When organizations evaluate moving from legacy proximity cards to modern encrypted credentials, most would think that the conversation often centers on technical capabilities: encryption strength, credential cloning risks, and mobile wallet integration. But in my experience working with customers at PDQ, the technical merits of a new system are rarely the deciding factor.

‍

The real barrier to upgrading access control systems isn't technology—it's project management.

‍

The Hidden Complexity of "Better Security"

‍

On paper, the case for upgrading seems straightforward. Modern credential technology offers dramatically better security than 125 kHz proximity cards. The technology exists, works reliably, and is proven in thousands of installations. So why do so many organizations continue using systems they know are vulnerable?

‍

Because moving to something more secure introduces variables that go far beyond the technology itself. Each of those variables represents a decision point, a coordination challenge, a potential cost, and a risk that something won't work as planned.

‍

The People Problem

‍

Let's start with the human element. Modern access control systems require a different level of technical expertise to manage and maintain. These are increasingly software-defined products with configuration options, integration requirements, and management interfaces that demand real technical understanding.

‍

This means organizations need to either:

‍

• Train existing staff on new systems (time and cost)
• Hire technically capable personnel (higher salary costs)
• Contract with integrators or managed services (ongoing expenses)

‍

For a small facility with straightforward access control needs, this might be manageable. But for large organizations with multiple buildings, hundreds of doors, and thousands of users, the personnel requirements alone can be significant.

‍

The Scale Challenge

‍

The project management complexity scales exponentially with the size of the organization. Consider what's involved in a large-scale upgrade:

‍

Hardware Deployment

‍

• Coordinating physical replacement across multiple buildings
• Scheduling installation to minimize disruption
• Managing contractor access and coordination
• Handling building-specific requirements and constraints
• Testing each installation point

‍

Credential Migration

‍

• Issuing new cards or mobile credentials to all users
• Training users on new technology (especially for mobile credentials)
• Managing the transition period with temporary dual-credential systems
• Handling exceptions for visitors, contractors, or temporary staff
• Establishing new workflows for credential lifecycle management

‍

System Integration

‍

• Connecting new hardware to existing building management systems
• Integrating with HR systems, visitor management, and elevator control
• Ensuring compatibility with video surveillance and alarm systems
• Updating security policies and access rules
• Testing integration points under real-world conditions

‍

‍Operational Continuity

‍

• Maintaining security during the transition period
• Having fallback plans if components fail
• Managing user frustration during the learning curve
• Coordinating across multiple departments and stakeholders

‍

Each of these categories represents dozens of decisions and hundreds of tasks. For a multi-building campus, we're talking about a project that could span months or years and touch nearly every department in the organization.

‍

The Cost Equation

‍

When organizations evaluate upgrade costs, they often focus on the obvious line items: new hardware, new credentials, and installation labor. But the true cost picture is more complex.

‍

Direct Costs

‍

• Readers, locks, panels, controllers
• Encrypted cards or mobile credential licenses
• Professional installation
• System integration and programming
• Project management and coordination

‍

Indirect Costs

‍

• Staff time for planning and coordination
• Training for security and facility personnel
• Productivity loss during the transition period
• Potential security incidents during migration
• Ongoing management complexity

‍

Hidden Costs

‍

• Troubleshooting unexpected compatibility issues
• Rework when installations don't meet requirements
• Extended timelines requiring additional project management
• User support during and after transition

‍

The financial calculation becomes: "Is the security improvement worth not just the technology cost, but the total project cost, including all the complexity and risk?"

‍

Why Legacy Systems Persist

‍

This explains why proximity cards have remained so prevalent despite their well-documented security vulnerabilities. Yes, they're terrible for security. But they offer something that's valuable in its own way: simplicity.

‍

Prox is essentially interoperable across all hardware by virtue of being an old, widely-adopted standard. The technology is well-understood, troubleshooting is straightforward, and finding qualified installers is easy. Until there's an alternative that delivers better security while maintaining similar levels of simplicity, interoperability, and affordability, the inertia is enormous.

‍

As I often tell customers: it's extremely hard to convince someone to tear out something that's "working fine today," even if we all know it's a security vulnerability waiting to be exploited.

‍

The Value Proposition Must Be Complete

‍

This is why hardware manufacturers can't sell on technology alone. We need to address the complete picture:

‍

Cost: Be transparent about total cost of ownership, not just equipment prices

Reliability: Demonstrate proven performance in real-world deployments

Standards Compliance: Show commitment to interoperability to avoid future lock-in

Features: Deliver tangible benefits beyond just "better security"

User Experience: Make the system intuitive for both administrators and end users

Support: Provide long-term commitment to the platform and clear upgrade paths

Project Support: Help customers plan and execute the transition successfully

‍

Decision makers need to weigh all of these factors against the complexity and cost of the upgrade project. If we can't make a compelling case across all dimensions, the project won't move forward regardless of how good the technology is.

‍

Making Upgrades Achievable

‍

So how do we as an industry make these upgrades more achievable? A few approaches are helping:

‍

Phased Migration Strategies: Rather than requiring complete system replacement, support universal readers and credentials that allow gradual migration while maintaining legacy support during transition.

Better Tools: Provide better project planning resources, deployment tools, and management interfaces that reduce the technical burden.

Standards-Based Approaches: By building to universal standards, we reduce integration complexity and give customers confidence they won't be locked into proprietary ecosystems.

Realistic Expectations: Be honest about what's involved in an upgrade and help customers plan appropriately rather than oversimplifying the process.

Integration Support: Work closely with systems integrators and end users during deployment rather than just delivering hardware and walking away.

‍

The Bottom Line

‍

Technology upgrades in the access control industry aren't just technical decisions—they're organizational change management projects. The technology is often the easiest part.

‍

As a manufacturer, I've learned that success requires understanding the complete picture of what customers face when they consider upgrading. It's not enough to build better locks and readers. We need to think about how those products fit into larger systems, how they'll be deployed in the real world, and how we can reduce the project management burden rather than adding to it.

‍

For facility managers and security directors considering upgrades, my advice is to plan for complexity. Budget not just for the technology, but for the project management expertise and time required to do it right. Demand support from your vendors—not just technical support for the products, but deployment support for the project.

‍

The security benefits of modern access control systems are real and significant. But realizing those benefits requires successfully navigating the project management challenges that come with any major technology upgrade. By acknowledging that complexity and planning for it explicitly, organizations can make better decisions about when, how, and whether to upgrade their access control infrastructure.

‍

Read the complete series:

‍

• Part 1: The 30-Year Problem: Why Access Control Hardware Lives Longer Than Its Technology
• (This) Part 2: Beyond the Technology: Why Access Control Upgrades Are Project Management Challenges
• Part 3: How to Compete When Everyone Uses the Same Standards

‍

‍