Measuring the Next Step in IP-Based Access Control
IP-based access calls for strategies involving diverse stakeholders and beyond-security applications.
Wireless. At the edge. Firmware. Multi-technology readers. Near field communication (NFC). In the cloud. Leveraging the network. Scalability. Video integration. Seamless analytics.
Sure. The next step in IP-based access controls opens up enterprises and their security operations to a diversity of technology options, but, more importantly, to applications and business benefits beyond doors, card use, ID management and access audit trails.
A first step was taken a number of years ago, when access panels started communicating back to the host over the corporate network, observes Ralph Nerette, manager of security at Dana-Farber Cancer Institute, listed on the Security 500 and a Boston-based principal teaching affiliate of Harvard Medical School.
In terms of before and after, traditional panel-based systems use a central control panel, card reader and controller at doors and which require significant investment in difficult-to-scale and costly equipment, wiring and installation.
IP-based solutions leverage the network, eliminating the need for those costly panels while allowing shorter wiring and cable runs or even wireless solutions.
Strategies Come into Play
But does IP-based access call for a new security strategy?
The quick answer is: no. Instead, it calls – even begs – for more strategies that involve diverse stakeholders, a variety of beyond-security applications and a strong identity management governance structure, all aimed at “services to enhance the way we do business,” says Vishal Mallick, CEO of Performance Buildings, a system integrator that provides technology for “on-demand” offices. It has a partnership with Design Offices, a service provider, to successfully design and implement high-end technology solution offerings for tenants of shared office workspaces.
Performance Buildings, with U.S. headquarters in Lowell, Mass., sought and found, in an IP-based solution, a flexible identity and access management system that could be applied to any type of building and any type of legacy system for use in a range of different applications. One element: the solution needed to be interoperable with Performance Buildings’ current IP-based architecture that links all subsystems and their devices, as well as meet the needs of Design Offices.
The solution enables Design Offices’ clients to access rented office spaces with legacy technology, existing smart cards and NFC-enabled smartphones “including the ability to book rooms and catering services online, open conference room doors, and sign out once their session is over. It was important to offer a wide menu of services to enhance the way we do business,” adds Mallick.
A truly integrated approach is one important result when moving to IP-based access, comments Columbus, Ohio-based Nationwide’s Jay Beighley, assistant vice president, corporate security. By going IP, “we have access, video and intercom” all residing on the network, Beighley says. Migrating to IP also means greater collaboration among security, IT, real estate, human resources, an integrator and other stakeholders. Such a collaborative effort can have its own business rewards beyond better security. See the article on collaboration elsewhere in this feature.
Cloud as a Solution
“We wanted a remote, Web-based system that would enable us to control multiple locations at once. One of our goals is to unite all of our brands by creating a strong and secure global badge, a consistent form of identification throughout the company,” explains Brian David, security manager for The Jones Group, a designer, marketer and wholesaler of branded apparel, footwear and accessories.
“Unlike a proprietary system, the technology in the cloud-based system allows us to minimize the number of personnel we need devoted to security, and in turn enables us to be a more efficient and secure company,” adds David.
With a stack of benefits, it is not surprising that the various alliterations of IP-based access are growingly attractive for enterprise security executives.
Just ask the system integrators who work with them.
“There is very little [interest in] analog anything. It is IP-based on the network,” says Rob Hile, CEO at Integrated Fire and Security Solutions (IFSS), Fort Myers, Fla.
“There are clear [IP-based access] benefits, especially when using off-shelf products,” says Tom Clancy, CEO and principal at Alert Security Consulting, New Albany, Ohio. The approach “reduces installation and cost of wire. It can handle a single door or multi-doors. There is Power over Ethernet. But more importantly, there is the higher level of integration and supporting technologies including surveillance, turnstiles and intercoms, all readily and easily integrated with card access.”
Mirroring advances in access systems, there are also advances when it comes to readers.
Wireless devices, units with more functionality at the edge, multi-technology readers, biometrics, the slow but sure incursion of near-field communications chips and their smartphone hosts and the impact of PIV commercial cards all are helping change the face of newer access systems.
Card Readers Evolve
There is even reader updating without replacing the equipment.
“Readers are getting a lot more sophisticated these days,” says Sam Shalaby, president, Future Security Controls Inc., Ottawa. “The trend we see is to upgrade the reader to a higher security level using firmware without having to replace the reader. These readers are flexible and can change firmware very quickly.”
Concerning the convergence of smartphones and door access control, “I think NFC is going to be huge, but I don’t think it is ready yet,” suggests Jay Slaughterbeck, managing partner, at integrator Strategic Security Solutions, Raleigh, N.C. “Historically, in my opinion, most everyone has been on 125 KHz and finally now moving to iClass or MiFARE or DESFire. That is just starting to happen, and then NFC will come out and be a huge thing.”
It’s an evolutionary thing. A goodly number of enterprises still use magnetic stripe while convenience of use moves them to proximity and then onward.
But, despite the exciting trends and industry buzz surrounding mobile technologies, wireless locks and hosted access control, more long-standing and less sensational trends such as encryption and multi-technology readers are taking center stage in the access control market, according to IMS Research.
Multi-tech Reader Trend
“Although multi-technology readers have been around for many years, these devices are now being installed in more applications than ever before,” contends Blake Kozak, senior analyst for access control, fire and security at IHS. “Historically, multi-technology readers would be offered specifically for end users that requested the technology. Today, more readers come preconfigured to offer both proximity and smart card technology. This allows customers to future-proof themselves, and many will opt for this technology regardless of their current needs, in order to save on costs in the coming years.”
Multi-technology not only allows for greater flexibility but also provides additional security options. In some applications, security threats can be applied to each lock or reader, points out Kozak. In instances where a security threat is elevated, the locks or readers may require additional verification, such as personal identification numbers (PIN) and biometrics, versus only the PIN during a low-threat scenario. Although this option is used predominantly at high-security locations like airports, other commercial applications are also feasible.
Flexible access systems and readers can also complement an enterprise’s culture, for example, when securely welcoming visitors to headquarters.
“We are basically [our corporation’s] trusted security advisors with a national footprint,” says Andrew Corsaro, corporate director, operations & physical security, Cox Enterprises, Inc., Atlanta, when describing his team.
“We aim to provide a comfortable area that has lots of windows and gardens as well as a company store. Employees pre-register their visitors in our system. Visitors are issued prox cards,” adds Corsaro. He starts the visitor identification process at the perimeter of the facility with a security officer greeting visitors. Host employees act as visitor escorts. “It’s a soft but secured approach.”
Providing a seamless experience for visitors, the design integrates with sliding glass turnstiles. “They are a physical barrier but also a force multiplier” when it comes to security officers.
Agreeing with Corsaro’s corporate culture focus, Hile says that “security and access controls must be a visible part of the business plan” and integral to the mission of the enterprise. It’s a matter of valuing security policies, procedures and technologies, he believes.
Another example of matching tech to mission is the leading edge access system used on the Fangshan Line of the Beijing, China, metro transit system.
Flexible Access Gear
To ensure the metro is running safely, the system helps prevent unauthorized access by managing that access to stations, electrical substations, parking lots and major facilities at metro line sections. It also safeguards equipment and staff at key locations such as fixed plants, offices, equipment areas, the machine room, the automatic fare collection system management office and central station, communication equipment rooms and public areas. To improve the operation, the system enables central monitoring for every passage area and location that housed equipment management facilities.
Whatever the location, from Beijing to Brooklyn, IP-based access opens the door to access as a service and in-the-cloud designs. Some applications make sense. “A private cloud approach can be cost effective and valued, say, as one example, a 300-store convenience chain where you can avoid a whole lot of traditional access infrastructure,” says Clancy. But some of the “security executives that I talk to are still wary to leave the traditional,” especially with public cloud designs. “They don’t want their [access] information at a third party.”
Traditional doesn’t, however, have to be old hat.
Take Key West International Airport, for example. An IFSS project, Larry Flowers, director of project management, Monroe County, sought an integrator who was not only considered an expert in the security and safety fields but one that understood the challenges the airport faced from a budgetary perspective. IFSS began installing IP-based security products before the word “convergence” became mainstream and is keenly aware of the value these solutions bring to end users and which also translates to an expertise in the IT side of the equation.
So IFSS used some of the airport’s existing infrastructure to maximize existing investments. It also expanded the airport’s access control system to an enterprise-level solution.
IT expertise can be organic, too.
Nerette, for instance, continues to apply his education in computer science and information technology when designing security systems, integration projects and managing innovative operations center models.
Addressing Business, Operations Needs
He also realizes the need to multi-task security technology and its data for business needs at the Institute. “Data finds use in energy management such as occupancy use analysis as well as compliance with regulatory policies” inherent in a healthcare and research facility, points out Nerette. When contemplating evolving access, he observes, “The next step – card readers at the door that are IP-enabled and go back to the head end.” With such designs, “you can better project your costs, especially since upfront cost of panels are difficult to project.”
IP-based access can more easily go beyond door control basics, too.
One example: The Miami-Dade Expressway Authority (MDX) operates, oversees and maintains five of the most critical east-west roadways in the county. MDX recently completed a new security project to secure its employees, building and important records. A proprietary security system operated by an outside company was being used in MDX headquarters. While the system tracked basic access control functions, the local staff did not control the system. If a change was needed such as a new card created or schedule changed, a call request would be placed to the outside company.
This was extremely cumbersome, time consuming and inefficient.
In anticipation of the expiration of its contract with the outside company, MDX’s IT team took the opportunity to explore new security options. Having had a relationship with
FiSec Technology Convergence, the integrator company president Alex Morales presented MDX with several efficient alternatives. Of these MDX chose a solution that operated on the network, providing a security system that grows and expands with future needs.
It uses existing proximity card readers and a biometric reader on the data center door for added security. Three separate departments work in unison to manage the system. First, the engineering department’s facility manager oversees door operations and assigns access control rights to employees. The human resource department is responsible for printing employee credentials and temporary passes for visitors and short term staff. Finally, the IT department administrates the entire system.
According to Miami-Dade Expressway Authority Information System Engineer, Gary Lau, “Our approach to physical protection is based on in-depth security with perimeter and endpoints’ protection. We use our cards during office time to access the IT rooms. After hours, we use our access card and key code. A biometric reader is located at our server room which is inside the IT room and must be used to enter the server room. Only limited IT and maintenance staff have access. Security protocol does not permit even upper management to have access.”
Don’t miss the chance to help NLEOMF.org!
You renew by 9/30, Securitydonates. It’s a win-win! SecurityMagazine.com/2013renewathon
Access Evolution Revolution
Before –Traditional panel-based access control systems use a central control panel, card reader and controller at every door. The bottom line: a significant investment in equipment and wiring with less scalability.
After –IP-based access control solutions leverage the network, eliminating the need for central panels while boasting shorter wiring and cabling runs. For the chief security officer with an IP-based access system, he or she can manage administration remotely and in real-time via a shared network.
IP-based access control systems offer a broad range of benefits:
- Eliminate the need to physically re-key doors.
- Lower equipment costs.
- Reduce installation costs.
- Manage security and administrative maintenance requirements remotely via the network.
- Scalable – add more doors to the network as needed.
- Easier integration with other security systems.
- Leverage the system across other business and operations needs.
Collaboration: It’s More than a Partnership
IP-based access control systems, more than ever, call for a tight, understanding collaboration among an increasing number of stakeholders inside and beyond the enterprise.
Here are some thoughts of integrator Tom Clancy, CEO and principal at Alert Security Consulting, New Albany, Ohio, and a long-time client, Columbus, Ohio-based Nationwide’s Jay Beighley, assistant vice president, corporate security.
“One of the most important variables is how involved are all those stakeholders. And they all have to have a mutually agreed-upon vision at the beginning of the project,” says Clancy, who lists facilities, human resources, IT and security among the typical in-house players. Between security and IT, “historically, IT said ‘keep off my network,’ and so security would run coax and stay off the net.”
But in a collaborative effort, each understands the other as well as their responsibility for what they “own.” IT owns the network and servers. Security owns the end devices as well as the applications running on those servers. Today, “IT is very comfortable with large or expensive projects for their in-house clients, and it is more attractive for security to collaborate with IT,” adds Clancy.
Then there are the C-suite folks.
Clancy notes a change in mindset of today’s top enterprise executives. “There is an educational aspect: Front to back audits. Return on investment against national, peer, FBI metrics. Understanding the value of security is one thing. But C-suite execs understand things in terms of risk, what risks are they willing to accept.”
Collaborating with law enforcement and first responders is essential. But it may not make total sense to base tech decisions purely in response to these stakeholders, according to the Ohio integrator.
Beighley agrees when it comes to risk within collaborative projects.
“Security must speak the language of risk. It’s valuable to measure the security function in terms of risk,” he says.
For Beighley, who most often collaborates with his integrator/consultant as well as IT and real estate internally, the end game is to sell, together, agreed upon projects to leadership. “Professionalism is what we also contribute.” Stakeholders must be open and honest with each other, he says. “Once you deal with others, you and they better understand individual roles and shared goals.”
Concerning those outside the organization, “it is a matter of building that [collaborative] relationship and trust. Meeting deliverables with city officials and tenants. Politics is all about relationships.”
The bottom line for Beighley: “Know your business. There are a billion different security solutions. But there is one enterprise culture to work with. Learn to tailor strategies to that culture. The successful collaboration clearly defines needs, expectations and outcomes.”