Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Top View: Secure But Convenient

March 1, 2005
/ Print / Reprints /
ShareMore
/ Text Size+
Editor’s Note: This is one in a series of personal interviews with the movers and shakers in the security industry. It is our desire to bring our readers the latest directions to apply to their own installation or facility. Larry Midland, president of Hirsch Electronics, Santa Ana, Calif., provides insight into the changing world of security management systems.

SEC: What is currently happening regarding the technologies driving security management systems?

MIDLAND: Security management systems have evolved from standalone devices to privately networked systems to devices coexisting on a LAN or WAN. A large part of this evolution has been healthy for the industry and the end-users, but some of it has created serious weaknesses.

Security, by its very nature, must be robust. We all know that networks have moments (sometimes days or weeks) of instability. And the more disparate things you are trying to accomplish on the network, the more unstable it can become.

Since access control and alarm management are crucial real-time operations, it is important that the functionality and record keeping of the system be independent of the overall interconnectivity. Each device must allow access and egress during times of stress, and maintain an accurate audit trail to determine cause and effect after the critical event or events.

With the elevation of the administration of the security management system to higher and higher levels within organizations, it is important that those in charge don’t just think about bits, bytes and bandwidth, but about how their independent controllers will function under adverse conditions. Unfortunately, many people are attracted by the sizzle, but they need to keep their eyes on the steak too. It is important to make sure your system is robust before you experience the disaster you’re trying to prevent.

SEC: From your perspective, how important are such issues as system expandability and compatibility with an enterprise’s IT network?

MIDLAND: We believe that a security system should offer the same capabilities whether you’re concerned with a single door, or a multinational enterprise with hundreds of large and small facilities. Standardization provides substantial benefits to those who install the system, those who administer it as well as those who use it. That means that the same controller should be able to do basic access control at a reasonable cost and still contain all of the sophisticated features needed in the most secure environments.

We were fortunate enough to begin life as a code-based system. That meant that we did not have to inherit many of the serious limitations of conventional card access systems while also allowing the use of codes to be able to generate multiple control functions. Combining codes and cards, including any newer technology such as smart cards and biometrics, is simply a matter of receiving a unique output and converting it into a digital code. Use of card or code only at specific times and specific doors while requiring dual or even triple technology to access highly secure areas is a real plus! In addition, since this must all tie into the IT network, it really simplifies things to be able to use the same hardware base for any size or configuration of the various facilities.

SEC: How do you see end users responding to the need for even higher levels of security in their systems, keypads and readers?

MIDLAND: It is important for the basic hardware to be device independent. Smart cards and biometrics have been on the horizon for quite awhile, but it is only now that they are coming together as viable alternatives. Currently our most popular entry device is the integrated proximity reader within a secure entry keypad, but that will evolve to include smart cards and biometrics.

Since security and convenience are typically orthogonal concepts, the more convenient and foolproof the technologies become, the more people will adopt them. However, privacy issues and security issues also clash, so we’ll just have to let the marketplace sort those issues out.

I believe the future will see highly secure yet highly convenient solutions, and we are excited about integrating those technologies in a way people can use and respect.

SEC: How are computer and communications developments and standards impacting electronic security systems?

MIDLAND: Much of the new communications effort is going into wireless networks. Our industry has been a slow adopter, and for good reason. A hardwired system has always been more robust and reliable. In highly secure environments, the use of encryption and fiber optics has also been prevalent.

Now, with the advent of the new encryption standard, and with wireless becoming more reliable, we need to keep our eye on the convergence of those technologies. We already offer encryption from end-to-end within our systems.

As far as standards are concerned, there are many official bodies working on standards for our industry. I’m sure they will be successful to some degree, but there will always be exceptions to the rules. If there weren’t, progress would be stifled, if not truly eliminated.

Standards, by their very nature, are like a snapshot, whereas ongoing development is like a motion picture. The snapshot has to freeze things in the present (really in the past because of the time involved in arbitrating the standards) rather than allowing technology and the marketplace to determine what works best for them. There is no substitute for the marketplace, and it should always determine what is best for each individual application.

SEC: What do you see coming down the road over the next year or two regarding enterprise security?

MIDLAND: One of the most compelling issues is the result of a recent change in mind-set. Over the past few years, the buzzword has been “integration.” Now many experts are realizing that combining access control, visitor management, building management, DVR management, etc. in one package creates a cumbersome and always obsolete solution. The various disciplines advance at different paces, and they are never truly in sync. True integration brings everything down to the lowest common denominator, and it can create some real nightmares in administration and stifle creativity and growth.

The more appropriate concept, and the new buzzword, is “interoperability.” Here you are able to choose the best solution for each discipline, but display, record and process data across platforms. For example, your human resources application can populate your access control system, and remove or change access levels based upon employee status. You can playback events from your DVR system, display alarms from your fire system, yet not lose the full featured aspects and sanctity of each individual system.

As technologies change, and believe me they will, it is important to be able to readily adapt and insert those different technologies without impacting the entire system. That means being able to take advantage of technology tools such as XML, API, SDK, etc. For those interested in these developments, we have created a white paper, Interoperability, Building Systems Working Together for the Enterprise that is available free of charge to those who request it.

As was pointed out so flagrantly in the Sept. 11 tragedy, the police and fire departments had communications systems that were totally incompatible. Additionally, the various governmental agencies each had valuable data, but there was no way to share that data.

Rather than force everyone to adopt the same technology, the real solution is to find ways for these systems to interoperate. The same is true in our industry. You should be able to choose your preferred human resources system, access control system, DVR system, etc. and have them “interoperate.” That way you get the best technologies and can combine them in a way that makes the most sense to your own operation, both now and in the future.

Another trend will be the merging of physical access and logical access. You won’t be able to log onto your computer unless the system shows that you are actually in the building, and perhaps even within your own workspace. And the means of identifying you as a unique individual will continue to accelerate using various types of biometric devices, often combined with smart cards.

Again, it will be up to the marketplace to determine the security versus privacy issues. While that will cause some friction, it will also create many exciting new opportunities.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.