Integrators Face Procedure & Policy Challenges for Convergence
Some of the greatest convergence challenges for IT and physical security integrators do not involve technology or integration details. They center on policies and procedures.
When integrators talk to end users about “convergence” of physical and logical access control, the nature of that conversation hinges on multiple factors. There is no single definition of what that term means, and a government office will have a very different need than, say, a university.
“Everyone has their own definition of what it means to them,” says Jeff Ross, vice president of product management, RedCloud, Sterling, Va. “Today’s convergence is not just the physical side of badging into a building and logging onto a computer with the same credential. It is bringing in multiple subsystems including physical, video management, identity management and right on up to tying into third-party IT systems including HR databases.”
This is all coming in piecemeal, depending on the industry, he adds. Educational facilities are looking at convergence for its convenience. HIPAA regulations are driving convergence in the healthcare industry, and the government sector has specific mandates requiring convergence. The high-tech industry is also showing interest, because of the strong IT focus.
“[Convergence] has such a broad brush of what it can mean,” says Jeremy Brecher, vice president, technology, electronic security, Diebold Incorporated, Canton, Ohio. “It can be a credential at the door with a unified physical/logical solution. It can include PKI at the reader, correlating event logs, or a provisioning tool with a unified process. All of these concepts require a different approach and different partners for the integrator, but they all fall under ‘convergence.’”
Integrators traditionally focused on just the physical or logical side of security are each turning to convergence as a new and expanding market, and opportunities are there for all.
“The integrator focused today on physical access control and the integrator focused on logical will ultimately both use the same technologies for convergence,” thinks Jeremy Earles, product marketing manager for readers and credentials, Ingersoll Rand, Carmel, Ind. “That market can be expanded from either direction.”
Key Benefits & Opportunities
Just as there are multiple definitions of what convergence means to end users, there are also different benefits they will realize in converging physical and logical access control.
“I see the convergence of physical and logical access not so much as providing increased functionality as allowing the end user to do more with less,” says Adam Shane, product manager, AMAG Technology Inc., Torrance, Calif.
“If a new employee is hired into a company the first place they go is HR,” adds Steven Lewis, senior product manager, Tyco Security Products, Software House, Westford, Mass. “If that then can be tied to access to the front door and the network, it reduces the amount of labor required for that process.”
Most converged systems look at the bigger picture, allowing the customer to know if an employee has badged in and disable that VPN account, or know there is a problem if someone is trying to get in virtually when the badge has not been swiped physically.
“Everybody talks about ‘big data,’” says integrator Chris Peckham, Ph.D, senior vice president, CTO and special projects, Kratos Public Safety & Security Solutions Inc., San Diego. “There is this giant correlation engine that allows you to see events going on around and in the network. If you can then integrate that with physical security you can now report on anomalies and take action against them.”
For the integrator, the opportunities afforded in the converged market require a new approach, Ross adds. “I call them hybrid integrators. They are either IT-based integrators who have moved into the physical space, or physical integrators who have embraced the IT side. In general, the more the integrator understands the IT needs, space and pain points, the more they can take that information and turn it into more services to offer that customer.”
This is key, says John Fenske, vice president of product marketing, HID Global, Irvine, Calif. “If you talk to any integrator, whether on the IT or physical access side, their biggest challenge is to make themselves more relevant to the end user. There is a huge opportunity for the integrators to not just be the ones that install and walk away.”
As in many other areas of physical security, the convergence of physical and logical access control is most often driven on the IT side.
“Generally we find most of the integrators are strong in either the physical or logical realm,” Shane says. “It is going to be easier for those with strong logical or network capabilities, because a lot of the physical security solutions are moving in that direction. However, a lot of the IT organizations and network security specialists underestimate the complexity of the physical security requirements. The challenge for security designers and consultants is to have specialists in both physical and logical aspects and work together to provide overall solutions to meet customers’ requirements.”
However, some of the greatest convergence challenges for integrators don’t involve technology or the specifics of the integration. “Technology is actually less of a challenge than policy,” believes Bill Jacobs, vice president of access control, Next Level Security Systems, Carlsbad, Calif. “IT and physical departments need to converge in terms of policies and procedures to bring the benefits to the end user.”
Many end user organizations are highly “siloed,” with distinct departments and procedures. Increasingly, the integrator is asked to bridge the gap between security, IT and even human resources, says Tom Hruby, executive vice president, Security Equipment Inc., Omaha, Neb. “It is kind of funny, because the security department will tell us their desires for convergence and their expectation is that we will go to HR or IT and explain what needs to be done. They tend to put it off on the integrator to make these things happen.
“One of our biggest challenges then becomes not only connectivity ... but also wading through the corporate structure in terms of who is allowed to be on which network,” Hruby describes.
Even in spaces with mandated convergence, the conversation is still driven toward policies and procedures, says Todd Johnson, director integrated security group, CRI, McClean, Va., a federal government contractor that offers converged security solutions. “It is not just a mandate to follow. We still have to consult and provide policy guidance on how to reach the goals of the mandate.”
The history of physical security in many organizations is a stumbling block to convergence, Fenske believes. “The issues are more organizational and business-oriented than technical. The technology is there, but we are not seeing wide adoption yet because the business workflow is not optimized to leverage a converged concept.
“For integrators it is a big change. From a physical standpoint they used to go in with big products, hang them on the wall, set up the server and leave. Converged environments don’t follow a traditional construction event. It is all about workflow and is fundamentally different. It involves a lot of professional services that probably didn’t live within the integrator’s staff before.”
Brecher agrees with that distinctly different client need. “A lot of times an integrator would drop a server in the data center and say, ‘Here you go.’ Today it is more along the lines of, ‘Hey, here is our IT infrastructure, practices and policies and you need to deploy within the framework which we will provide.’
“In the world of potential customers, you are going to run the gamut. You will find the security director who does not work well with the IT team or adverse conditions in the corporate culture and sometimes you have to be that bridge. But other times you will find there is already a deep conversation and alignment and you are just there to be a pure integrator. Ultimately, you are there to solve a real world problem and not just create complexity in the machine. There has to be some driver, a return on investment in risk or cost. But once you come out of the silo and are able to play at a higher level, once you start to talk to the customer about the risk and business process, that puts you higher up the food chain within that organization and drives ‘stickiness’ with the customer as well as business volume. The days are gone when you just put something in and say it is secure. Now you have to prove it as the company that is going to own it, not just as a representative of the manufacturer.”
Putting It All Together
Just as integrators are expected to take on more responsibility for the systems they are putting in, manufacturers are also ready and willing to step up to the plate both with solutions as well as hands-on help for the integrator. From offering active directory integration, open platforms, near field communications, and generally greater involvement in the whole process, manufacturers truly are the best resource for integrators.
There are multiple ways for an integrator to accomplish the goals of convergence, but today’s solutions generally incorporate some sort of smart card or multi-technology card with a powerful software integration behind it (often designed by the integrator to meet specific needs). Down the road in the short term, many manufacturers are also actively working on near field communications, which will put the credential into the end user’s smartphone.
“What has been taking place on the manufacturer end is converting to devices that are more IT-friendly so that they can put these devices on the network and they become essentially servers that the IT department can make connections to and the security department can monitor and manage,” Jacobs explains.
Most integrators rely on a number of different providers they reach out to on both the physical and logical side of the project. Still in the process of developing a converged solution to offer their end user customers, Kratos’s Peckham is excited about the future of convergence. “The right skill set both on the sales and technical side is key, as well as fully understanding what you are trying to do. We are looking forward to that challenge.”
This article was orginally published in the print magazine as "No Lulls in the Convergence Conversation."
Compliance, Standards & ‘Greening’
For a portion of the end user market, convergence isn’t optional, and those in the government, healthcare and other regulated markets are looking for compliance management solutions that can play a big role in their facilities. Other market segments are looking for ways to go green, and convergence can be a huge benefit to them as well.
“There is a focus on compliance management, particularly for industries with federal regulations that have been imposed on them,” says Adam Shane, AMAG Technology Inc. “There is a lot of effort being put into auditing and paperwork and documentation associated with compliance, and a whole class of software that is facilitating this. The trend we see is there is compliance management overseeing both physical and logical access control.”
John Fenske at HID Global sees standards as a great potential driver even in the commercial market. “The most acute example of the single card converged solution is the federal government with their PIV card, but as we look forward, there is an opportunity for that standard to move into the market as a commercial identity verification (CIV) standard, and industries could pick and choose the pieces they want.”
Beyond the “have-tos” there is an full range of companies getting into the concept of reducing their carbon footprint, consolidating services, saving paper and generally “going green.” For these customers, convergence is a natural extension.
“How building management systems work today is the facility sets the schedules for lights, chillers, boilers, etc.,” says Bill Jacobs at Next Level Security Systems. “Relative to convergence from an energy-efficiency standpoint, it is a real value-add to be able to converge physical and logical security with building management to create a business rule that these systems won’t turn on until X number of people have entered the building and base that occupancy on the card reader.”
What might this look like? “An employee badges in at the front gate and not only does that disable their VPN account and enable logical access in the facility, it also sends out a communication to lighting and HVAC to turn on the lights and heating or air in his section of the building,” describes Steven Lewis of Tyco Security Products, Software House. “Companies use this to become more green and save energy while protecting the security of the office.”