State-of-the-art access control solutions offer your clients greater control, security, and automated efficiency, more now than ever before. Relying solely on technology, however, can lead to a subpar level of access control.
As a managed service provider (MSP) offering Access Control as a Service, make sure you consider all the angles and use your expertise—and some common sense—to avoid these seven mistakes.
1Too much access
Access control systems enable an administrator to grant access based on individuals’ roles. Don’t make the mistake of dividing users into just a few categories (e.g., “user,” “support,” and “administrator”) or, worse yet, giving everyone access to everything. People should have access to what they need to do their jobs—and no more. The rationale isn’t to deny access. It’s to add another layer of protection to your client’s access control strategy – if everyone has access to everything, a lost card, fob or set of credentials can give a criminal access to the business’ entire operation.
It may seem like a shortcut to have an entire team or department sign in with one set of credentials, but it can backfire. Unless individuals use their own passcodes or ID, your client can’t hold them accountable or conduct a thorough audit. Make sure each person has unique credentials and understands that what they access and when will be traceable.
3Hanging onto orphan accounts
As soon as an employee leaves your client’s company, transfers, or assumes a new role, their access control credentials should be deactivated or changed. There should never be extra cards or fobs in a drawer that someone could still use. Coordinate with your client’s HR department to make deactivating credentials part of the offboarding process.
It may seem like a small detail, but where you install card readers, biometric fingerprint scanners or other devices can make a big impact on traffic flow and user adoption. If you install a device on the wrong side of a hallway or too far away from a door, frustrated employees may find ways around the system, like door propping or allowing other people to piggyback through the door with them when they use their credentials. The system needs to be intuitive and easy to use.
5Glossing over training
Don’t assume that your client’s employees will immediately be comfortable with new technology, new procedures and new policies. Offer training that instructs users on proper use of the system, what their responsibilities are, why their compliance is important, and how it will be enforced.
6Overlooking hardware maintenance
The access control system you implement for your client may be able to control doors, gates, turnstiles and other egresses, but all the hardware, devices and moving parts need to be in good repair or it won’t work. Automating locks has little value if the lock is malfunctioning or the door hinges are broken. Include regular inspections and maintenance as a part of the solution you provide.
7Letting alarm fatigue win
Managing Access Control as a Service can mean receiving multiple alerts every day. After checking on the first 40 or 50, you may become convinced they’re all false alarms. The next alarm, however, could be set off by an intruder. Respond promptly every time.
Add Value with Your Expertise
Offering Access Control as a Service can position you to elevate your business from the role of solution provider to business advisor. Your experience and objectivity can allow you to advise your clients on developing a solid access control policy, avoiding mistakes, and following best practices to keep their facilities, assets, IP, and employees most secure. Don’t just sell technology. Sell the value you provide.