We’ve written before about the benefits of keyless access control. Traditional keys create a number of challenges for organizations, from the logistics of getting physical keys to the people who need them, to inherent security flaws, such as unauthorized key use, lost keys, and anonymous access.
For organizations in regulated industries, these problems are amplified under the scrutiny of regulating bodies. When an organization has compliance requirements, whether due to safety concerns or the nature of what’s being secured, access control systems need to provide another layer of identity assurance. In case of an infraction, suspected or actual, it’s critical that organizations be able to provide a reliable, accurate, and defensible story of who accessed what assets, and when.
Keyless access control systems are the best way to accomplish this, but not all keyless solutions are created equal. While there are a number of robust keyless solutions, not all provide the features required to maintain compliance and defensibility. Keyless access control solutions fall into two primary categories: bring your own power (BYOP) and embedded power.
BYOP keyless locks
Keyless solutions without an embedded power source use energy harvesting techniques, such as Near-Field Communication (NFC), on a mobile device to open the lock. As the power used to open the lock is transferred from the mobile device to the lock, this type of lock is positioned as an environmentally-friendly, low-maintenance solution.
However, keyless access control solutions without a continuous power source not only cripple some of the key compliance features, but create a security risk for your critical infrastructure.
Locks without a permanent power source don’t allow for a real-time clock, creating an opportunity for time-based attacks, where hackers attempt to modify keys or access logs by manipulating the time on a mobile device.
Lack of permanent power also limits the ability to open a lock without a mobile device if needed, such as when the device is out of power or out of coverage, or when end users simply refuse to be tracked by their phones.
The technology that facilitates the opening, NFC, also isn’t universal. Not all mobile devices are NFC-enabled, and users may find themselves in the inconvenient position of not being able to open a lock. In any case where the manufacturer requires a BYOP approach every time a user goes to open the lock, there is a risk of not being able to access the asset. BYOP is perfectly convenient until it fails, in which case it fails very hard and creates a host of headaches for users and downstream stakeholders.
While manufacturers of battery-free locks often claim that their solutions are maintenance-free, since batteries don’t need to be replaced, the costs of replacing batteries occasionally is far outweighed by the benefits that come with powered solutions.
Keyless locks with embedded power
Like other keyless locks, locks with a continuous power source provide a smooth experience for both administrators and users. Digital keys can be issued, and revoked as needed, to anyone with a mobile device. The challenges that come with mechanical keys are greatly reduced, and the security concerns about unauthorized use or loss of keys are eliminated.
Moreover, keyless locks with a continuous power source have the ability to store access events, which provide key operational insights and automated audit trails. The battery or wired power source in locks and controllers, not only tracks and stores opens, but also unexpected events and unauthorized access attempts.
Critics of powered locks will often point to the total cost of ownership (TCO) and additional effort required to maintain these locks, but it’s a weak position. For example, Sera4 padlocks have a low-power design that allow thousands of opens on a single battery. As for additional maintenance visits, the typical battery life of a Sera4 padlock is five years, and it’s trivial to schedule battery replacement or restocking of a battery depot during scheduled asset maintenance. Sera4’s lock controllers are wired to power and maintain their own backup power, so these systems are as carefree as energy-harvesting systems, with no downsides.
A constant power source also allows for an alternative method to open a lock, which we call Failsafe Unlock. Our padlocks include a micro-USB port to power the lock, if needed, via a portable battery, AC adaptor, or laptop.
While any keyless solution is better than a mechanical lock for ensuring and tracking compliance, a continuous power source provides the features that organizations need to provide defensibility around their policies, actions, and activities.
Sera4 works with leading organizations in regulated industries such as telecom and utilities, and we’d love to chat with you about how our armored hardware and proprietary software, Teleporte, can help you be more compliant with your industry’s requirements. To see our solutions in action, book a demo or contact our team.