Multi-Branch Bank Access Control Conversion
A large financial institution experienced growth that left them with disparate and outdated access control technology across branches. We helped them plan and budget for a seamless transition that gave them consistent cutting-edge technology that improved safety, business continuity, and employee experience.
Our client
A large financial institution in Michigan started out with just a few small branches when we began our partnership 30 years ago. Since then, they have experienced incredible growth as they’ve merged with several statewide banks. Today they have 50 branches across Michigan with access control, fire, intrusion, and video management systems comprised of hundreds of card readers and cameras and thousands of fire and intrusion devices.
The pain
With this growth, the organization was able to better serve clients across Michigan. But the mergers also left them with disparate and outdated access control technology. Instead of one platform, they had two to manage and maintain. This led to longer lead times for credentials when hiring new employees, moving employees between locations, or revoking access from former employees. Because the manufacturer no longer supported much of their technology due to its age, they also experienced delayed response and resolution to issues when, as their security partner, we were unable to engage technical support for complex issues.
Uncovering the vulnerability
Through a Technology Utilization Assessment, we analyzed the bank’s technology and interviewed key personnel spanning multiple branches. This allowed us to:
Gain a deeper understanding of the status of their security and internal processes for using it.
Identify vulnerabilities, inefficiencies, and pain points.
Provide recommendations for improvement.
In our findings, the outdated access control technology proved to be the biggest vulnerability. Since the access control system is an extension of the client’s network, it was subject to regular penetration testing and requirements and always performed poorly. The lack of manufacturer support meant that they could no longer patch their access control software and servers with critical updates, creating a significant cyber risk. After reviewing the assessment report with our client, we agreed this deserved top priority due to the risk it posed to cyber security and operational efficiency.
Closing the gap
By engaging proactively, we were able to prolong the use of the current system long enough for the client to budget for a change and avoid unplanned expenses. During that time, we explored and evaluated available solutions, considering the client’s immediate security needs, budget, and potential long-term requirements. Together we chose a platform that leveraged open-source technology for three reasons:
It would safeguard their investment, avoiding "rip & replace" situations later.
It would allow them to leverage multiple technologies now and in the future.
It would offer the security and flexibility needed for regulatory compliance.
Building on what they had, we converted all branches on the older access control system and incorporated them into the newer system. This gave them a single access control platform, renewed hardware and software support, and room for growth.
The end results
During the conversion of their outdated access control system, the bank experienced a seamless transition because we utilized their existing credentials and card readers - it was business as usual at each branch we converted. Today, changes to access cards, door schedules, and user codes can take half the time to complete. With renewed manufacturer support, we can provide expedited resolution to complex issues. Lastly, the bank receives regular software updates that continually enhance the features, functionality, and cyber security of their system – it is no longer a red flag on their penetration tests.
With this conversion, our client has taken great strides to improve safety and security, business continuity and resilience, and employee experience.
Ongoing care
Through recurring audits, managed access control, software updates, and annual Technology Utilization Assessments, we continue to monitor the bank’s security data. This ensures our initial recommendations are working, flags potential issues BEFORE components fail, and achieves the best long-term results for the organization.
If you find your organization in a similar situation, we’re here to strategize and find the best path forward to maximum security performance and operational efficiency.