Top View: Secure But Convenient
SEC: What is currently happening regarding the technologies driving security management systems?MIDLAND: Security management systems have evolved from standalone devices to privately networked systems to devices coexisting on a LAN or WAN. A large part of this evolution has been healthy for the industry and the end-users, but some of it has created serious weaknesses.
Security, by its very nature, must be robust. We all know that networks have moments (sometimes days or weeks) of instability. And the more disparate things you are trying to accomplish on the network, the more unstable it can become.
Since access control and alarm management are crucial real-time operations, it is important that the functionality and record keeping of the system be independent of the overall interconnectivity. Each device must allow access and egress during times of stress, and maintain an accurate audit trail to determine cause and effect after the critical event or events.
With the elevation of the administration of the security management system to higher and higher levels within organizations, it is important that those in charge don’t just think about bits, bytes and bandwidth, but about how their independent controllers will function under adverse conditions. Unfortunately, many people are attracted by the sizzle, but they need to keep their eyes on the steak too. It is important to make sure your system is robust before you experience the disaster you’re trying to prevent.
SEC: From your perspective, how important are such issues as system expandability and compatibility with an enterprise’s IT network?MIDLAND: We believe that a security system should offer the same capabilities whether you’re concerned with a single door, or a multinational enterprise with hundreds of large and small facilities. Standardization provides substantial benefits to those who install the system, those who administer it as well as those who use it. That means that the same controller should be able to do basic access control at a reasonable cost and still contain all of the sophisticated features needed in the most secure environments.
We were fortunate enough to begin life as a code-based system. That meant that we did not have to inherit many of the serious limitations of conventional card access systems while also allowing the use of codes to be able to generate multiple control functions. Combining codes and cards, including any newer technology such as smart cards and biometrics, is simply a matter of receiving a unique output and converting it into a digital code. Use of card or code only at specific times and specific doors while requiring dual or even triple technology to access highly secure areas is a real plus! In addition, since this must all tie into the IT network, it really simplifies things to be able to use the same hardware base for any size or configuration of the various facilities.
SEC: How do you see end users responding to the need for even higher levels of security in their systems, keypads and readers?MIDLAND: It is important for the basic hardware to be device independent. Smart cards and biometrics have been on the horizon for quite awhile, but it is only now that they are coming together as viable alternatives. Currently our most popular entry device is the integrated proximity reader within a secure entry keypad, but that will evolve to include smart cards and biometrics.
Since security and convenience are typically orthogonal concepts, the more convenient and foolproof the technologies become, the more people will adopt them. However, privacy issues and security issues also clash, so we’ll just have to let the marketplace sort those issues out.
I believe the future will see highly secure yet highly convenient solutions, and we are excited about integrating those technologies in a way people can use and respect.
SEC: How are computer and communications developments and standards impacting electronic security systems?MIDLAND: Much of the new communications effort is going into wireless networks. Our industry has been a slow adopter, and for good reason. A hardwired system has always been more robust and reliable. In highly secure environments, the use of encryption and fiber optics has also been prevalent.
Now, with the advent of the new encryption standard, and with wireless becoming more reliable, we need to keep our eye on the convergence of those technologies. We already offer encryption from end-to-end within our systems.
As far as standards are concerned, there are many official bodies working on standards for our industry. I’m sure they will be successful to some degree, but there will always be exceptions to the rules. If there weren’t, progress would be stifled, if not truly eliminated.
Standards, by their very nature, are like a snapshot, whereas ongoing development is like a motion picture. The snapshot has to freeze things in the present (really in the past because of the time involved in arbitrating the standards) rather than allowing technology and the marketplace to determine what works best for them. There is no substitute for the marketplace, and it should always determine what is best for each individual application.
SEC: What do you see coming down the road over the next year or two regarding enterprise security?MIDLAND: One of the most compelling issues is the result of a recent change in mind-set. Over the past few years, the buzzword has been “integration.” Now many experts are realizing that combining access control, visitor management, building management, DVR management, etc. in one package creates a cumbersome and always obsolete solution. The various disciplines advance at different paces, and they are never truly in sync. True integration brings everything down to the lowest common denominator, and it can create some real nightmares in administration and stifle creativity and growth.
The more appropriate concept, and the new buzzword, is “interoperability.” Here you are able to choose the best solution for each discipline, but display, record and process data across platforms. For example, your human resources application can populate your access control system, and remove or change access levels based upon employee status. You can playback events from your DVR system, display alarms from your fire system, yet not lose the full featured aspects and sanctity of each individual system.
As technologies change, and believe me they will, it is important to be able to readily adapt and insert those different technologies without impacting the entire system. That means being able to take advantage of technology tools such as XML, API, SDK, etc. For those interested in these developments, we have created a white paper, Interoperability, Building Systems Working Together for the Enterprise that is available free of charge to those who request it.
As was pointed out so flagrantly in the Sept. 11 tragedy, the police and fire departments had communications systems that were totally incompatible. Additionally, the various governmental agencies each had valuable data, but there was no way to share that data.
Rather than force everyone to adopt the same technology, the real solution is to find ways for these systems to interoperate. The same is true in our industry. You should be able to choose your preferred human resources system, access control system, DVR system, etc. and have them “interoperate.” That way you get the best technologies and can combine them in a way that makes the most sense to your own operation, both now and in the future.
Another trend will be the merging of physical access and logical access. You won’t be able to log onto your computer unless the system shows that you are actually in the building, and perhaps even within your own workspace. And the means of identifying you as a unique individual will continue to accelerate using various types of biometric devices, often combined with smart cards.
Again, it will be up to the marketplace to determine the security versus privacy issues. While that will cause some friction, it will also create many exciting new opportunities.