State-of-the-art access control solutions offer your clients greater control, security, and automated efficiency, more now than ever before. Relying solely on technology, however, can lead to a subpar level of access control.
As a managed service provider (MSP) offering Access Control as a Service, consider all the angles and use your expertise – and some common sense – to avoid these seven mistakes.
1Too much access
Access control systems enable administrators to grant access based on individuals’ roles. Don’t make the mistake of dividing users into just a few categories (e.g., “user,” “support,” and “administrator”) or, worse yet, giving everyone access to everything. People should have access to what they need to do their jobs – and no more. The rationale isn’t to deny access. It’s to add another layer of protection to your client’s access control strategy – if everyone has access to everything, a lost card, fob, or set of credentials can give criminals access to the business’ entire operation.
Having an entire team or department sign in with one set of credentials may seem like a shortcut, but it can backfire. Unless individuals use their passcodes or ID, your client can’t hold them accountable or conduct a thorough audit. Ensure each person has unique credentials and understands what they access and when they will be traceable.
3Hanging onto orphan accounts
When an employee leaves your client’s company, transfers, or assumes a new role, their access control credentials should be deactivated or changed. There should never be extra cards or fobs in a drawer that someone could still use. Coordinate with your client’s HR department to make deactivating credentials part of the offboarding process.
It may seem like a small detail, but where you install card readers, biometric fingerprint scanners, or other devices can make a significant impact on traffic flow and user adoption. If you install a device on the wrong side of a hallway or too far away from a door, frustrated employees may find ways around the system, like door propping or allowing others to piggyback through the door with them when they use their credentials. The design needs to be intuitive and easy to use.
5Glossing over training
Don’t assume that your client’s employees will immediately be comfortable with new technology, procedures and policies. Offer training that instructs users on the proper use of the system, their responsibilities, why their compliance is important, and how it will be enforced.
6Overlooking hardware maintenance
The access control system you implement for your client may be able to control doors, gates, turnstiles and other egresses, but all the hardware, devices and moving parts need to be in good repair, or it won’t work. For example, automating locks has little value if the lock malfunctions or the door hinges are broken. So include regular inspections and maintenance as a part of the solution you provide.
7Letting alarm fatigue win
Managing Access Control as a Service can mean receiving multiple alerts every day. After checking on the first 40 or 50, you may become convinced they’re all false alarms. The following alarm, however, could be set off by an intruder. Respond promptly every time.
Add Value with Your Expertise
Offering Access Control as a Service can position you to elevate your business from the role of solution provider to a business advisor. Your experience and objectivity can allow you to advise your clients on developing a solid access control policy, avoiding mistakes, and following best practices to keep their facilities, assets, IP, and employees most secure. Don’t just sell technology. Sell the value you provide.