Ask the Integrator Column

Thinking Out of the Box for Stronger Security

What major risks/issues are your security executives facing?

We are seeing several of our largest multi-location and multinational customers being forced to take on great expenses to hire outside firms to help them develop global security standards and very elaborate RFI and RFP processes in an attempt to leverage multiple installing and servicing VAR resources on a job by job basis,” says John Nemerofsky, Vice President of Global Vertical Market Solutions for STANLEY Security. “We are being told that this not only raises costs, but detracts from the core competence of the security team left managing multiple projects and different integrators. From the integrator perspective, extensive RFP responses add further complexity and expense to the job that will need to be recuperated, encouraging creative practices in the gray areas to be competitive.  

“The government trend is to achieve compliance at the lowest possible cost; focused on their primary mission (like the Veteran Administration’s role is to take care of their veterans), compliance is not the highest priority. It is understood that requirements must be met, but customers in this field are looking for out-of-the-box thinking and creative solutions to help them stretch the dollar as far as possible.”

What other trends is Nemerofsky seeing?

 

What major risks/issues are your security executives facing?

We still see many gaps and risk areas between security and facilities with many of our large customers, mainly around mechanical access control hardware and key control. Many security teams routinely mask door forced or open alarms in the access control system because they do not know with certainty who has override keys. The gap exists in cases where the key holder’s access level is different from the card holder’s, or where one group (facilities) is issuing mechanical keys that fit doors controlled by a security-monitored access system.

 

How are your security executive customers addressing cyber security in their enterprises and how are you assisting with that?

From a credential logon perspective, we know that LACS is a FICAM requirement and most agencies are currently moving toward using the PIV as the credential and associated PKI to keep cyber thieves out. Also, the PACS has now also been officially designated as a FISMA compliant inventory item, so, per FISMA, PACS must be reported as part of the IT inventory, as PACS is now an IT system. Thus, as an IT inventory item, it falls into having to use the PIV to log on to the PACS as well, so we are now supporting our customers by assuring the PACS we provide can conform to the IT requirements for LACS.

Do you see your security executive customers looking to upgrade their analog video systems, or are now they asking for IP video systems?

Definitely. We have seen a significant uptick in budget and immediate pricing requests to migrate from analog to IP and VMS solutions. This is driven by reductions in costs in technology, and many manufacturers have started talking about end of life cycles of the older analog solutions. We educate our end-users on the overall benefits of the IP technology solutions available versus analog, and we translate that into ROI, because it helps the CSO or IT team get the budget blessing.

Projects may start with the wish or desire to move to IP but if budget cuts take place, they start talking about having to use a lot of the existing systems. When new systems are planned, they are motivated by costs and how the overall VMS is designed and integrated at the man/machine level than just the technology of the camera.

When video assessment is a real criteria for command and control centers and the locations are disparate and widespread, IP is the approach simply to make it feasible to get the video back efficiently.

 

What types of specific access control trends are you seeing with your security executive customers?

Because of the move toward managing authentication at the portal and the complexities of the new FICAM PACS to support this, along with legacy systems that need to be replaced, agencies are now looking for cloud solutions and ways to easily manage disparate systems and also more efficient ways to remove revoked personnel from the system. Customers are now directed to remove individuals from the system within 18 hours of revocation. In the past, there was no such thing as certificate-based revocation from a central PKI-based source, and the removal was dependent on someone telling the PACS administrator to remove the person without oversight or OMB mandates. Hence, the PACS management function is more complex and customers want to become compliant as efficiently and cost effectively as possible.

 

What is the most unique installation that you have recently done?

A recent installation, being completed in phases at a major public utility facility and operations center at Riverside Public Utilities’ facilities in Riverside, CA, totals 22 sites. Features of the installation include a Corporate Commander, 155 megapixel IP cameras, integrated access control and monitoring – with microwave beam detectors, door contacts and motion detectors – an integrated paging/intercom system, integrated security lighting and integrated fire
annunciation. 

 

About the Author:

John Nemerofsky is Vice President of Global Vertical Market Solutions for STANLEY Security. 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+