Powered locks: your key to compliance

We’ve written before about the benefits of keyless access control. Traditional keys create a number of challenges for organizations, from the logistics of getting physical keys to the people who need them, to inherent security flaws, such as unauthorized key use, lost keys, and anonymous access. 

For organizations in regulated industries, these problems are amplified under the scrutiny of regulating bodies. When an organization has compliance requirements, whether due to safety concerns or the nature of what’s being secured, access control systems need to provide another layer of identity assurance. In case of an infraction, suspected or actual, it’s critical that organizations be able to provide a reliable, accurate, and defensible story of who accessed what assets, and when.  

Keyless access control systems are the best way to accomplish this, but not all keyless solutions are created equal. While there are a number of robust keyless solutions, not all provide the features required to maintain compliance and defensibility. Keyless access control solutions fall into two primary categories: bring your own power (BYOP) and embedded power. 

Powered lock adapter

BYOP keyless locks 

Keyless solutions without an embedded power source use energy harvesting techniques, such as Near-Field Communication (NFC), on a mobile device to open the lock. As the power used to open the lock is transferred from the mobile device to the lock, this type of lock is positioned as an environmentally-friendly, low-maintenance solution. 

However, keyless access control solutions without a continuous power source not only cripple some of the key compliance features, but create a security risk for your critical infrastructure. 

Locks without a permanent power source don’t allow for a real-time clock, creating an opportunity for time-based attacks, where hackers attempt to modify keys or access logs by manipulating the time on a mobile device.  

Lack of permanent power also limits the ability to open a lock without a mobile device if needed, such as when the device is out of power or out of coverage, or when end users simply refuse to be tracked by their phones.  

The technology that facilitates the opening, NFC, also isn’t universal. Not all mobile devices are NFC-enabled, and users may find themselves in the inconvenient position of not being able to open a lock. In any case where the manufacturer requires a BYOP approach every time a user goes to open the lock, there is a risk of not being able to access the asset. BYOP is perfectly convenient until it fails, in which case it fails very hard and creates a host of headaches for users and downstream stakeholders. 

While manufacturers of battery-free locks often claim that their solutions are maintenance-free, since batteries don’t need to be replaced, the costs of replacing batteries occasionally is far outweighed by the benefits that come with powered solutions. 

Keyless locks with embedded power 

Like other keyless locks, locks with a continuous power source provide a smooth experience for both administrators and users. Digital keys can be issued, and revoked as needed, to anyone with a mobile device. The challenges that come with mechanical keys are greatly reduced, and the security concerns about unauthorized use or loss of keys are eliminated. 

Moreover, keyless locks with a continuous power source have the ability to store access events, which provide key operational insights and automated audit trails. The battery or wired power source in locks and controllers, not only tracks and stores opens, but also unexpected events and unauthorized access attempts.  

Critics of powered locks will often point to the total cost of ownership (TCO) and additional effort required to maintain these locks, but it’s a weak position. For example, Sera4 padlocks have a low-power design that allow thousands of opens on a single battery. As for additional maintenance visits, the typical battery life of a Sera4 padlock is five years, and it’s trivial to schedule battery replacement or restocking of a battery depot during scheduled asset maintenance. Sera4’s lock controllers are wired to power and maintain their own backup power, so these systems are as carefree as energy-harvesting systems, with no downsides. 

A constant power source also allows for an alternative method to open a lock, which we call Failsafe Unlock. Our padlocks include a micro-USB port to power the lock, if needed, via a portable battery, AC adaptor, or laptop. 

While any keyless solution is better than a mechanical lock for ensuring and tracking compliance, a continuous power source provides the features that organizations need to provide defensibility around their policies, actions, and activities.  

Sera4 works with leading organizations in regulated industries such as telecom and utilities, and we’d love to chat with you about how our armored hardware and proprietary software, Teleporte, can help you be more compliant with your industry’s requirements. To see our solutions in action, book a demo or contact our team

When Subscription Models Make Sense

We encourage anyone buying a product or service to think critically about why it may be sold by subscription. In some cases, the subscription is tied to consumables. In other cases, the subscription is tied to access to content (like streaming services). Sometimes, it’s just a supplier who did the financial calculus and forces it for the shareholder returns.  

subscription screen on tablet - access control

In other cases, such as with our cloud-enabled access control software platform Teleporte, it’s tied to constant updates to keep up with phone models, security updates, and real-time support for your operational peace of mind. We continue to add value over the lifetime of the subscription, and our customers choose us over other solutions because of this added value. 

We believe that our Teleporte subscriptions are valuable for the advanced features that are possible with keyless systems. We also believe that there is far more value for our customers in these systems than the price of the subscription. For customers who agree with this, they will continue with Teleporte Enterprise or Standard.  

For customers who don’t see the value, or customers who simply have budgets cut (like many of our municipal customers did at the start of the pandemic), then we have Teleporte Basic. It’s free, and allows the locks to maintain basic keyless access functionality, but they otherwise behave like mechanical locks, with no reporting and no advanced features. It’s our way of providing assurance that we’re never going to hold you (or your property) hostage. 

We sell new hardware with a minimum one-year Teleporte Enterprise or Standard subscription. We want our customers to have some time with a subscription package to experience the value to their application and organization, and then make an informed decision whether to renew. We also offer packages for customers who prefer to just pay once, up-front.  

Selling a one-time purchase can be easy. Keeping loyal customers, who renew their subscriptions, requires a different level of service, reliability, and product quality. We want our customers to love, value, and renew their Teleporte subscriptions, and we do the work to keep them happy.  

We see good reasons for some offerings to be structured as subscriptions. Ultimately, the decision on whether a subscription is a good value and a smart buy is up to the customer. In our view, it’s really important that the structure and costs of an offering is clearly explained in advance, so that the customer can make an informed decision.  

If you’d like to learn more about Teleporte and our access control hardware solutions, book a demo at https://www.sera4.com/demo/

The Eternal Struggle: Security versus Efficiency

It is a struggle we all know well, we need to decide whether we want to be efficient or secure. Of course in an ideal world it won’t be choice between the two, however it often is. Even something as simple as working with a contractor when you aren’t available can be difficult.

There are a few options, none of which are ideal;

  • You make sure someone is always around or available – secure but time consuming and inconvenient
  • You make a key copy to give to them – efficient, less secure, and then you still need to keep track of that extra key. In many cases you can’t make copies of security keys.
  • You leave your key somewhere – efficient but not safe as anyone could find it, and then you need to worry about how to get it back so you can access the site.

This is also if there is only one level of security, looking at more secure sites with multiple layers you get further inefficiencies. People lose their keys and access cards, and forgo security measures all the time. Reissuing key cards is time consuming and having to rekey multiple sites is expensive. On top of that when something takes 30 seconds without security but takes 10 minutes with security measures, you can guess what a lazy or malicious employee will eventually do.

There is also the added issue that unless someone is always around you have no idea who is coming and going. You also have no idea if they secure the site, when they leave, or how long they stayed. As a result you are losing time and money no matter what option you choose. If you make it too easy to access people can hack into the system and remotely open locks. When none of the options are great it can be difficult to justify spending a lot to receive so little peace of mind in return.

At Sera4 our goal is to eliminate this struggle through modern technology, and to do it for remote infrastructures that face harsh or unique environments. Every time the lock is opened or closed it is recorded in an audit log so you can keep track of exactly who has been where and for how long. Users can reset their own passwords if they forget, the app is password-protected in case your phone gets lost or stolen, and you can only see and open locks if you are near the locks. We provide a platform that works with whatever phone you already have, and doesn’t allow remote access. We believe that anyone opening a lock should be physically present at the lock, just like with a traditional key. Our architecture choice to only open locks on short-range wireless connections radically reduces the risk of a hacking threat without affecting the practical use of a Teleporte system.