How Access Control is impacted by cloud, mobile and GDPR
1.
2.
3. ▪ The mobile is becoming more and more the natural tool for regular users of doors
▪ Place requests, get notifications and interact with the operator
▪ Receive/loose permissions dynamically
▪ The mobile is becoming more and more the natural tool for visitors
▪ Manage the interaction required for the visit
▪ Receive/loose permissions dynamically
Mobile first strategies and its impacts
4. ▪ What does “mobile first” mean
▪ The UI design is first optimized for a mobile use
▪ But has to adapt to desktop use
▪ The use cases are optimized for a mobile user and so are expecting
▪ Higher availability to interact but more limited interaction
▪ Ideally guided interaction
▪ Data are stored centrally and so always access to the real situation
Mobile first strategies and its impacts
5. ▪ What does “mobile first” mean
▪ The smartphone combines multiple capabilities
▪ The user Interface for the application and for notification
▪ The element to get access
▪ Ideally guided by the phone
▪ Ideally OnDemand and instantly
(the beauty of the mobile and connected world)
Mobile first strategies and its impacts
6. All fine ? - Security in mobile credentials
The mobile phone should be considered unsecure as such
▪ BLE connectivity paired / unpaired
▪ No harmonized/accessible SE in the phone´s
▪ No harmonized /accessible access to the SE on the SIM´s
▪ “Unprotected” mobiles involved (rooted, 3rd party
stores;…)
Major risks out of this
▪ Threat of a “mass” remote attack on physical doors
▪ Threat of an “invisible” attack on physical doors
Recommendation - Security to be ensured
▪ Security is key - encryption able to use of public transport
▪ Mobile to be only the carrier of the permission
Applicaton
Trust Center
7. ▪ GDPR is a challenge when it comes to
The GDPR Challenge
▪ forcing supplier and User to handle
data appropriately
▪ allowing insight into the own data
stored and used
▪ Reaction times in case are limited
▪ In several countries the location of
data storage is regulated as
additional challenge for OnDemand
solutions
8. ▪ GDPR is an opportunity when it comes to
The GDPR Opportunity
▪ Forcing supplier and User to handle
data appropriately
▪ Clean systems and responsible data
handling
▪ Allowing insight into the own data
stored and used
▪ Systems can actively support to
retrieve the information's efficiently
▪ Reaction times in case are limited ▪ Have easy access and clear
understanding on where data are
▪ In several countries the location of
data storage is regulated as
additional challenge for OnDemand
solutions
▪ The cloud offering should have to
offer the option to select where data
are stored
9. The OnPremise to OnDemand journey
Drivers for the change in the infrastructure
▪ ERP systems moving and so most of the customers IT
infrastructure
▪ A general desire for managed systems by the customers
▪ The ability to provide a significant higher level of supplier services
▪ The supplier of Support and BPO is not intruding local IT structure
▪ The OnDemand system can address resistance against attacks
on a much higher level as local deployments could usually afford
Recommendation
▪ Integrate into the OnDemand or hosted ERP wherever possible
▪ Expect and plan the transition from OnPremise to OnDemand
OnDemand
Solutions
Support
and BPO
OnPremise
Solutions
Support
and BPO