Smartphone-based Access Control

American technology research firm Gartner predicts that in three years’ time, more than 20% of organizations will use smartphones instead of physical ­access cards. Mobile access control is not just about a more user-friendly way of opening doors. The connectivity of smartphones opens the way to new ­real-time solutions for managing mobile identity. ­Vincent Dupart, CEO of STid, a French firm that develops secure access control solutions, tells us why the right management tools are required to roll out this type of solution.

GIT SECURITY: Since its launch in early 2017, your STid Mobile ID badge virtualization solution has been highly successful. How do you explain this success? 
Vincent Dupart: Our solution is extremely user friendly, with a range of different identification methods available – you can just tap your phone, or lightly touch the access control reader to identify yourself, even while you are making a phone call or when your phone is in your pocket. Beyond this, we have chosen a virtualization solution that requires no compromises to the philosophy undergirding your organization’s security policy. Why would you outsource your data to a third party and where is the data stored? Are you independent in managing your security? No technical or technological constraints should prevent Directors of Security from managing their systems independently, with the freedom to host sensitive data in-house if that’s what they want. We offer our clients Offline & Online management tools, which keeps them in control of their security. That’s a key issue in our line of work!

Can you tell us a bit more about the Online management platform that you are planning to officially launch at the APS Show in late September?
 Vincent Dupart:  Innovation is the cornerstone of STid’s strategy. We’ve continued to work to develop a secure Web platform which will revolutionize the way we manage user virtual access cards and configure readers. Access rights can be assigned, revoked and updated in real time, meaning you can quickly create a short-term visitor access card, and later recover the credits to create another virtual access card. It’s so cost-effective and easy to use.

How does this platform meet clients’ aspirations to manage their systems independently?
Vincent Dupart: Unlike many solutions on the market and most people’s preconceptions about cloud technology, STid is not looking to tie its clients into a particular technology. Independence operates at many different levels. First and foremost, we have always wanted to respect our clients’ value chain. Anyone will be able to create an account and associate accounts for their own clients (dealers and end customers), without any involvement on our part. STid has no access to sensitive data in the dealer and end customer accounts – that would be a major security vulnerability. Our clients will remain totally independent in managing their security after security.

How do you secure the data stored in your Web platform?
Vincent Dupart: Today’s businesses work in an ever-more mobile world, with a continually increasing threat of cyberattacks. Security is a major challenge. In addition to the security benefits of the client’s independence in management, all data is stored in our server in France, in accordance with the tightest data protection regulations issued by CNIL (the French data protection authority). The information is stored in encrypted formats and all server connections use the secure https protocol. The virtual access cards are managed in real time so if an employee reports the loss of a smartphone, the mobile access rights can immediately be revoked, before the device ends up in the wrong hands.

The different identification methods of your STid Mobile ID solution make access control instinctive. How is this user experience carried across to your Web platform?
Vincent Dupart: Our two priorities are security and user-friendliness. The STid Mobile ID Web platform will be easier to use than conventional tools, making it quicker to access data, which is all centralized on a single platform. Different levels of rights can be assigned to each account – administrator, user, etc. Data can then be shared, enabling multiple client employees to work on the platform in real time. Data entry times are reduced by an easy upload function for your existing databases (variable and fixed data, photos, logos, etc.), which will boost the performance of your access solution. Come and meet us at the APS Show at Porte de Versailles, Paris, from 24 to 26 September. We’ll be on Stand E14. STid will also be speaking on “Best practices for using smartphones with your access control system” at a conference on Tuesday 26 September at 11:00 in Conference Hall 1.