Redefining Access Control: Mobile Credentials Integrate Security, Privacy, and IT Seamlessly

Alright. Hey. Welcome everyone back to another episode of AMAG Asks. Kyle Gordon. Really excited today to be joined, by Rob Leduc, from Wavelengths. I'm gonna have Rob introduce himself here, in a second. But just just in general today, the the idea behind the conversation is to have a a very, you know, a very informal discussion around our our industry and and what feels like the pretty transformative journey it's on right now, especially as we sort of look at the, the credential space. So, Rob, why don't you introduce yourself? Kyle, thanks for having me. I'm Rob Lydic, president of Wavelengths, a a manufacturer of of credentials and readers and a bunch of other technologies in in the market based here in Broomfield, Colorado right outside of Denver. And I'm super, pleased to have the opportunity to chat with you. We're pumped to have you. So, maybe quickly, Rob, because I know you you dug quite a few things in the space before we get into our conversation today. Just a little brief background on sort of where you come from and, your past experience. So I started in the the late nineties in, in data, and I was in the in the data world. I was in the I was I called myself a bit of an IT dork working on on Ethernet and y two k and all kinds of things. And then I moved into, working in data centers and understanding heating, cooling. I did a lot of designs for that type of product. And then in two thousand and six, I entered the physical security world, and I started a company doing video, working out of Midwest, at a sort of big company that I end up selling, and then, moved to Colorado in two thousand and fourteen to grow a manufacturer up and sell it. And then I end up here at Wavelengths in in twenty twenty, which I'm super stoked to, to have been part of this leading this organization to the the forefront of of access control on on the credential and reader space. And maybe that's a good place to start. We can kinda work our way backwards. So, what what about sort of the credential and reader space attracted you to that opportunity? That's a awesome question, and it really is interesting. Like, in every industry, there's an ebb and flow. Like, there there's a expansion, then a then you move back to where it was. And and I look at computing, and I'd say, well, we went from dumb terminals when you're using IBM Token Ring to completely distributed networks. And I think we're almost moving back to that dumb terminal where I can now log on to any machine. I don't have to have my specific computer. I can actually move into that. Well, in the access control world, what I've I've come to find out is that it started in in credentialing and and what we could do. You know? What type of modalities? What type of credentials? And then it moved hard for a long time into into your world at AMAG where it's what rules and what features and how do I let somebody in a door? When do I let them? When should I not let them? And if this, then that. Like, a ton of logic and a lot of feature sets that got built into these access control platforms and AMAG certainly being at the forefront of that. But now we've come back to that whole world of credentialing. And quite frankly, now it's been tied more into identity, which has a whole different world of what that means. And that's what gets me super excited now of, wow. We're back in this world of the value of your identity in combination with when that door is supposed to open or not for the respective individual and who that individual is is really creating this amazing opportunity that, that we we see today. Yeah. No. I I I think, without being too hyperbolic, I I think we're absolutely at an inflection point. I can remember when I was in entry level sales in upstate New York, and I would have, reader and credential salespeople at my office with, you know, the see through cards or whatever and talking about, you know, Magstripe and the and the the transformation to procs. And from procs to, the different the different levels of security within, within a a smart card. Right? And then eventually also, you know, getting into biometrics. I and I I was involved quite a bit with sort of the one card discussion because I did quite a bit of work on universities, college campuses, and obviously they're they're a great use case and adopter of one card. What is it about sort of where we're going now? And I think there's maybe two conversations here, but what is it about now that the the market's ready or seems to be ready for this through this eventual, evolution into the next round of credentials, which which we're obviously, assuming is mobile, and we're assuming within mobile, that it's it's wallet. Right? There's elements of that. So so I guess maybe let's just start with that question. What is what is it about the current state that you're finding users to be ready for this conversation now more so than ever? I think there's two maybe more factors, but I'll start with two. One is time. That the time has passed. Their technology is legacy, and they're looking for a secure answer, one. And two, we've been led to an entire world where everything we do within a company, everything we do within a government, everything we do within a school, we're used to having a username, password, and some form of two factor authentication before we can get into anything. And we're logging into you know, we're getting notifications on text. We're getting, you know, just to give me a code or it happens every day in our life. It doesn't matter if it's my banking. It doesn't matter if I'm logging into Microsoft Teams or Google or whatever I'm logging into. I'm used to interacting with that to validate I am who I say I am right now. And customers are asking us, well, why can't I do that for access control? Because to your point, we started in in credentials, and and I got a I got a great card here. Right? We've all seen this. This is a Mac Freight card. And this is where access control started in the sixties and seventies. And, honestly, I went to college, in the nineties, and, you know, I still have my student ID. And my student ID had a mag stripe. And you know what? Colleges and universities invested in this big. And so do corporations. They're like, this is freaking awesome. Let's put these all the doors. We'll force everybody to swipe. And what do you know in your one card world? You're like, well, we can use that for lunch wipes too. And we can use that for for all these other applications for checking a book out of the library, for doing all these all those higher ed world. But in physical security for the corporate corporate world, we're like, well, we can use that too. Well, then, eventually, that migrated. That was that's a contact type of type of installation. You're making contact. You're reading off the mag stripe, and we all learned, woah. That's insecure. So to your point, we're like, woah. Now we can do contactless. And so we got the same card. Now I can just go up and beep. It beeps the reader. That was transformational as you're pointing out. Like, that blew people's mind. That you just put a card near it. It could read it, energize it, grab a card number. You're like, wow. Well, that first tech was procs. And then we're we we learned shortly thereafter. It's been almost twenty years. Prox is insecure. Anybody can copy Prox. And we're seeing all these devices all around the market where you can stand next to somebody, copy the card. You got machines in every freaking grocery store and pharmacy that copies, you know, physical keys. And and now they're copying cards, and it costs five bucks. So, you know, I can copy a key. And now companies, institutions, and and governments are going, woah. We have these cards. This has been great that we've been able to distribute out large numbers of cards. We made it a name tag too. Let me put your name on it. We put your picture on it. We put your company ID. It's, like, still a key that quite frankly, Kyle, you could pick up my card, has my name, my picture, my company says says wavelengths on it, and you can enter my building. There's nothing about that that stops you. Yet everything in our IT world, everything about how we interact with our banking, everything about how we interact with you know, social media or even, you know, our our our workplace tools would never allow that. And so customers are saying, hey. We got this thing in our hand. How do we go about using this? And so they're like, wow. I wanna use this device that I never take out of my hand and the kids are glued to. How do I make that happen? Which has migrated us to a new window where in two thousand and eighteen, Apple allowed us to have wallet for higher ed. And I had the privilege of getting to work with them for a number of years where they're like, well, let's move into into other markets. And today, we are in commercial. We're in multifamily. We're in higher education. We're in lots of other new verticals where today, now my credential is on my phone, and that's a wallet credential. But guess what? It can do all those things that IT wanted me to do, which was I'm gonna use to get my corporate ID. I've gotta enter my username, my password of two factor authentication or even passwordless, which is an an an awesome concept as well, to move to a world where every time I present this credential, quite frankly, it can validate I am who I say I am. And as an administrator, I I'm I operate and manage that no different than I manage a computer. If an employee is no longer with us, you change their password, and they can't get access to those devices. You could do the exact same thing here. You didn't have to ask for a credential back, and it wasn't copyable. So that's really, really a fun journey that I went walked through of all the way from, you know, Magstripe, which is still being used quite frankly on gas stations. Like, everybody knows that can in a heartbeat. All the way to, well, now we're using Wallet. And I and funny enough, I now use Wallet to pay for my gas because I don't wanna put a physical card in there. Yeah. I think it's it's we're going from the really, the purpose of the ProxCard was to remove the the key because at at one point in time, there was too many master keys bidding getting distributed, whether it's in a facility or house campus or whatever, which which was inherently a massive security risk. So the the car purpose was to replace the key. And, it feels like we're at the very, I wouldn't even say early yeah. Early stages, I guess. Not infancy for sure, but early stages of this replacing the car. Is that too bullish of a thing to say? No. It's not. And interestingly, you know, I started in nineteen seventies, and I said, oh, we're doing Magstripe. And the the harsh reality is a lot of those college campuses never changed. A lot of those corporations never changed off of Magstripe. I still walk around with some customers and they're like, yeah. We know it's thirty years old. We gotta we didn't ever find the budgets to go do that. Some that did, maybe may maybe they moved to Crocs or maybe they moved to a a secure credential, which is about forty percent of the market moved to that secure credentialing technology. And it took them years and years and years. And and Kyle, you and I have some customers that we know that are massive corporations that exist on products. And those organizations could never find the financing to upgrade their panels and upgrade their their world to move to a more secure credential. But today, I I'm absolutely blown away to see customers, end users, finding money in a heartbeat to move to a wallet credential. It is remarkable. I've been trying to push people to secure credentials using My Fair DebtSpire for for five years with some of these customers, and they would never move. They're like, nah. I I don't have the the readers. I don't have the finance to go do it, but I show them wallet, and it ties their IT to their physical security and manage through, information management system or identity management system. Holy heck. They're like, here's your money. Let's replace those readers. Let's upgrade now. Is that the unlock? Is it that that finally maybe Wallet has allowed the the security champion to have a common sheet of music with with the IT team. So it allows them to to really work together in a way, maybe in in the past, they weren't able to as effectively. Is that is that what you think kind of is the big unlock there in sort of that demand? It is. And so when you look in large organizations, you get the chief security officer and you get the chief information officer. Two different silos, one's a cost center, and one's viewed as a profit center. The CIO world is viewed as a profit center. So we all in the physical security world, we're we all been saying, well, all the money's over in IT. We watched that actually happen in video. Like, the video people are like, it's all gonna go on your network. It's gonna go all IP, and you can manage it. And the IT people are like, hell yeah. We're in. Right. And now this from an access control perspective is even more powerful. Because now those two organizations, they're not colliding, but they're augmenting with one another because it can speak the same language. Because to your point of the we all carry around a brass key. Right? Carry around a brass key and open open and close a door. And when somebody lost a master key, we had to pay them to go around and undo that. Well, access controls, we were like, well, this is great. We have a key that we can just roll the keys and give everybody new pieces of plastic. We'd have to change the locks. We just change this. Give everybody new piece of plastic. Now we don't have to give people new pieces of plastic. We just roll keys within a wallet credential and ta da, everything is secure again in the event that any compromising were to were to happen. And and an IT manager, alongside with a physical security professional, can manage all of it. So if if, you know, if you're an end user and and and you're you're having these conversations, I would expect that your entry into this discussion may be a little bit overwhelming. If you haven't really especially if you have, I mean, it's overwhelming if you have a hundred people, but if you have ten thousand cardholders and you start to really think about what this looks like, I would assume that the lack of adoption out there right now, part of it may just be because it's it's overwhelmed. Right? And not every frankly, not every end user out there has a robust IT department sitting there too to support them in this migration. So I guess what would be your, what would be some of your guidance to to someone who's just starting to maybe entertain the idea of adopting a an access control credential on mobile one primarily? Well, So the first step is just test it. Like, get a reader that supports wallet. Get a credential. Have it work with your access control. And this is where we've seen a lot of success where the physical security people know that they wanna bridge the gap over into IT and make their infrastructures more secure. They also know that everybody's touching their device. They want they want this, whether it be corporate issued device or a BYOD, bring your own device type world as well. We have large, large end users that we just put it on a single door for them so they could test it with companies like AMAC. And they just they just feel it, see it because we're all using Apple Pay, Google Pay, Samsung Pay to buy things. My driver's license is in my wallet, and we know the sound of it. We know what it feels like. We know what it how it operates. We know how far away from a reader it is, and it just works. And then that organization says, yeah, we want this big and here's how we're gonna begin to roll this out. And so they start with a building or some start with ten and then they move out. And it scales really, really well because I'm not bringing people into the into an office to give them a one on one credential. Where I'm not shipping via UPS and spending seventy to eighty bucks per person for an individual card. That's the first step. Just try it. Like, it it just becomes a no brainer for them. And invariably, you know, you you began to break it down at the beginning of this talk, Kyle. There's two types of mobile. Mobile's not mobile. Under mobile, there's b l e, which is app based. You know, it's a it's an app that resides on your phone that we didn't have access to do it any other way in the access control world because Apple locked it down, Google locked it down, and we didn't have any other way. But people wanted to use their phones. And then environments like your customers where you have very large entities, they're like, there's no way I'm letting that through. It's not cybersecure. It's not user friendly. I don't know how far away I gotta be. Like there's all kinds of issues that it didn't get wide adoption. And at Wavelengths, you know, we've been providing these things for nine years now. And but now with Wallet, Apple and Google are fully behind this. And it's first it's not an app. It's a function of the device. So it does things that other credentials couldn't do. It validates identity. And on the user end, it works if the phone's dead to get you to a secure area. And an administrator can manage it with any user anywhere at any time. And even better yet, the individual that holds the phone. So I, as Rob, I lose my phone. I can log in to my iCloud account and say it's lost, which removes all my wallet credentials and my credit cards out of my wallet instantly. All that's when I find it, and I go back to my iCloud account and I say, ta da. I found it. And it reprovisions all of those. It this new technology opens so many doors for people that they never knew they wanted opened, but now they're just running through it. We've we've talked a lot about the door specifically opening, but you're almost bringing it back to our one card solution. Now your one wallet, one badge solution. Does that, I mean, I don't mean it to be a leading question because it's not. It it's it's a legitimate question. Is that open your ability as a both as an end user who's provisioning credentials or also a user of the credentials to, I mean, you mentioned licenses. You know, the thing that I think about back with the university space was your dining, your fitness center pass, so these other things that would traditionally be in your wallet as a separate pass. Is that the route we're going down now with the mobile credential within within a wallet environment? I think that all of these technologies that are introduced in the wallet from payment to driver's license, It just happens to be my my Colorado driver's license and my wallet to tickets from Ticketmaster to, loyalty programs with airlines and credit cards and, shopping centers, all the way through, you know, cash apps and all these other things that are part of that, we are gonna be in the wallet for a long period of time. States have began to rapidly adopt these mobile driver's licenses that are residing in these wallets because they're secure. In access control, it's only a matter of time until we begin collaborating with those other use cases that say, oh, okay. I want to pay for a book. And I've got a payment card, but I'm also an employee here, but I wanna associate my personal card that doesn't exist today. It's nothing to say it can't exist tomorrow. Or I, as an employee, wanna submit my driver's license rather than hand somebody in HR a driver's license. I wanna send it to them via the wallet and have that somehow authenticated into my corporate access control credential. All of those opportunities are going to continue to reveal themselves over the next ten, fifteen years. Today, we're in the beginning stages of it. I've never seen a technology in access control, which everybody knows access control operates really slow, move this fast. And it is transforming our industry at a rate that we've never seen before. Let me, just just make sure we expand on the one point because I think we and then we can end with this. But I I think we hit on the convenience thing. The convenience factor is pretty obvious. Right? Now that it's that while it lives in our daily life, I I don't think you're gonna find many people that would argue that it's inconvenient. But we we we briefly touched on the the secure nature of the credential. So maybe we could expand on that just a little bit here, Rob, because I think that that is a really important piece of the discussion is is is the security of the credential itself and how much we're we're trusting this credential to be secure. Yeah. So the access control credential resides on the same infrastructure, and we are forced to the same test that you would rely on a payment perspective. So all of the credit card issue is the Mastercards, the Visas, the American Expresses, they all have a infrastructure that ties back to the wallet providers with Apple, Google, and Samsung. We have a very similar infrastructure that has those same levels of security associated with it. And most importantly, in my perspective, the levels of privacy that me as a individual, as Rob Lydic, that I'm bringing my phone into an organization. I wanna know that I'm not sharing my private information maybe with my employer. Apple specifically believes in privacy in a massive extent. And and I'd encourage any of the listeners to go to apple dot com forward slash privacy, where they say privacy is a human right. And I I personally agree with that. And with the native security associated with the wallets that we could never create an access control. And combined with the protection of my privacy as this is my device, but I wanna put a corporate credential on it. No different than I put a credit card or a driver's license or other stuff. I wanna share with my employer what they have the ability to and and the right to see. They get to know that that I am who I say I am. They get to know when I enter the building. But they don't need to know. I mean, nobody other than nature needs to know when my birth date is. Alright. They don't need to know where I live personally. I don't wanna share that information, and that is native to these wallets where even in my driver's license, it's kinda fun. I can use my I can go through and buy food on an online app. It can reference my driver's license in my wallet and only share that I'm over twenty one. And now that validates a transaction. And I didn't have to I didn't have to hand somebody a card that has all my personal information, and I used to have our social securities on it. But now that that's smart, they got rid of that. But still is my address, my sex, my weight, my height. I don't need to share that with a bouncer that wants I wanna get into a bar. And the wallet is is one of those functions that I I personally love it as a as a consumer that it's ultra secure. I can trust. I can have some influence on. It complies with things like GDPR, and it protects my privacy. Like, super cool. Very cool. Well, it's certainly a fascinating conversation. Probably could do this for another two hours, but, we'll pick it up at another time. But, Rob, thanks for joining today. We very much appreciate your insights on this topic. Thanks, Kyle.