Access Control: Proprietary or Network?
In the first generation of access control systems, access control panels to which card readers were connected received door opening commands from the central computer to which they were connected. Most of these systems, many of which still are in use, are proprietary to specific manufacturers and not interoperable.
In the second generation of IP-based access control, the panels make the decision themselves in a decentralized fashion whether or not to admit a person. Many times, these systems are connected to a company’s computer network. These are the types of systems that are covered in this article.
With the third generation of Web-based access control products, the control panels not only make the opening decisions themselves, but are complete computers that can be accessed over the Internet.
The second generation of IP-based systems use manufacturers’ software that is stored in the computers. Web-based systems access over the Internet manufacturers’ software that is located on the manufacturers’ servers.
Mike Riotto, vice president of Advanced Video Surveillance Inc., Fairfield, N.J., is enthused about IP-based access, the second generation of access control devices.
“We lean towards it because a lot of companies have an infrastructure already in place,” Riotto declares. “At a new facility, we recommend the IP panel. It gives them flexibility when things are wired back in case they decide to change the server or where they want the system managed from.
“When it’s hardwired, they’re locked to a set location,” Riotto stresses. “Once it goes to IP, we can move the server to another location. It gives them more flexibility.”
Riotto thinks an advantage of proprietary systems is that they offer more features, such as integrating with environmental systems.
One advantage of installing IP-based access control is that existing network cabling can carry access data instead of running new wire. Another advantage is that data is only sent when access is requested and is small enough in size that it does not tie up an IT department’s network.
“The amount of data that is passing through the network is minimal compared to IP cameras, which are streaming megapixels,” Riotto points out. “This access data barely shows up on their radar.”
Riotto says some of his customers are concerned about the security of Web-based systems. “With Web-based systems, you’re opening it up, especially if you put it on the Internet,” he asserts. “They have to worry about who has access to it.”
Riotto’s customers for IP-based systems include hospitals and data centers. “We’re also doing a lot of school districts – all are using IP-based access systems and steering away from the Web,” Riotto relates. “They’re doing everything in-house, like the hospitals especially. The Web-based didn’t appeal to them; they also have to worry about the HIPAA act.”
In the Health Insurance Portability and Accountability Act (HIPAA), the government establishes requirements for access to medical information to protect patients’ records.
Patrick O’Brien, CEO of Security Resources, Aiea, Hawaii, agrees that health care is a fertile market for IP systems.
“We do a lot of IP-based access with health care, because most hospitals have strong HIPAA requirements and need a pretty secure network,” O’Brien relates. His company also does government work with the County of Maui, judicial facilities and financial institutions.
“We work a lot with those industries,” he continues. “They’re usually large environments with extensive IT networks and qualified IT professionals running them.”
WHICH SIDE ARE YOU ON?When discussing the advantages of IP access control products, the issues are whether the IP network only extends to the control panels or goes all the way to the door, and on what side of the door it is installed.
Loren Lloyd, regional sales manager, central region for AMAG Technology, Torrance, Calif., is concerned about putting a network device on the unprotected side of the door, where it may be subject to tampering and possibly provide unauthorized access to the network.
“Whenever you have a network accessible to somebody that is adept at compromising a network, the sky’s the limit of what they can do,” Lloyd asserts. “If the network is lacking internal controls, they might be able to get into more than the access system, which often is connected to the whole network to realize infrastructure savings.”
Ways to foil that is to ensure that the network on which the access device is installed has sufficient safeguards or to have a separate security network. (See related article, “Securing Physical Security Systems on the IP Network,” SDM January 2008, p. 60, and online at www.sdmmag.com.)
“It’s nice to have a dedicated security network, but that isn’t always practical, especially when the cost savings were expected by placing it on the network to begin with,” Lloyd points out.
But others believe that a well-protected network would not allow such unauthorized access.
Customers of Kurt Kottkamp, president of Enterprise Security Systems Inc. (ESS), Charlotte, N.C., do not have a problem with the reliability of IP-based access systems. “At this point, customers are saying to us by purchasing systems like this that they’re OK with the reliability of what’s in their network,” he notes.
“The controllers we’re using are intelligent controllers. If the network went down, they would continue to operate – you just lose communication for that period of time,” Kottkamp explains. “Most of our customers are OK with being offline with their card access system for a short period of time. They are going to be a lot more focused on getting their network up and running for the good of their own business.”
OLDIE STILL GOODIEBret Tobey, intelligent openings business development and product manager for ASSA ABLOY Americas, New Haven, Conn., concedes that legacy systems are still important.
“There’s nothing wrong with the traditional systems,” he admits. “That’s still the bulk of the sales. You can make a very strong argument for going with a legacy infrastructure. The stuff that’s out there works – we’re not too worried about that.”
George Garza, president of TechStart, San Antonio, uses only legacy, hardwired access systems. “Networks are a lot more vulnerable to breakdowns than a conventional wired magnet kind of deal. You have switches that will break or freeze or lock up. You really don’t have that problem when you have a power supply, a hard wire and a magnet,” Garza points out. “It’s just so incredibly dependable.”
Garza does not have his head in the sand about networking. “I’m really an IP and IT proponent,” he insists. “I like to spread the gospel of how great wireless networking is. We install wireless cameras. We’re really excited about that technology.”
John Smith, senior marketing manager for Honeywell Access Systems, Louisville, Ky., estimates conventionally wired access systems are still 60 percent of the market because of the number of legacy systems still being used.
But in new construction, he sees the reverse, with approximately 40 percent of the systems being installed as IP-based, 40 percent conventional, and 20 percent of them being conventional panels that offer an Ethernet option to migrate legacy customers to IP technology.
“One thing we see as important is providing a migration path for our legacy customers,” Smith notes. “What we provide is a way customers can continue with traditional wiring or expand beyond and go to the Ethernet, or even a combination of both. At some point, it’s a matter of time before the traditional, wired-based systems are a thing of the past.”
Kottkamp is enthused about IP access. “There’s all different levels of IP access, but in some form or fashion, I would say that some level of IP access is included in the majority of systems we are installing now,” he reports.
“Most of the systems we’re putting in are sort of a hybrid or cross-system – not 100 percent IP-based – so I think customers are at the point where they’re saying, ‘Let’s put in what makes the most economic sense for us,’” Kottkamp continues.
Mark Hillenburg, product architect for Digital Monitoring Products Inc. (DMP), Springfield, Mo., thinks the preferences of some dealer/integrators for only legacy or only IP-based systems is self-fulfilling.
“Those integrators have a product they like to install, so they go out and sell that and find their customers really love that system,” Hillenburg maintains. “Another guy has a hardwired-based system he sells and installs, and he finds that his customers like that. Probably the truth of the matter is the end user doesn’t really know the difference. They just know, ‘I want an access system, and I want to be able to manage it.’”
Agrees Tobey, “If you talk a lot to somebody whose business has been in the mature part of a channel, if they say, ‘We won’t install IP,’ because their whole infrastructure is tailored toward a traditional business model, the people they have on staff, everything, access control is highly localized. But when you look at newer technologies you get additional value.”
Tobey estimates the shift to IP access control could occur within 18 to 24 months. “The decision-making tipping points will happen within the next two years,” he estimates. “From a long-term perspective, IP is going to be the preferred route, but when it comes to deploying today, it really is decision by decision,” he points out. “The choice can be affected by the cost of a system and by who you’re relying on to install it.
“But I don’t recommend any of your readers ignore IP,” Tobey advises. “It really is ‘ignore at your own peril.’ Think about how fast the cell phone industry changes. Assuming we go at even a fraction of that, people want smaller, faster, prettier, cheaper, close to the edge of the network.”