Blogs & Articles
Bringing Down Walls in a Corporate World Using Access Control
June 10, 2021

Today, more and more businesses are foregoing the traditional design setup of cubicles and closed-off offices for an open floor plan. Companies like Facebook and Google market their open-office floor plans to potential employees, touting that the design allows workers to work closely together and foster a culture of collaboration. Plus, this trend is here to stay: according to the International Management Facility Association, 70 percent of American employees now work in open-office environments.

Open office layouts are designed to be collaborative, inviting work spaces. These open work spaces, typically for ten or more people, are suitable for activities that demand frequent communication or for routine activities that need relatively little concentration. These office layouts are the “in” style for some large corporations, especially the tech industry. Many times, employees don’t have an assigned desk or a lockable file cabinet. Combined with the use of laptops, open office layouts emphasize work can be done anywhere. While these layouts allow for flexibility, they also create some risks when it comes to security.

Open office spaces have essentially made office cubicles redundant in favor of a more collaborative and creatively engaging workspace environment. Co-working spaces commonly adopt open plan office layouts for increased productivity, flexibility and networking opportunities. These office layouts foster collaboration, where it is easier for employees to communicate with each other and share ideas. Along with collaboration comes a sense of working in a relaxed atmosphere that maximizes social workspaces, boosts moral, and optimizes workflow. Finally, open office layouts provide more space and freedom for employees as well as allowing for a more aesthetic office design.

One thing is certain, having an open floor plan tips the balance between private and public and this shift affects how a company protects and safeguards personnel as well as proprietary and sensitive company information. This raises the question: what security threats does the open floor plan expose and how can security professionals manage this potential data security headache?

If an employee doesn’t have an office, they can’t just close and lock their door when done for the day. If they don’t have an assigned desk, odds are they don’t have a file cabinet where they can lock up their belongings. Proponents of the open office plan say that visible security measures undermine the whole point of the layout. But what are employees supposed to do with their belongings? They cannot simply lock away items like laptops, jackets, purses, and backpacks. If a thief gains entry to the office and looks the part of your average employee, what is stopping them from taking a few items and leaving undetected?

In addition to theft of employee or thumb drives (to quickly save a document), people with nefarious intentions can visually hack a laptop. Workers need to be trained to be aware of their surroundings and angle laptops away from high traffic areas.

Open office spaces also have also raised questions about the challenges of protecting personnel in the event of an active assailant situation. While these sleek office interiors may be pleasing to the eye, experts note their design make it harder to seek cover or lock down in emergencies. And the challenges don’t stop at active assailant situations. In the open-concept office, there are fewer walls and office doors to close, potentially hindering employees’ responses in the event of an emergency.

Access control security measures are designed to protect buildings and to safeguard the equipment inside. In short, they keep unwanted people out, and give access to authorized individuals. While network and cybersecurity are important, preventing physical security breaches and threats is key to keeping technology and data safe, as well as any staff or visitors who have access to the building. Without physical security plans in place, offices or buildings are left open to criminal activity, and liable for types of physical security threats including theft, vandalism, fraud, and even accidents. These measures are of paramount importance for open office plans, where the potential for thefts, data breaches, and physical harm or damage are out in the open.

An effective access control system for any office, open or traditional, starts at the front door. Is the door locked? Is there a guard or lobby personnel present? How do authorized personnel gain access? Once inside, how are movements and locations tracked? These are important questions and the requirements of an access control system depends on the answers. Many open office plans do not have a traditional lobby and may not have a “front desk” so securing the main entrance becomes particularly challenging. Traditional access control that relies on physical credentials (ID card, key fob, even a mobile phone) can solve the main entrance question, but what about once inside the building. A physical credential little to limit access if there are no other doors or partitions to pass through.

The trend today is to include on an access control list a system that relies on biometrics for both multi-factor authentication and single-factor authentication. Historically, access control used the most reliable biometric measures (fingerprints, eye scans) almost exclusively. Over the last five years the accuracy of facial image extraction has improved and the use of stable biometric templates has elevated facial recognition beyond crowd control. Face recognition has achieved parity with the accuracy of the traditional biometric authentication systems, and now meets the requirements of access control applications.

Facial recognition is a biometric software application capable of uniquely identifying or verifying a person by comparing and analyzing patterns based on the person's facial contours. Facial recognition is considered the most natural of all biometric measurements. Facial biometrics are the preferred benchmark because the technology is easy to deploy and implement. The interaction with a facial recognition system is contactless, frictionless, and extremely fast.

Detecting and capturing a face is the first task of a contactless access control system. The next and most crucial step is granting access to authorized personnel. Face-as-a-credential technology integrates surveillance cameras, facial recognition algorithms, and access control points into a powerful and completely contactless access control system. Face-as-a-Credential technology not only offers secure points of entry, but can also track the movement and locations of employees and visitors within the building. Plus, many face-as-a-credential systems allow for remote user registration, where visitors, contractors, and delivery people can request access from their computer or phone.

While the primary goal of any access control system is the protection of people, protecting data and personal information from prying eyes and hackers is a close second. In many offices, biometrics are being used—via iris or fingerprint scanners—to protect important information from would-be hackers. This way, only authorized users have access to the information. Additionally, IT departments within these facilities are working closely with security leaders to ensure that networks are as secure as possible to protect from ransomware attacks

Access control and physical security can go a long way to protect sensitive information, but company policies and procedures should dictate what information can be accessed where and when. Employees need to be trained effectively when they start employment and have regular refresher sessions. Communication should be encouraged and proper accordance with the rules should be rewarded. The larger the company, the greater the chance employees will find themselves working alongside different individuals on a daily basis. Physical security and data security need to be complete to mitigate the possible security risks of the open office environment.

One vendor that meets the challenge of securing an open office is Suprema, a leading global provider of access control solutions that combines renowned biometric algorithms with superior engineering to offers an extensive portfolio that includes biometric access control systems, mobile authentication solutions and embedded fingerprint modules.

Suprema is an innovator in proximity and contactless access control security, and it all starts with BioStar 2, a web-based, open, and integrated security platform that provides comprehensive functionality for access control. Featuring a modular, flexible framework, the platform provides a customized system depending on system scale, number of users and system structure that was used. The addition of Suprema FaceStation F2, an advanced face recognition terminal, provides true contactless access control with the added benefits of time and attendance management, offering unrivaled matching speed, accuracy, and levels of security.