Press Release

Egham, U.K., January 17, 2017 View All Press Releases

Gartner Says That 20 Percent of Organizations Will Use Smartphones in Place of Traditional Physical Access Cards By 2020

Analysts Will Discuss Impact of Mobile and Cloud PACS at the Gartner Identity & Access Management Summits, March 6-7 2017 in London and November 28-30 2017 in Las Vegas

In 2016, less than 5 percent of organizations used smartphones to enable access to offices and other premises. By 2020, Gartner, Inc. said that 20 percent of organizations will use smartphones in place of traditional physical access cards.

"A significant fraction of organizations use legacy physical access technologies that are proprietary, closed systems and have limited ability to integrate with IT infrastructure," said David Anthony Mahdi, research director at Gartner. "Today, the increasing availability of mobile and cloud technologies from many physical access control system (PACS*) vendors will have major impacts on how these systems can be implemented and managed."

PACS technology is widely deployed across multiple vertical industries and geographies to secure access to a wide range of facilities (buildings, individual offices, data centers, plant rooms, warehouses and so on), ensuring that only entitled people (employees, contractors, visitors, maintenance staff) get access to specific locations.

Mobile technology is already widely used for logical access control. Phone-as-a-token authentication methods continue to be the preferred choice in the majority of new and refreshed token deployments as an alternative to traditional one-time password (OTP) hardware tokens. Gartner projects that the same kinds of cost and user experience (UX) benefits will drive increasing use of smartphones in place of discrete physical access cards. Smartphones using technologies and protocols such as Bluetooth, Bluetooth LE, and Near Field Communication can work with a number of readers and PACS technology.

One of the easiest ways to use a smartphone's access credentials is to integrate them — via a data channel over the air or via Wi-Fi — into the access control system (ACS) and "unlock the door" remotely (just as an ACS administrator can). This approach requires no change to reader hardware.

Using smartphones can also simplify the integration of biometric technologies. "Rather than having to add biometric capture devices in or alongside readers, the phone itself can easily be used as a capture device for face or voice (or both), with comparison and matching done locally on the phone or centrally," said Mr. Mahdi. "This approach also mitigates the risks from an attacker who gains possession of a person's phone."

The technology's limitations remain a challenge. For example, there's significant disparity in functionality between smartphones, and some security and risk management leaders should be aware that their physical card readers and PACS might require a significant upgrade to use smartphones for physical access. "Nevertheless, replacing traditional physical access cards with smartphones enables widely sought-after cost reductions and UX benefits," said Mr. Mahdi. "We recommend that security and risk managers work closely with physical security teams to carefully evaluate the UX and total cost of ownership benefits of using access credentials on smartphones to replace existing physical cards."

*For Editors:

A PACS typically comprises an access control server and database holding identity and policy data and multiple control panels, door locks, readers and other data capture devices. It also includes the cards or other credentials issued to employees and others, and the credentialing system that creates and provisions them.

Gartner clients can read more in the report: "Predicts 2017: Identity and Access Management."

Gartner analysts will present on this topic at the Gartner Identity & Access Management Summit, March 6-7 2017, in London. For further information about the Summit please visit www.gartner.com/eu/iam. You can also follow the event on Twitter at http://twitter.com/Gartner_inc using #GartnerIAM.

About Gartner Identity & Access Management Summit

The demands of digital business are forcing identity and access management (IAM) programs to adopt different strategies to what has become customary. IAM leaders need to transition toward enabling their organizations to adopt a bimodal approach — honor the legacy while enabling the future. At the Summit, attendees will learn how to move their IAM program forward and build it for the future, but also obtain some best practices on managing insider security threats.

Contacts
About Gartner

Gartner, Inc. (NYSE: IT) is the world's leading research and advisory company. The company helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. Gartner's comprehensive suite of services delivers strategic advice and proven best practices to help clients succeed in their mission-critical priorities. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has more than 15,000 associates serving clients in 11,000 enterprises in 100 countries. For more information, visit www.gartner.com.

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.