group, department, employee status, citizenship, position, device type, IP address, or any other factors that can affect the authorization outcome. These data are obtained from a database, Salesforce, LDAP server ,or even from a business partner for federated identities.
Discretionary Access Control (DAC)
The data owner has full control over all the programs and files in the system and determines who can access specific resources. For example, a system administrator may create a hierarchy of files to be accessed based on certain permissions. The Authentication is based on supplied credentials such as username and password with user identification.
DAC is easy to implement and intuitive but has certain disadvantages, including:
End user has complete control to set security level settings for other users and the permission to end user is inherited into other programs
Inherent vulnerabilities (Trojan horse)
ACL maintenance or capability
Grant and revoke permissions maintenance
Limited negative authorization power
History-Based Access Control (HBAC)
Access is granted or declined based on the real-time evaluation of a history of activities of the inquiring party, e.g. behavior, time between requests, content of requests. For example, the access to a certain service or data source can be granted or declined on the personal behavior, e.g. the request interval exceeds one query per second.
Identity-Based Access Control (IBAC)
It is a simple, coarse-grained digital security method that determines whether a user will be permitted or denied access to an electronic resource based on whether their name appears on an Access Control List. Using this network administrators can more effectively manage activity and access based on individual needs. Some of the advantages of the identity-based security approach include:
The ability to exercise very fine-grained control over who can use which services, and which functions those users can perform
The possibility to enforce access control policy across a variety of devices, such as smartphones, tablets, and PCs.
Mandatory Access Control (MAC)
This is just the opposite of DAC where users do not have much freedom to determine who has access to their files. For example, security clearance of users and classification of data (as confidential, secret or top secret) are used as security labels to define the level of trust. It limits the access to resources based on the sensitivity of the information that the resource contains and the authorization of the user to access information with that level of sensitivity. MAC is most often used in systems where priority is placed on confidentiality.
Organization-Based Access control (OrBAC)
This model allows the policy designer to define a security policy Independently of the implementation. It affords a high degreeof expressiveness and scalability. Each security policy is defined for and by an organization. Thus, the specification of the security policy is completely parameterized by the organization so that it is possible to handle simultaneously several security policies associated with different organizations.
Role-Based Access Control (RBAC)
Access based on the job title of individual users within an enterprise. RBAC largely eliminates discretion when providing access to objects. An employee’s role in an organization determines the permissions that individual is granted and ensures that lower-level employees can’t access sensitive information or perform high-level tasks. For example, a human resources specialist should not have permissions to create network accounts; this should be a role reserved for network administrators. Companies largely depend on this model to secure their sensitive data and critical applications Improve operational efficiency, enhance compliance, giving administrators increased visibility, reducing cost and decreasing risk of breaches and data leakage.
Rule-Based Access Control (RAC)
This method is largely context based. Access is granted or denied to resource objects based on a set of rules defined by a system administrator. Example of this would be only allowing students to use the labs during a certain time of day. When an account or group attempts to access a resource, the operating system checks the rules contained in the Access Control List for that object.
Responsibility Based Access control
Information is accessed based on the responsibilities assigned to an actor or a business role. A responsibility corresponds to a set of views. Each user must be assigned at least one responsibility. When you assign responsibilities to a user, the user has access to all the views contained in all the responsibilities assigned to the user and that are also included in the user’s current application. For example, the responsibility assigned to an administrator might include the views in the Administration – Application screen. The administrator sees this screen listed in the Site Map and can navigate to the views it includes. A customer care agent typically does not have administrative views in a responsibility, so the agent would not see this screen, or its views listed in any context.
Choosing the Best Solution among the various Access Control System Types for Your Organization
Commercial Access Control Systems can be customized between your organization, personal, type of business & integration with 3rd party systems like time and attendance platforms or video surveillance. Customizing the best solution that meets your budget but also protects your employees is a critical decision with a lot of access control system types. Consult with an Access Control Professional who can outline the options and deliver a clean plan to secure your facility.