Many workers no longer get a mechanical key to the office. They get an access card, an electronic key programmed to get them into the office and that can be set to deny them access to restricted areas. But that doesn't mean the mechanical lock and key are gone. They're just less visible than they used to be.
And thus easier to forget. That makes keys an unexpected security vulnerability.
Mechanical keys create unique security headaches—ironic, since the key was obviously created as a security device. Earlier this year, at least $2,000 was stolen from police evidence lockers in Fruitland Park, Fla. It turned out that the city's master key opened the evidence lockers and also the city's vault, which was discovered only after one copy of the key went missing. Separately, RBC Bank was forced to change the locks on 112 branches when a master key machine was stolen from a service van.
Keys don't have to go missing to be a security hazard: In 2008, a jailbreak was attributed to a corrections officer leaving a key in a lock while he worked to fix a toilet. The key was pilfered and passed along to other inmates in the cell block. They used it to unlock other plumbing closets, then returned it to the lock, all in the space of about 10 minutes. Then eight convicts, including a convicted murderer, snuck into one of the closets, cut a hole in the ceiling and escaped.
Mechanical key systems still represented a $4.7 billion market in the United States in 2007, according to Freedonia Group, a market research firm in Cleveland, Ohio. That's much smaller than electronic access systems, which accounted for $7.8 billion in sales and represent the fastest-growing part of the $62 billion security equipment market. Even so, Freedonia projects U.S. mechanical key sales will grow at about 2.8 percent annually through 2012. Plus, demand from emerging markets worldwide means mechanical systems still make up the biggest part of the market for physical access control.
Electronic access cards offer versatility—one card can be programmed to access parking, the front door, the office and the vending machine, says Paul Everett, research director for IMS Research's access control, fire and security group. They're also easier to manage. But, he says, electronic systems typically cost more, and may not make financial sense unless a firm wants to avoid having to manage hundreds or thousands of keys.
There's also the simple familiarity issue: We're accustomed to using keys.
Even today, very few buildings in the United States are built without physical locks. In fact, "You can look at electronic key systems as add-ons" to mechanical locks, says Jeff Spivey, president of Security Risk Management in Charlotte, N.C. Spivey says that some extremely high-security government buildings, primarily for defense use, do not use any mechanical locks, but otherwise the mechanical lock remains an essential element of building security. Even if doors have electronic access control, internal systems with mechanical keys may include HVAC controls, elevator controls, electrical boxes, medicine cabinets and generators.
While electronic keycard systems are easier to manage from a central location than physical keys, Spivey says that mechanical keys continue to have important advantages: Notably, they still work when the power goes out.
Keys are "very, very important—most electronic systems you put in place usually have key backup," says Bernard Scaglione, director of physical security at the Weill Medical campus of NewYork-Presbyterian Hospital. He says keys will never go away—"electronics fail, and you need an override."
Scaglione employs three full-time locksmiths among a security staff of 150. This year he will spend about 20 percent of his $6.5 million operational budget on mechanical locks, in part because of extensive renovations taking place in the 4 million square feet of facilities he manages. A normal year would see about five to seven percent of the budget going to handle key changes. In contrast, between 30 and 40 percent of the budget will go to installing new electronic card systems this year, also unusually high due to renovations. NewYork-Presbyterian, like many big institutions, pays for exclusive copies of key blanks so the keys cannot be copied at outside locksmiths.
Scaglione notes that when a card reader is added to a door, the existing lock is not usually removed.
Electronic keycard systems can be set to ring alarms if someone uses a physical key to get into a door, but these setups are prone to hacks, says Spivey. Employees will prop doors open when they go out to smoke or run a quick errand. His firm recently engaged in a systems assessment at a facility that had 130 access control doors: 70 on its main campus and 60 in remote locations. It found that the alarms went off 40,000 times a month. It turned out that the system was poorly engineered, causing an alarm to ring almost any time a door was opened. Spivey says he told the client to simply unlock the doors. "Nobody's going to respond if there's an alarm," he says.
Keeping track of mechanical keys
Since mechanical keys aren't going away, the challenge is to manage them more effectively in hopes of avoiding nightmares like having a master key go missing. When mechanical keys are used as a system override, they eliminate an audit trail. These trails matter, says Scaglione, because a typical day might see his department fielding requests on subjects ranging from thefts to whether the custodial staff came in to clean. NewYork-Presbyterian has used some form of key control box for the 14 years Scaglione has worked there. With such systems, keys to various parts of the building are stored in one box, controlled by an administrator or security person, and logging is computerized. Such systems replaced manual logs, where supervisors wrote down the number of a key taken, who took it and when it was returned.
In Scaglione's case, NewYork-Presbyterian's pharmacies adopted a key-management system made by Morse Watchmans, one of a number of companies in this business (others include KeyTrak and KEYper Systems). It automates the process of tracking who checks keys out and what keys go to what locks, helping determine who has access to what supplies for specific periods. In addition, in an emergency such as fire or flooding due to a broken pipe, the system helps the hospital track and control who gets access to keys.
Scaglione says one new facet of key management technology that he thinks is worth noting is the integration of surveillance cameras with mechanical lock-and-key systems. The cameras snap photos of anyone who uses a physical key. Though the hospital has yet to adopt such a system, he thinks it would be useful in high-risk areas like drug supply cabinets and operating rooms, which contain valuable equipment.
At Sheppard Air Force Base in Wichita Falls, Texas, Tech. Sgt. Michael Klumpp implemented a KeyTrak key control system in 2001 to help create better audit trails at the 252-room dormitory he oversaw. His previous system was a padlocked metal box that held keys to each room, including a backup key in case plumbing, maintenance or other work was needed. A ledger was used for signing keys in and out. He and another supervisor controlled the padlock, but there were issues with tracking the paper receipts when keys were checked out. He worried also that if someone cut the padlock, that person could easily access any room in the building, because all the keys were in order, labeled by room number.
The KeyTrak system is controlled by a PC, which allows access to the keys only after the correct code is entered. Keys are separated into drawers based on how many keys there are (his facility needed two drawers). But keys aren't labeled or kept in order, increasing security in case of a system breach. Klumpp said the system has made it simpler to audit who's using rooms. It also allowed him to track room inventories. He subsequently installed it in three large new dorms and recommended it to counterparts at two other military bases.
It's not a perfect system—for example, it's proprietary and requires occupants' personal information to be entered separately into its database, even if they've already been enrolled in another system. Klumpp, now a civilian engineer at the base, says this "double entry" problem was one reason that subsequent managers decided not to adopt the system in a new dorm. But it's still in use in the facilities where he had it installed as well as at the base's hospital. "It was a big improvement," he said.