Securing the Networked World
There are a growing number of networked high-tech devices and systems in operation throughout the world today. Most of these systems function as essential components of communications and power networks, or as intelligent equipment or devices featuring connectivity to larger networks.
Whether located within internal structures or out of doors, these systems have two key features that need to be considered:
- They are secured in enclosures that protect valuable technology or equipment
- They need to be accessed on a routine basis by a variety of personnel performing maintenance, technical tasks, or refilling and updating items secured within the enclosure
Electronic access solutions with integrated electronic locks and latches can be used to secure networked enclosures in remote locations. Integrating electronic access solutions into networked enclosure applications involves replacement of traditional mechanical locks with intelligent electronic locks. These electronic locks can act as standalone access control devices, or they can be connected to a network for remote access control.
Some enclosure manufacturers and end users have a perception that these solutions require significant hardware and IT investment and ongoing support. However, electronic access solutions can function within the larger Internet of Thing (IoT) digital landscape, providing intelligent access and control without having to necessarily wire into a network or install additional hardware or software. As a result, these wireless electronic access solutions can be used to solve a variety of physical security challenges for networked enclosures with minimal cost and complexity.
Enclosure Security Challenges
Networked enclosures are used in a wide range of industries and applications, each with their own unique set of security requirements.
So common and utilitarian that they almost disappear from view, telecommunications and cable companies use secure enclosures to house a broad range of equipment—network distribution racks, fiber optics systems, cable communications devices—that typically link networks to homes, businesses and other locations.
Securing these widely dispersed systems is crucial, especially since most are located outside and are at significant risk for vandalism and theft of valuable materials, like batteries, copper wire, and perhaps most critically—the sensitive data they contain. At the same time, they are routinely accessed by service technicians, sometimes from several different companies or sub-contractors.
Many of these telecom enclosures are secured with physical padlocks only; some even use multiple padlocks with different keys for different vendors, an inefficient and vulnerable method of securing the unit.
Automated teller machines have spread far beyond the walls of bank and credit union branches and are typically placed in virtually any location where consumers would want cash for retail purchases. In some cases, two types of vendors need to access these systems: one to restock the cash, the other to replenish printer supplies and perform equipment maintenance.
Strict control and audit trails of who accesses these systems, which are loaded with large amounts of cash, is vital. Traditional lock and key access makes it difficult to track ATM service access, which is often a key compliance requirement.
Self -Service Vending
This is a growing category of networked enclosure systems with increasing sophistication and security requirements. Beyond traditional snacks and soft drinks, everything from high value skincare products to lottery tickets are now dispensable from self-service machines that are widely dispersed and need regular product replenishment, removal of cash and servicing of electronic and mechanical components.
Despite the fact that many vending machines are now networked devices that enable the use of credit and debit cards to conduct transactions, in many cases these machines are still using purely mechanical locks to control physical access.
In many manufacturing and shop work environments, specialized tools that are expensive and require proper training for use are carefully managed. They are often stored in secured toolboxes that provide automated tracking and inventory management. In some cases, access to specific equipment and machinery by licensed or certified end users must also be controlled. In order to access specialized equipment, end users must gain permission through sign out sheets in order to obtain the appropriate key.
Electronic access solutions provide a good physical security solution for each of these enclosure applications. Rather than a mechanical lock and key solution, these systems provide a digital credential that can be easily issued or revoked—in some cases from a remote location.
There are generally two types of access control solutions: standalone and networked. Standalone solutions have no network connection and the credentials are managed at the unit. These systems provide a simplified way of providing digital credentials. Although more complex, networked access control systems offer the benefit of providing credential management and audit trail reporting. This however, requires a network connection and typically software to install and maintain.
Wireless Access Control and Audit Trail Reporting
Systems are now available that allow for remote credential management and audit trail reporting without the need for a physical network connection. These solutions leverage BLUETOOTH® wireless communication and cloud based access control software. The advantage to these solutions is that no physical connection to a network is required.
BLUETOOTH® wireless, cloud-based access control solutions offer a simplified, scalable means of adding electronic access and control to networked enclosures, with minimal installation and setup. The flexibility provided by cloud based, wireless BLUETOOTH® controllers allows the owner/operator of the enclosures—telecommunications maintenance management, for example—to grant access to personnel from anywhere without having to physically be on-site when access to equipment is necessary.
Once these virtual keys have been delivered to a smartphone or added to existing credentials, Wi-Fi access is not required for communication between the BLUETOOTH® enabled phone or RFID card, and the lock controller.
Intelligent electronic locks are a key element of an electronic access solution, restricting access through the validation of user credentials. Optimum intelligent locking solutions not only require the appropriate electronic signal to operate, but also provide critical output signals for remotely monitoring the security of the enclosure.
Major suppliers of these types of systems have developed robust electronic locks especially for use in outdoor applications such as telecommunications enclosures. They feature housings and electronics selected and designed to prevent extremes of weather or moisture from compromising the electronic lock’s functionality.
There are two options for providing access to equipment with BLUETOOTH® lock controllers: by using a smartphone directly or with existing RFID access credentials.
A BLUETOOTH® enabled smartphone is one convenient device for functioning as a “key” to access equipment with electronic locking mechanisms. Individuals who are to be authorized for accessing equipment—technicians performing maintenance or moves/adds/changes to telecommunications equipment—will have a smartphone app on their phones. Time-based virtual keys can be sent wirelessly to the app via a cloud-based web portal.
To access the secured equipment, the technician approaches the rack and touches the access button on their installed app, which transmits the encrypted BLUETOOTH® signal to the lock controller, unlocking the door and sending a record of the access via the smartphone app to the cloud.
Each lock controller has a unique, algorithm-based identity, which is stored in the remote web portal database. The BLUETOOTH® device does not require a wireless network to open the lock. The smartphone simply communicates via BLUETOOTH® with the lock controller. Each time access occurs, a digital audit trail is generated and sent using a wireless network connection to the remote web portal, via the cloud.
This is a highly secure approach. The electronic key loaded to the app will typically have a limited timeframe during which it can be used. If it expires, the technician must re-access the cloud for re-authorization. In addition, the BLUETOOTH® signal has 128-bit encryption, protecting it from hacking. Additionally, since the lock controller is not tied to a network, it is not a point of vulnerability for hackers.
As an alternative to Bluetooth access from smartphone apps, electronic lock controllers may also accept input from traditional RFID readers. Users can access the equipment using traditional RFID cards, following the same basic protocol. The lock controller is a BLUETOOTH® enabled device that periodically uploads and downloads credential information, and downloads audit trail data wirelessly to a BLUETOOTH® enabled wireless tablet or other device.
The audit trail is pushed from the BLUETOOTH® controller to a wireless device and up to the cloud, where it can then be accessed by the equipment owner’s operations office. Administrators can assign and revoke RFID cards using the same cloud-based web portal.
This is a convenient approach for settings where smartphones are not permitted to be used, including factory floors (where there is proprietary equipment or a work rule restricting smartphone usage) or hospital/healthcare settings (where HIPAA regulations set strict requirements concerning patient records).
Leveraging Electronic Access to Improve Operations
Within the IoT landscape, electronic access solutions provide intelligent access and control, thus providing crucial data that can be leveraged to enhance productivity in unique ways.
For example, one company produces a materials storage and managed inventory system for use in auto body repair shops. It has been a recognized fact in the body shop industry that there are significant levels of waste—up to 30 percent—in materials such as paint and filler used in body repairs, due to the way the materials are typically accessed.
Another good example is the service hangar at an airport. It is critical to keep track of tools and to make certain that they haven’t been left in an aircraft during maintenance. Technicians are required to check tools out and then back in, and they should have records that the tools have all been accounted for.
Using a BLUETOOTH® enabled access system, technicians log in when they need tools or materials, and the items they pull are tracked according to the repair they are working on. With electronic access technology, this process can be automated, with each technician supplied with an RFID card or unique digital key that enables accurate tracking of who accessed an item, when it was checked out and if necessary, checked back in. As a result, a BLUETOOTH® enabled access system can improve cost control, materials management and helps precisely manage work materials inventory based on actual consumption.
Networked systems and equipment deployed throughout our modern world need to be both secured and easily accessed on an ongoing basis. While mechanical keys and locks do offer simple, basic protection, they can be difficult to manage and track.
Electronic access solutions provide significant benefits for physical security management, providing simplified credential management and audit trail monitoring. By adding BLUETOOTH® controlled electronic locks to sensitive equipment, managers can control access, protect valuable systems and equipment, and service these enclosures with efficiency and maximum security without the need for a physical network connection.
The BLUETOOTH word mark and logo are registered trademarks of Bluetooth SIG, Inc. and are used under license.