EXECUTIVE MANAGEMENT: Access Control Becoming Hub for Enterprise Solutions
The impact of rapidly advancing technologies and the economic pressures to squeeze more productivity and return-on-investment (ROI) from every department are forcing corporations toward the convergence of physical access control, as well as other security and IT systems. As a result, seamless software integration has become a priority to improve access control and enterprise security while significantly increasing productivity.
“The push for integrated security systems has adapted over time,” states Steve Fisher, president and CEO of Open Options Inc. in Carrollton, Texas. “Initially, security and facility managers maintained responsibility for access control and the security industry adapted exclusively to meet their needs. As access control systems become networked and integrated, the industry must be more responsive to decision-makers in IT departments as well as human resources departments.”
In addition to the technology-driven aspects, human resources (HR) and even senior management represent a growing force behind further integration. With regulations such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA), coupled with the recent loss of hundreds of thousands of records containing personal identification information, internal information must be better protected and more closely monitored.
The growth of smart card technology and applications is creating a market for integrated systems that can use individuals’ compiled information to control access and create enterprise security solutions.
Mirroring the developments in the software and PC markets, access control and other security software solutions are moving away from their proprietary impulses toward increased interoperability to achieve systems integration and enterprise security. While the hardware manufacturers are, for the most part, maintaining a proprietary posture, the advent of standards and increased market demand for integrated enterprise solutions figure to eventually force them to adopt open systems as well.
Access Control Becoming Center for Managing Host of Systems
The marketplace offers an array of access control capabilities for security and enterprise systems solutions.
There are security systems that integrate access control with analog and digital TV, intercoms and intrusion. They may additionally incorporate HVAC, lighting and fire panels. There are also enterprise systems that further integrate security systems with critical business applications, including human resources and time and attendance, Active Directory®, finance, accounting, and work-flow controls, among other possible requests.
“Access control is the nexus for disconnected systems,” says Peter Boriskin, director of technology for Software House. “Key business systems such as personnel databases, workflow and video management are integrated into access control to provide greater security, protection and visibility throughout the enterprise.”
However, industrywide access control employed as enterprise security is still in its developmental stages with only the larger companies and technology-driven organizations pursuing full integration. As standards develop and costs become more palatable, companies will begin to insist on systems that allow integration with existing, working applications
3 Platforms of Choice Are End-to-End, Hardware-Based and Open
While there are many variables and questions that must be addressed before selecting an access control system and level of integration, you should start with some basic options that stretch from completely closed to totally open systems. These include:
- End-to-end solutions with software and hardware from a single manufacturer, allowing for easy integration and service needs
- Hardware developed to integrate easily with third-party software
- Open-system solutions that incorporate the best from various manufacturers and software applications and offer more flexibility
None of these solutions are perfect. They all offer critical capabilities that answer end users’ needs. In some cases, the ease of one product, with one service phone number, outweigh all other possibilities. Knowing that a single manufacturer could supply an end-to-end solution may remove a lot of the guesswork and intensive labor associated with researching products.
Critics of the single-source solution, however, cite the inability to choose among different manufactures for different components of the system. They also emphasize the problems and costs associated with integrating with existing systems.
Those opting for open-system solutions with increased interoperability — disparate systems working together — want options for growth and integration with existing system hardware and software. Open systems offer significantly more flexibility and adaptability.
Critics of open-system solutions are concerned about customization and increased opportunities for disruptions. They point to the contract service quality received by end users and the requirements associated with future upgrades to the system.
Push Toward Interoperability Falls Into 4 Categories
The increased use of network connectivity for access control technology, coupled with the trend toward a convergence of all security operations under one umbrella, has resulted in unforeseen interoperability barriers. In other words, the costs and challenges associated with integrating technologies for access control with other security and IT systems have complicated the convergence process.
There is a move toward industry-generated standards for the development of software with open architecture. Currently there are several separate, but not entirely distinct, approaches to resolving interoperability concerns:
- Independent companies undertaking efforts
- Several companies forming a consortium, such as the Open Security Exchange (OSE)
- Working groups such as BACnet
- Association-lead efforts such as the Security Industry Associa- tion’s (SIA) Standards Committee
Smaller, Independent Firms Can Offer Unique Approaches
S2 Security Corp. is one company that currently employs its own solution to interoperability concerns. Instead of creating proprietary systems, S2 uses Internet connectivity to allow for simplified integration.
“End users will have interoperability difficulties if manufacturers continue to use obscure protocols, they do not have an application protocol interface or they simply provide an API that is too expensive and is, therefore, underutilized,” says John Moss, a founder and CEO of S2. “Instead, companies should be sure to provide an API, they should not change the features frequently to encourage purchases, the API should be created in XML and the companies should also provide a Web service for communication among the products.”
Moss likens this process to working with the least common denominator. As everyone uses XML, it makes sense to stay within that realm. S2 Security Corp. is able in this way to provide solutions that make interoperability a feasible, simplified process.
Open Security Exchange Consists of 11 Common-Minded Members
The OSE is a cross-industry forum dedicated to merging physical and IT security solutions. Currently, it is comprised of 11 companies: Computer Associates; CoreStreet; Fargo; GE Infrastructure, Security; Gemplus; HID; Software House; Sony Electronics; Deister Electronics; James Madison University; and VistaScape Security Systems.
The OSE hopes to increase operational efficiencies and improve intelligent security capabilities. The goals of OSE are to recommend interoperability specifications, create best practice guidelines and white papers, and build a knowledge base for the industry.
According to Gary Klinefelter, OSE president and CTO for Fargo Electronics of Eden Prairie, Minn., OSE will help guide the industry to produce more and more off-the-shelf hardware. Because there is a wealth of material to digest in the worlds of credentialing and standards, the OSE hopes to break down the salient information into an intelligible format.
BACnet Sets the Pace for Communication Protocols
BACnet is a data communication protocol for building automation and control networks. It is an American National Standards Institute (ANSI) standard, a European prestandard and an International Organization for Standardization (ISO) global standard.
Basically, BACnet is set of rules governing the exchange of data over a computer network, particularly regarding HVAC, fire/life safety, lighting control and other building automation systems. In 1995, the first version of the standard was released which initially standardized climate control.
Currently, there are BACnet working groups for applications, Internet protocol, lighting applications, life safety and security, master-slave/token-passing, network security, objects and services, utility integration, and XML applications. Ultimately, BACnet has responded to the demands of end users by providing competitive choices for control systems selection through its standardization.
SIA Standards Committee Toils in the Name of Best Practices
The SIA Standards Committee formally proposes its standards recommendations to ANSI and ISO for approval to become recognized standards. Currently, there are four standards projects underway that will change how systems are integrated.
The first is an interface data model for digital video services that will describe interactions with digital video to acquire live or saved feed through video software. The second standard is for credential readers capable of operating portals. The third will create one format for reporting events and status. Lastly, the fourth standard is for an interface data model to allow access control panels to interact on a higher, or peer-level, basis with command and control systems, including time reporting.
These standards, if accepted by ANSI, will become the standards the federal government will employ.
Additionally, when systems interact they exchange necessary data for communications, like time and schedule information. According to Hunter Knight, SIA Standards Committee chair, “Definitions of that information must be established previously in order for them to properly communicate. Therefore, SIA is also working to establish exact definitions in order to create the opportunity for pan-industry messages, authentication or authorization.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!