Adding Value to Access

November 30, 2008 SSI Staff

My, how times have changed. The physical access control system used to be the domain of the security department. It was a separate and distinct system, set apart from the business network “for security reasons.”

Now, with increasing frequency, the IT staff holds the keys to the purse and is rapidly becoming the keepers of the access control domain. Nothing travels on “their” network without their approval, including security systems.

One of the main things we (as security integrators) need to understand is that the network admin sees the world very differently than we do. Network hardware (switches, PCs, etc.) is a commodity business. It is full of razor-thin margins and cutthroat pricing. Before any network guy worth his salt signs on the bottom line, he is on the Internet, checking prices to see if he can save a couple of bucks.

While we are still a much more specialized market, we need to see the world as they do and be able to offer more value (or at least the perception thereof) than our competitor. One of the best ways to do that is to maximize the value of the system to the customer by considering their return on investment (ROI).

Do the Math

Calculating ROI is not an easy task, but some simple steps can be taken to give your customer at least an idea of the value they are receiving.

How often do we do homework on a customer before we make the first sales call? Do we learn what makes their company tick? What makes them successful? How can we calculate the customer’s ROI when we don’t know the risks and benefits of their investment? We need to know how our customer operates before we can decide how best to protect them.

We should remember to ask a few key questions like: What is the value of the asset they are protecting? What is the real threat to the asset? How often does that threat present itself? Once we have a basic understanding of the customer’s needs and business conditions, we can begin to see where the value will appear.

There are two main areas that we will examine to provide us with ways to maximize that ROI calculation, and the value to the customer: systems integration and leveraging existing infrastructure.

The Integration Factor

As technology advances, so does the methods and opportunities to bring different technologies together. Everyone wants the biggest bang for the buck.

We’ve been able to hook access control systems up to other devices, like the video matrix switcher, for years. Now, however, the connection is, and needs to be, tighter than ever before. We’re not just protecting the perimeter and doors of a building. Now we’re being called upon to protect the most important asset of any business today, the network.

One of the goals of any security operation, whether for physical or network protection, is to maximize the security capability of a system and minimize the inconvenience to the user. On the network side, numerous, frequently changing passwords is one of the biggest problems in that industry. On ours, it is the keycards or keyfobs that often make our customers squirm.

What we need to look at, then, is a way to allow the users to ditch the password game and have one credential that can be used for anything; the single sign-on. Access control can no longer be seen as simply a method of allowing entry to a building. We need to look beyond that to all the events that occur in an employee’s day.

The event that happens most often, I would guess, is logging onto a computer and/or accessing network resources. Being able to use the same credentials to log onto your computer as well as gain access to the workplace is a huge value-added proposition for the customer. Having to only administer one system is a real cost savings, and a boost to that ROI.

Hardware Smarts

Technologically, we need to look beyond basic proximity systems. While convenient enough, standard prox systems do not have enough intelligence to handle a complete, single sign-on solution.

Smart card systems, however, can carry enough information to be practical in a multiuse, integrated system. Instead of simply having a facility code and card serial number that is passed to the access control database, a smart card carries all the vital user information on the card itself. This way, the system only needs to verify if the user of that card has the appropriate permissions, not looking at an entire database to see if that card is valid.

The real benefit, though, to bottom-line ROI is the flexibility of smart card technology. Building access and computer sign-on are only two uses for this technology. Because of the large amount of data a smart card can carry, other uses present themselves. People are using smart cards to make purchases, check out materials and even change environmental conditions of a room or building. It doesn’t take long to show the long-term benefit of a smart card-based access control system.

So, what if that card is stolen? That is a great concern, especially in a single sign-on situation, because that one card could theoretically grant so much access. Well, as I’m sure most of you know, in order to have real security, you must use a multilayer security approach. In other words, just a card won’t cut it. There must be some other method of identity verification.

Biometrics is an excellent way of supplementing the security of a smart card installation. Once again, if used on their own, biometric readers can be defeated. It is only with the combined use of bio and smart card, or even bio/smart card/keypad, you can truly lockdown a facility, physically and virtually, and at the same time provide the value that your customers demand.

Hitch a Ride

Another way costs can be reduced, and a faster ROI obtained, is by leveraging as much of the existing infrastructure as possible. If a replacement system is being contemplated, attempt to salvage, if possible, as much of the existing cabling or hardware as possible.

If you are replacing one proximity-based system with another, it may be possible to reuse existing readers, even though you might be using a different software back-end. Also, there is probably a benefit to allowing the users to keep the current credential they have, from a cost standpoint, but also considering the ease of the transition on the users. Retraining users costs money. If it can be avoided, there are savings to be realized.

As far as infrastructure goes, cabling is one of the biggest costs of an access control system. Even if reader hardware can’t be reused, maybe the cabling can.

Even better, consider a newer IP-based access control system. The days of pulling large multiconductor cables out to each door are slowly vanishing. More and more access manufacturers are introducing Ethernet or Cat-5/6-based hardware. Utilizing IP-based products not only can lower costs of cabling, but also can theoretically shorten the distance cable needs to be pulled (you may be able to go to the nearest IDF instead of back to a home-run MDF), which will reduce the labor costs.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!