News and Events | In The News
How Digital Creates A Seamless and Secure Experience
Mon, 09/20/21
As featured in HID
September/October 2021
How does digital provide a better level of security?
In the digital sense, you have a much greater control over the life cycle of a digital credential as opposed to a physical card. I can control the lifecycle to meet my needs. I can decide right now that someone should no longer possess a digital credential, but I can’t necessarily do that as easily with a physical credential.
Digital makes it easy to not only control who has access to it, but when and for how long (including distributing access for guests and vendors), and the ability to keep track of it and provide logging and some auditing for that security.
It also enables other benefits like communication to the user when they are what I’ll call in-flight, so if somebody is headed to an office and they need to stay away because there’s a security concern or a fire or things like that, I can communicate that to them in real time. I couldn’t do that with a physical card or a brass key, but with digital I can.
I think people are far less likely to share a smartphone, than they are a badge because the smartphone has everything about them. People love to put their entire life on the phone, and I am much less likely to let you just borrow my phone then I am a badge which is almost seen as innocent, and hey, you know, I’m just helping out a friend versus smartphone which people just don’t generally want to just hand those out.
Can privacy be maintained whilst providing useful data?
The answer is yes. What’s important is that the appropriate steps are taken to identify the data that needs to be collected and the purpose for that data. If that’s done up front, you’re much more likely to be successful. I think in the past, especially with the fewer rules, people would want to collect data just to have it. And hey, maybe later I’ll find a use for it, but I don’t think that really flies anymore.
People, I think are preconditioned to say no because there’s been just rampant misuse and deception with regards to privacy and how people’s data is being used and so now we’re at the point where people are preconditioned to say no and you have to build up that trust.
Are custom apps better or just different?
I think we think of custom almost as bespoke, like I’m building an application for you from the ground up and that’s really not the case with Modo. We have a platform that allows you to assemble different things together and one of those things is of course the mobile access SDK, but there are other things like an LMS integration, seeing my room reservations, booking a desk for the day because I’m coming in so all those things can come together and be part of that. There might also be some things that we don’t have in our platform but a customer is able to add those themselves through different integration points.
Built apps for a customer are objectively better. For a number of reasons, the first is that users really want to identify with the app they are using and that it reflects their company, university or brand; this is really important.
It’s about the experience. For example, there are certainly a large number of people who are really proud of the fact they work for XYZ or they are a student at ABC University. They really enjoy having that app on their phone because it states that you’re part of that organization. You’re part of the community, and so if you have an app that just says Moto or an app that says hi, it’s not really the same connection. There’s certainly an emotional connection between what you have in your phone and who you are as a person.
Millions of people are using our app every day, but very few of the users know that Modo is the company behind it because we want to step back as far as possible and just let us be the platform that the company or the university uses to create that experience. And we want the experience to happen between the user and the company or the university, not with Modo and really not even with the app. The app is just sort of the lens or the window into the company or the university and from that organization back to the user.
The other benefit is that our app is really built for you, with the features you want, without the baggage you don’t need which can inflate the size of the app. For example, a large app is not usually a problem because your WIFI is good at home, but if you are a parent or a student that’s doing orientation with a thousand other students and parents inside of an auditorium, and suddenly everyone is being asked download the app, it really matters now that that app is 15 MB instead of 100 MB.
Lastly, the apps we design can acutely address the pain points for the end user. We have a customer who was manually doing self-assessment health care checks, Modo managed to implement this into their employee app so staff can do this on the app and it’s uploaded into the system. Another customer implemented a similar feature and if you failed the self-assessment you were not permitted to access the buildings on campus.
These are real world examples where the app that is designed for you, really stands out on a daily basis.
How does mobile access control address sustainability and cybersecurity agendas?
I would say there’s obviously less waste in mobile than physical credentials. I know the cards are designed to be reused but I know a lot of times, and we see this in the hotel space, those plastic cards are tossed. If you look over the year and a busy hotel you probably have 10s of thousands of plastic cards that are just being thrown away combined with thousands of hotels around the world you have a huge pile of plastic cards. In comparison if you do this with digital credentials you can just have that on the phone with zero waste.
In addition to that, you’re saving time, cost, and manpower to do the distribution and collection. If you have prox cards and you’re joining the office, but you’re not here, I need to mail it to you, and then you need to mail it back when you leave and any changes require a new card that has to be sent again. In isolation these are small, but collectively they add up. Overall, with mobile you deliver a better experience, and you’re using less resources.
In relation to cyber security physical credentials, in my view plastic cards are always single-factor. So, there is something that you have (the card); it’s not even something that you need to know, but just something you have in your hand.
Mobile credentials really start at single-factor, but they can build up into multiple factors. Let’s say you have the HID credential, but you need to be authenticated to the app and logged in, and maybe you have MFA turned on before you are able to get that, there’s an immediate higher level of security before a user can use that credential. And again, if you have your phone locked and you need to have the phone unlocked to be able to use it, suddenly it’s not just that you have this in possession, there’s an opportunity to have a second level of security there.
To read the full article click here.
Back to News and Events