The Skinny:
- The Security 2040 initiative envisions a future where identity-based access control is seamless, decentralized, and user-owned — flipping the current model so systems authenticate individuals automatically without requiring physical credentials.
- As privacy and cybersecurity concerns rise, the industry is shifting toward self-sovereign identity, where users control and encrypt their own identity data.
- By 2040, convergence between physical and digital security systems—driven by biometrics, mobile credentials, and AI decision-making—will redefine convenience and protection.
What will security look like in 10 or 15 years? This age-old question is behind a new project spearheaded by the Security Industry Association (SIA) and the Access Control Executive Brief to bring the brightest minds in the industry together to ponder the future of security in the year 2040. SIA’s Security 2040 initiative presents predictions and perspectives on how future security technologies will evolve and be deployed and aims to inspire the global security industry to think about what could soon be possible through the continued development of security technology.
Access Control Imagined
With the conversation today often centering around identity and the use of some type of credential — whether it is a physical card or fob, a digital credential on a phone or through biometrics — much of this article focuses on how technology around the door will continue to evolve over the next 15 years. Will people become more comfortable with how new technology uses their personal data to make things easier and more convenient? And can the industry offer this convenience while still providing the same level or higher of security that they’ve known in the past?
“What we’re witnessing today is proliferation — a widespread increase in identity-based systems and their adoption,” says Lee Odess, CEO, Access Control Executive Brief. “However, what our industry desperately needs is democratization — the process of making identity accessible and equitable to a broader audience by reducing costs, complexity and exclusivity. The current landscape remains expensive, complex and restricted to those who are either integrated into existing ecosystems or, in Big Tech’s case, granted permission to participate.”
In the future, Odess sees the whole paradigm flipping where the user does not have to present anything when they get to the door, so there is a much more seamless experience for the user.
“When you go to a building, typically now if you're supposed to be there you present a card or a fob or now we're starting to see a mobile credential that's given to you – but it's not really an identifier of you; it's just that you happen to have that and then the system responds,” he explains. “What I believe will start to happen as things go more digital, I'm going to show up and express myself to the building and it'll be authenticated based on policy and the systems being able to make decisions both at the edge and in the cloud. It can then make decisions whether you should have access or not, so the way that the system works completely flips versus me bringing the identity that was given, I now bring my identity and instead of me responding to the system, the system responds to me.”
Kabir Maica, co-founder, PassiveBolt, agrees, noting that the user owning and controlling their own credential will allow things to become totally frictionless in the future.
“We basically just flipped the paradigm on its head, which is you as the user are now central to the system,” Maica explains. “And what that means is just imagine you, the user, own and control your own information, your own identity information, and you create your own digital identifier so that we would create a decentralized ID that identifies you and you alone. And now picture being able to use this user profile that you store yourself to be able to seamlessly access virtual spaces and physical spaces because you're able to assert your identity across all digital platforms using that one profile, and service providers are able to get identity information from you needed to provide that service.”
Johan Eliasson, director of Innovation, HID Global, sees a similar future by 2040. "The identity will naturally converge, so that all systems identify the same person across physical and logical systems,” he says. “For convenience and efficiency-oriented organizations, physical security will be fully integrated with IT and building management systems. For security-oriented organizations, cybersecurity threats will pose limits to the openness and integration of all systems."
A Biometric Future?
Security 2040 sees the global digital transformation — and those driving this transition — as a driver of the new technologies that are gradually becoming accepted today, such as biometrics.
“The most significant shift is not the technology itself but how identity and our preferred modalities have evolved,” says Odess. “While mobile wallets have proven transformative —revolutionizing credential storage and elevating access control to mainstream levels and our industry’s first ‘luxury good’ — the real winner may be an unexpected bystander: biometrics. As identity-based systems continue their rise across sectors, biometric authentication is quietly positioning itself nicely. Few would have predicted when this journey began that the best marketing for a group that can’t seem to break through, would be wallets and near field communication.”
The true winner in all this digital transformation, he adds, is the customer because “they now have the choice of modality, experience and level of assurance desired. The true question with all this change is: Can we bridge the gap between proliferation and true democratization, making secure identity solutions accessible to all while maintaining the momentum we’ve achieved?”
Privacy Concerns
One topic that is at the heart of this identity and access conversation is privacy and the push back from those who are not comfortable with giving up their data or information, even if it means a more frictionless experience.
“I do think that we're trending toward individuals wanting to take back some control over their identity, especially with all of the data breaches that we're seeing happen globally,” says Antoinette King, founder, Credo Cyber Consulting, and director, Regional Sales East/Head of Cyber Convergence, i-PRO Americas. “So, one of the things that I'm really interested is this concept of self-sovereign identity and decentralized identity and that just basically means that the person whose identity it is or the organization whose identity it is actually owns their own identity and has control over how their identity.”
She continues, “What we're seeing right now is some emerging tech that's coming out in access control where there are cards that are available that hold your identity and it's encrypted, and then the use of a biometric with that card will unlock the identity information. The card holder maintains all the identity information and I think that's going to push the physical security industry outside of its comfort zone in learning how to address these kinds of concepts when it comes to access control.”
Maica agrees, noting that the industry will focus heavily on this area moving forward because the cost and challenge of cybersecurity continues to push security professionals to consider protecting people’s identity as part of the whole solution.
“Do you just continue to beef up your cybersecurity and compliance departments and spend money on that and face the legal jeopardy of the fines associated with all these privacy laws as most jurisdiction and countries start to protect their citizens right to their data, or do you find a way to provide those services without taking any of those risks by letting consumers store their own data?” asks Maica.
Isla Schanuel, project manager, ZBeta, adds, "Younger people who grew up on an ‘app-first’ Internet do not value privacy as highly as older generations. Going forward, not only will it be possible to roll out changes that may have been seen as an invasion of privacy in previous years, but the baseline expectation of privacy from your average person will be lower as well. Flipping this around, however, it is important to keep in mind the psychological consequences of the same. If everyone is used to being filmed all the time, then a security camera is no longer the deterrent it once was."
Pierre Trapenese, CEO, Northland Controls, points out that the biggest challenge moving forward continues to revolve around ethics and privacy.
“What degree do I give up my rights to privacy in order to be more secure or do I actually protect my rights and give up some sense of security?” he asks. “Technology exists today to be able to track me in almost everything I do and so in 15 years’ time that's going to be even easier to do and also broader like anywhere in the world and much deeper in almost any digital interaction I have … somebody would be able to track and make sense of the data, so privacy essentially goes away. So, what safeguards could be put in there and what is important for me to keep private will be a big question as we figure out what is truly private.”
Odess notes that the security industry has struggled with this privacy piece over the past 10 years, as security professionals try to balance security with convenience.
“People are starting to look at it and say, ‘Why does it have to be this way? It should be more convenient.’ But our industry would say, no it shouldn't, and that everything that's convenient is considered insecure, but [that approach] would slow the rolling out of new technology. Now you have a bunch of people from the external technology markets and investment [firms] going in saying I think we could deliver convenience and security and it’s going to be done by technology and I'm smart enough to do it, which is why I'm excited about what's ahead. I look at this as, sure is it uncomfortable because it's change, but it's change for the better if we really embrace it.”
Embrace the Change
As physical and cyber convergence continues over the next 15 years, Odess says there are opportunities for the security industry to help end users navigate this complex landscape.
“We should embrace more standards, and maybe we will by 2040,” he says. “But all those things to bring our systems into a larger value proposition that are needed, whether it's commerce or not, it's about security but it is wrapped around user experience, and that's where I believe we will be in 2040. I think it's upon us to change because it's an amazing opportunity, but if everything stays the same by 2040 … shame on us.”
He continues, “I will die on this hill that if we don't open our minds to a much broader marketplace, somebody else is going to. We may be that $10 billion market with an incremental growth of 3% to 12%, whatever it might be, but we're talking a much bigger percentage opportunity of change if we want to command the space that we occupy.”
Paul Ragusa | Senior Editor
Paul Ragusa is senior editor for Locksmith Ledger. He has worked as an editor in the security industry for nearly 10 years. He can be reached at [email protected].
