For many years the topology of an access control system has involved a server, door controller and field devices such as card readers, locks and request to exit buttons as a few examples.
However in recent years, with Internet of Things developments and new ways of communicating, in my opinion, the days of the security controller may be numbered.
The internet of things (IoT) movement is all about small, cost effective devices that perform one or more specific functions, such as monitoring temperature or light levels and sending this data to one or more services.
These services can interpret this data and make decisions based on it.
If in the near future, manufacturers of devices such as card readers, locks and request to exit buttons produce intelligent devices capable of using wireless transmission methods and protocols such as MQTT, they would be able to directly interact with each other and send data back to a central server without requiring the door controller.
Microsoft at their developer conference Build 2017 were able to demonstrate intelligent video solutions where IP enabled cameras were sending video back to a Microsoft Azure cloud system which was able to identify physical objects in the video image without edge based analytics, or any kind of local server processing – all central cloud based intelligence with just a local camera.
Whilst this is technologically possible now, there are some practical limitations…
One function that door controllers provide is the ability to hold card holder data locally and process requests to enter or exit a door if the network or sever goes offline, especially important if the system relies on a server based in a different location.
Whilst the card reader could hold an authorised card holder database in its memory, as the card reader is outside of the secured area, it would expose sensitive information.
In addition, the card reader still needs some form of communication path between itself and the other devices around the door.
Hard-wired access control systems are considered secure as data being transmission around the system cannot be hacked.
Assuming that the system is using OSDP protocol card readers and all cabling is physically secured against tamper and is wired in a double loop configuration to accurately detect someone cutting the cable, then I would agree.
Using Wiegand and unsecured cabling routes is no more secure than Bluetooth.
While it may be possible to sniff data from equipment on the unsecured side of the door in a fully peer to peer IOT style configuration, encryption and authentication methods within the MQTT protocol mitigate this risk.
MQTT requires each device to subscribe with a central authority within the MQTT server environment to be able to send or receive data, hence it would be fairly straightforward to identify unauthorised devices.
This is difficult to quantify at this stage as devices that can achieve this type of configuration are not yet available.
Assuming the equipment just needs to be mounted and wired around the door, using POE for power and a little commissioning , it would be reasonable to expect installation costs including hardware to be equal to or slightly less than a conventional system.
Many sites will not implement new cutting edge technology unless provided by a trusted and proven manufacturer as the risk of failure is too high.
There needs to be a clear business benefit to deploying a cutting edge solution over conventional installations.
So should the door controller be worried?
Whether the door controller is in fact hurtling towards obsolescence is too early to say.
What is clear is however, is emerging technologies and new ways of using it are disrupting established system topologies and ways of working.