
Over the last decade, security managers have been faced with a constant drip of advice telling them “you need to go digital.” The sales pitch, largely consistent over this period, has been something like “you can ditch all those old keys and mechanical locks, manage everything from the comfort of your office, and save money while securing your facility and allowing for future expansion.”
The problem has been those promises often fail to account for all contingencies. The most practical security strategies are those that utilize both approaches, creating a hybrid architecture that is more flexible and resilient without throwing away decades of experience with mechanical systems in favor of some panacea of digitization. If the Jetsons had a security system, it might have combined mechanical master key systems and sensors as the twin pillars of a modern security system.
How access control moved from mechanical to hybrid
Master key systems use a hierarchy of keys: a grandmaster key can open every door, while submaster keys might only open certain sections or levels and end user keys only particular doors. These systems remain simple, reliable, and completely offline, a critical advantage in the case of an electrical or network outage.
Electronic access control systems provided a different type of security: credential-based access. By giving individuals smart cards that could be used to access doors with biometric scanners, PIN pads, or other types of readers, managers could provide granular access control, tracking who was in a facility and when. Systems utilizing card access could even impose time limits on who could access a particular door without using a master key.
What we have now is a third option: hybrid access control systems that incorporate the best elements of both. At the core, systems using electromechanical locks can use both a physical key and a credential. Mechanical keys form a useful secondary contingency, while the digital credential unlocks the door. Neither is entirely necessary, which limits the possibility for either to be exploited.
Defining sensor fusion in physical security
Sensor fusion is a broad concept that encompasses most of the ways that physical security systems have evolved in the last decade or so. It applies to any situation when multiple sensors, ranging from badge readers, video cameras, motion sensors, door sensors, thermal imaging, weight sensors, and others are connected through some sort of central layer, creating a more reliable assessment of a situation than any individual sensor could manage on its own.
One badge reader might be able to confirm the presence of a credential, but it can’t know if the person presenting that credential is the authorized user, and a camera might be able to see one person. However, none of these sensors could know if that person scanning their badge is the same person that the camera sees, and neither of them could know whether there was a second individual walking through a door when there was only supposed to be one based on the badge reader.
These kinds of sensor fusion are the norm in modern physical security. Hardware sensors form the structure, while the software layer is where the data is interpreted.
Stopping tailgating with multi-sensor verification
Tailgating, or piggybacking, is a security vulnerability that occurs when an authorized person uses a door, keeping it open for an unauthorized person to enter right after. Access control systems typically log the legitimate user’s access, failing to catch the second person. Only by cross-referencing different sensors can these kinds of vulnerabilities be flagged.
One solution to tailgating is to slow the doors down so much that one person at a time can enter, but that limits physical throughput and creates huge amounts of dissatisfaction with the access control system. Another possibility is to have guards at all doors, manually checking for tailgating, but that is incredibly expensive and time-consuming. Meanwhile, sensors that measure the state of a door can learn how long it’s been open, while 3D depth cameras can count how many people are crossing a threshold, and thermal imaging can track human heat signatures, even in complete darkness.
If all of these streams are fused, a door left open after only one credential scan, followed by two people crossing an imaginary line, becomes an easily identifiable security vulnerability. Thermal imaging, movement recognition, and the proper door-state sensors are even better at identifying tailgating than the latest generation of self-learning, artificial intelligence-driven solutions.
Cutting false alarms and security fatigue
False alarms are the nemesis of all security systems. Motion sensors going off because of shadows from leaves blowing over a building, thermal sensors going off because of temperature shifts in an HVAC system, or intrusion detection systems that mistake a janitor for a break-in all lead to massive security fatigue and desensitization. It’s not that guards stop being concerned about real alarms; it’s that they’re much less likely to respond as thoroughly if there’s a reasonable risk that they’re going to waste time chasing down a false alarm.
Unified systems can’t eliminate false alarms entirely, but they can drastically reduce the number of them. By automatically tying together multiple sensors, a system can eliminate most of the false positives while still capturing real ones.
When a motion sensor goes off in the middle of the night, if that system is connected to a camera and door sensors, it can automatically check if the motion actually corresponds to people entering the secured area. That eliminates most, if not all, of the false positives that would have otherwise wasted the security team’s time responding to a shadow.
The role of physical master keys in emergency lockdowns
This is where systems that only rely on digital access control start to fall apart. Electronic locks require power or network access to function, and those can be disconnected in a number of ways not necessarilly related to an active attack. Targeted attacks on electronic access control systems could introduce a vulnerability that effectively renders all digitally-controlled doors useless to security guards.
Meanwhile, physical master key hierarchies exist outside of any of these risks. They can’t be disconnected, and they can’t be hacked, which means that a facility manager with a grandmaster key can always regain control of digitally-accessed doors by physically entering them.
Modern access control systems allow locks to respond to sensor fusion events, like automatically locking all doors when there’s an alarm, so it’s not like physical keys need to replace or even supplement digital access control. When those kinds of features don’t work, however, the physical key is critical to making sure the facility is properly secured. Physical master keys provide depth: even if one method of access control fails catastrophically, there’s always a contingency. The ability to open every door in a facility regardless of access control can also become a critical part of emergency response planning.
This is also why it’s so important for facilities to have strict procedures when it comes to physical master key hierarchies. Unlike digital access control systems, the keys can’t be remotely turned off in the event of a security breach, so it’s vital for a manager to know when and how to use a physical master key to avoid being locked out of the facility entirely.
Building a unified audit trail
When it comes to investigating reports of unauthorized entry, one of the most valuable things a security manager can do is to tie video evidence to access control logs.
With a unified system, sensors and cameras can be accessed through a centralized interface that allows managers to see what happened at the same time across multiple feeds with much greater ease. A security manager can see exactly what credential was scanned at a specific door, what that door looked like at the same second, and any other potential sensor events that were happening at the same time.
A unified audit trail is also much more useful than it might appear at first, because most regulatory regimes require a tamper-evident audit trail as part of the security infrastructure. Having a centralized system is much more conducive to fulfilling this requirement than having to manually tie together video and access control logs. That, again, is why unified systems are critically important to physical security.
Designing for interoperability, not obsolescence
Many facilities can’t design their infrastructure around a certain technology because they know that it won’t be around in twenty years. Instead of designing infrastructure around security products and practices that may become out of date, the real pragmatic approach is to build systems around open platforms.
By building security access systems around open APIs, a company can make sure that new hardware can be added without disrupting existing systems, and that new sensors can be added to monitor or secure the facililty without having to completely replace everything at once. AG Security Group works extensively in developing and deploying this kind of multi-tiered, interoperable security systems, working across the available physical infrastructure to provide a system that utilizes both mechanical and digital security systems.
A closed platform, on the other hand, does the opposite: it pushes companies to make their technology self-contained, insulating the vendor from competition but harming the consumer by making new purchases more complicated. Open platforms are the pragmatic choice across all fields of technology, and physical security is no different.
Keeping physical redundancy at the center of the strategy
It’s tempting to think about physical and digital security along a continuum of sophistication. In reality, there are many different ways that a facility can be compromised, and each security measure typically addresses a particular threat. Redundancy is often much more important than obsolesence, as many organizations have learned the hard way.
Sensor fusion is how digitization plays a role in modern physical security, tying together access control systems, video monitoring, intrusion detection, and other sensors to create a more complete picture of what’s happening at a given location. It reduces false positives, allows quicker responses to tailgating and other unauthorized entries, and provides the ability to create a unified audit trail necessary for regulatory compliance.
None of that negates the value of physical master key systems, which allow a facility to have a reliable, simple, and offline access control option. It’s the kind of physical redundancy that becomes critically important when an electronic access control system fails, whether through an accident or an attack. Organizations that think of digitization as a substitute for physical security are much more likely to find themselves vulnerable to a serious attack that takes advantage of their reliance on a single technology.
The most secure organizations are the ones that utilize digitization to support their physical security, not replace it, because that approach recognizes the value of physical redundancy in ensuring maximum security at lower costs.
















