Solving multi-site security pain points for HR & Facilities, IT, C-Suite and Compliance

Securing a multi-site business is a whole different ball game to securing a single-site one.

Single-site business owners are responsible for one location and one set of staff, with one system for access control, one for video surveillance, one for fire and burglar alarms, one for energy management and one for environmental hazard monitoring. More commonly nowadays, a single-site business may have one or two holistic systems that encompass several or more of these security functions.

But a multi-site business manages security across multiple properties with different sets of staff and some staff that go between sites. Maintaining a consistent standard of safety across all of them necessitates a much more comprehensive strategy than for single sites. Systems should be implemented and used differently if a multi-site business is going to operate successfully as one cohesive unit.

Many corporations find physical security of multiple sites a challenge. This article outlines the most common pain points experienced by C-Suites, Facilities and HR, IT, and Compliance departments, and explores the possible solutions for each.

Note: while these are problems that specific teams have, they can cause major issues for the company as a whole.

Pain points and solutions for C-Suites

The main pain point for the C-Suite is having to carry multiple access cards for all the different offices they have to travel to. All of these cards need to be distributed, managed, updated and replaced separately, which is a hassle. The more sites the company has, the bigger the issue is.

There are two potential solutions for C-Suites: a one-card solution or a mobile pass. A one-card solution does what it says on the tin but takes a lot of time and effort to deploy. This is because it requires combining all the different technologies for entering different sites into one card. It’s doable, but it’s challenging and expensive.

A mobile pass relies on software, not hardware. It is an Internet of Things (IoT) solution that enables remote control of connected doors and entryways from a smartphone, simply by downloading an app. This makes it quicker to deploy and you don’t even need a reader. When the executive arrives, they open the app on their phones and select the door they want to open. The mobile pass sends a message to the cloud and the cloud sends a message to the door to release it.

Pain points and solutions for Facilities, Operations & HR

The main pain point for Facilities, Operations & HR teams is difficulty distributing and retrieving access cards. Sites may be using different technologies and Facilities & HR have to keep track of which sites are using what so that they know the right cards to order when a new employee joins. They need to ensure that cards are given back when an employee leaves so that the employee’s credentials can be deleted and their card can be reused. They also have to log lost or stolen cards and make sure the IT team—or whoever is managing the adding and removing of cards—takes those cards off the system immediately.

Sometimes, because of the complexity of having different access control systems across different sites, this doesn’t happen, and companies end up with rogue cards in the system. This creates a potentially disastrous security risk as it means a stranger or strangers now have access to your buildings. If cards are not retrieved to be reused, this also results in the wasted costs of ordering new ones.

Mobile passes instead of cards are a great choice for Facilities and HR teams. You can control and administer them remotely and there is nothing physical, i.e. cards, to keep track of. This makes for a much safer and less clunky system, with better and more sophisticated levels of reporting and auditing.

Another great solution to this problem for Facilities & HR teams is the integration of your access control with your HR systems, like the one Welcome Gate recently built between S2 and Workday. S2 is a physical security platform and Workday is a HR, finance and enterprise resource planning system. Our integration—which relies on both systems’ open/public application programming interfaces (APIs)—means that when a new starter is inputted into Workday, an access profile is automatically generated for them in S2. Equally, those credentials are automatically disabled when the person leaves, eliminating the potential for ex-employees to be left in the system. (Our S2/Workday integration also enables companies to generate mobile passes instead of cards.)

Where integration isn’t technically possible (because the systems are old and don’t have APIs), a physical identity and access management (PIAM) solution can achieve the same result. PIAM is a sophisticated software overlay that pulls data from disparate systems into a new system. This simplifies security management by automating cardholder administration and other manual processes and giving teams central control of all systems through a single user interface. PIAM can be expensive to implement but it means that you can enable legacy systems to exchange data without technically integrating them. This saves on having to rip everything out and start again.  

Pain points and solutions for Compliance

If the pain for Facilities & HR is that they have to stay on top of lost, stolen and no-longer-in-use access cards, then the pain for Compliance is when they don’t do this. Compliance’s position is simple: there cannot be any rogue cards in the system. That would mean the business is not compliant from a security standpoint, which can have devastating implications if they’re audited.

A further pain point for the Compliance department is that they are the ones producing the security reports. This isn’t easy when all the data is coming out of different, disparate systems, and takes a lot more time than if they were dealing with one system, with one interface.

The solutions for Compliance are the same as those for Facilities & HR. It’s just that Compliance’s motivation for having those solutions is different. While HR want a system that’s user-friendly and fast, Compliance want a system that works properly and keeps the business in line with its requirements.

So Compliance, too, would benefit from the integration of different systems. This could either be a technical integration like our S2/Workday integration. Alternatively it could be a spiritual integration using a PIAM overlay. Whatever the method, it will make reporting easier and faster because all the data is coming from one place. At the same time, enabling the easy and/or automatic removal of access credentials when cards are lost or stolen, and when employees leave, dramatically reduces the risk of having rogue cards in the system.

Pain points for IT

IT teams struggle the most when it comes to securing multi-site businesses. That’s because they’re the ones in charge of making sure all the different systems, across all the different sites, function. And function properly.

This is not an easy task for several reasons. Many multi-site companies are using on-premise systems that can’t be centrally controlled. This means the IT team have to travel between the different sites to maintain, update and back up those servers. And typically they’re managing systems that are old and clunky and don’t interact with one another, creating duplication and scope for error. Legacy and on-premise systems can make basic tasks such as the adding and removing of access credentials extremely labour-intensive. It’s also the case that if old, on-premise servers underpinning vital security systems fail, IT have to deal with the fallout.

The best solution for IT is moving all the business’s security systems into the cloud. This shifts the burden of maintaining and updating those systems to the cloud provider. It also makes it easier to manage them, because they’re all in one place. And if they’re integrated, which is much easier with cloud-based systems, it means that a lot of routine IT administrative tasks are capable of being automated.

In addition, cloud-based access control systems are more likely to involve mobile passes than physical cards. Mobile passes are more easily created, changed, updated and deleted on account of being software-driven rather than hardware-driven. In other words, they’re less of a headache for IT teams.    


New technologies have brought various ways of alleviating the pains and challenges of running a multi-site security operation. Those ways vary in scope and expense and the key will be in balancing the cost of stripping out old systems with the return on investment of a new one.

It will involve looking at how much money, time and hassle you could save for your C-Suite, IT team and HR department by moving systems to a centrally controlled spot in the cloud, replacing physical cards with mobile passes, and harmonising different security and enterprise management systems into one cohesive whole.

It will also involve looking at how much safer your business and its data could be, and how much better your Compliance team would sleep, if your systems were centrally maintained and received automatic updates and fixes on the fly.