How Integrators Can Benefit From Using Open Platform Systems
By utilizing open standards, manufacturers of access control products are able to offer ‘best-of-breed’ options for integrators to deliver to customers, often at lower cost and increased levels of security.
Systems that use open standards can be beneficial for both end users and integrators.
Proprietary Systems Aren’t Going Away
Of course, chances are you have plenty of customers with older proprietary systems. Should they keep using them until the end of their lifecycle? While it might seem most cost effective to take this approach, that actually might not be the case.
Sure, the end users might be able to save money in the short term, but they are leaving themselves vulnerable the catastrophic failure and potentially unable to add upgraded features, install bug fixes and make cybersecurity improvements.
“People will always cling to brand loyalty, even when there is no substantive reason to do so,” admits Coffman.
Barnette echoes the sentiment, noting that despite the myriad benefits of open systems, many customers are likely to stick to the “if it ain’t broke, don’t fix it” approach even as the need to incorporate smart building capabilities into a single, streamlined infrastructure becomes the norm.
“At the same time, some organizations will only consider replacing their older, proprietary systems with open, standards-based solutions when the cur-rent system fails,” he says.
Should proprietary systems be scrapped altogether? Lydic thinks there is still a need for them. “There is a place for proprietary systems for certain markets that demand highly specialized applications that are only provided by specific manufacturers. This certainly comes at a premium cost; however, if it addresses a specific need, the cost may not matter,” he says.
Industry Groups Work to Step Up Standards Game
Open standards that are being utilized with access control products continue to evolve. Open standards make it possible for data to be accessed in applications regardless of which company manufactures the hardware.
And because open standards are “open,” anyone is able to add to the functionality making them better for everyone. “Standards are essential in the networking world due to the wide variety of available hardware and software; they exist to ensure network design compatibility,” says Per Björkdahl, chair of ONVIF’s Steering Committee. ONVIF is an open industry forum that provides and promotes standardized interfaces.
When creating its standards, ONVIF groups functions into “profiles.” “In this way, conformance is easier to comprehend because there is no variation in what functions are included. A profile is built on a specification which technically describes the digital communication that takes place between a device and a client,” Björkdahl explains.
For instance, ONVIF Profile A is used for broader access control configurations and covers granting/revoking credentials, creating schedules, and changing privileges. It enables integration between access control and IP video management systems.
Its Profile C is for IP-based basic access control and covers site information and configuration, event and alarm
management and door access control. The Security Industry Association (SIA) developed its Open Supervised Device Protocol (OSDP) to foster interoperability.
“OSDP is bidirectional, which allows for constant monitoring,” explains Joe Gittens, director of standards at SIA. “That makes it harder to tamper with, thus creating a more secure environment.” Both SIA and ONVIF offer online Test Tools to be certain products are conformant to the standards.
How Safe Are Open Systems?
It seems like every time you turn on the news, you hear about yet another major data breach. End users that are open to upgrading their proprietary access control system to one utilizing open standards might be left scratching their heads wondering if it is safe to do so.
“I think most providers of nonopen systems will argue that an open system will compromise the integrity of the system, but this is not the case. An open system is at least as secure as any proprietary system,” says Per Björkdahl, Steering Committee chair for ONVIF, the industry group that promotes open standardization (see sidebar).
Products that employ open standards are as secure as any other products in the industry, contends Coffman.
“Investigate the use of the OSDP protocol for U.S. government FIPS 201-2 deployment. This is the most stringent security standard in the world for access control; its use there pretty much tells you that it is as secure as it can be,” he says.
Security protocols tend to be similar for both open and closed systems.
“Research both the proprietary and open systems and hold each to the same level of accountability. Do not believe that because a system is proprietary that it is inherently more secure or a better solution,” says Lydic. “There can often be higher levels of corporate dysfunction between hardware and software development groups within a corporation compared to an ‘open’ company that is committed to working with others.”
The best step an end user can take is to comprehensively research the security protocols associated with the hardware and software products, Lydic suggests. They also need to ensure that specific network protocols within their corporation are adequate and of the highest levels, he says.
Mercury Security’s Barnette believes a comprehensive cybersecurity strategy begins at the hardware level to establish a solid foundation of protection against potential threats.
“We recommend that access control software manufacturers carefully review their code and control all possible connection points supported by their software, given that vulnerabilities are discovered in commercial software platforms on a regular basis. Hardware and software manufacturers should also work with professional labs to conduct vulnerability analysis on a regular basis,” explains Barnette.
“In addition, we encourage all end users to report any detected or suspected vulnerabilities discovered by their in-house IT professionals to ensure a holistic approach to cybersecurity.”
The Security Industry Association (SIA) offers these cybersecurity tips:
- Protect all devices that connect to the Internet from viruses and malware, including computers, VoIP phones, network printers, and other web-enabled devices.
- Plug and scan. USBs and other external devices can be infected by viruses and malware. Use software to scan them.
- Limit the type of business you conduct on public WiFi and adjust the security settings on your device to limit who can access machines.
- Help the authorities fight cybercrime. Report stolen identities, phishing, hacking attempts and cybercrime to the Internet Crime Compliant Center and the Federal Trade Commission.
Joe Gittens, director of standards at SIA, offers this advice for integrators to discuss with end users: “Ask about the device security. There are a ton of basic safeguards to mitigate attacks, such as default passwords and patches that are released on time. These sorts of things go a long way. Organizations need good security practices and good cyber awareness. Start there to allow fewer areas for hackers to breach.”
Donna Englander is a Masschusetts-based freelance technical writer. Reach her at [email protected].
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
