Benefits of Physical/Logical Access Control Convergence
It seems more users are talking about it rather than doing it. SDM examines how integrators can create action.
When it comes to merging the benefits of physical and logical access control, there continues to be a lot of talk amongst integrators and their customers but not much action. Despite acknowledging the benefits of such a solution, end users are reticent when it comes to actual adoption.
“A lot of corporations talk about doing it, but to my knowledge not that many have actually converged the two together,” says Alwyn Howie, global account manager, security and life safety solutions, Johnson Controls Inc., Milwaukee.
Rick Leighton, vice president of national accounts, Stanley Security, Naperville, Ill., shares, “We have several customers and prospects that actually talk about convergence, but not many that go the entire distance.”
Clearly there is a disconnect between the potential and actual real-world applications. For integrators this presents both a challenge and an opportunity.
Language and culture challenges are part of the problem, Leighton says. “Driving towards that common language or database is really what needs to be worked on together as a team. But physical security is not the most open world of all time. We have been talking about convergence for 10-15 years, but we are still not far along and that is because of the ‘proprietariness’ of some of our thought patterns.”
The right mentality is not being embraced by enough of the right people.
“From our discussions with customers, the ‘C’ word has been threatened for a number of years,” Howie says. “Convergence in the customer world means the principles and best practices from the IT world coming into the physical security world. But we do see a lot of desire to have the integration of physical security with HR, a single enterprise platform that manages onboarding and offboarding and tracking employees’ movements.”
That is as deep as most of his customers have gone in the convergence world, Howie says. The closest he has come is a large pharmaceutical company that has the potential to use convergence in the next stage, but at this point is just onboarding and getting employees into the system.
“Any type of integration is a huge challenge both from a technical and logistical standpoint to get the people in charge of the security and the people in charge of the data to come together,” says Kurt Will, president, Will Electronics, St. Louis. “In some cases it is the same people, but there is still a tremendous number where it is not.”
Another issue, Will says, is anti-passback, a necessary step for tying a person’s presence inside a building to their online access. “If your system isn’t set up for that, when someone leaves the building, nobody knows. The number of systems we have put in that use anti-passback is a pretty low percentage as well.”
A lack of understanding of the wider benefits to the organization is another—and possibly the biggest—hurdle of all, Howie adds. “Unfortunately the security directors or departments haven’t grasped the benefits,” he says. “As a security tool it is okay, but if you think about using it as a business tool it has far wider benefits. The business benefits totally outweigh any potential security side benefits.”
PRESENTING THE BUSINESS CASE
William Plante, director of professional services group, Aronson Security Group (ASG), Renton, Wash., says his clients have several challenges, including:
- Budgets are tight or declining;
- Risks are increasing;
- Value is being scrutinized;
- Performance information around people, processes and tools is difficult to acquire; and
- The technology architecture is fragmented with a lack of coherent integration.
Understanding these and other issues customers face can help make the convergence case to the right people.
For example, Tim Ferrian, director of sales and marketing, Pro-Tec Design, Minneapolis,, did a convergence project for a healthcare system that involved working with a number of different departments from security to food service.
“They wanted a common credential that would allow a doctor to open a gate, walk into the building, get into the physical office suite and present a card that would verify them to that computer and multiple applications beyond that.”
The user also wanted to be able to do gift shop and cafeteria applications, as well as authenticating printing documents for HIPAA confidentiality. The solution used an HID iClass smart card combined with a Lenel access control system.
“We came at it from the credential standpoint and worked with another company for debit and a logical company for single sign-on. Our role was to provide support for the card credential.”
Leighton recently completed a project for a large financial institution.
“One thing that helped here was some green initiatives, which created a great awareness within multiple departments that allowed us to pull through additional benefits, including enhanced security. The green initiative was the ROI case that justified the security reasons.”
THE LOGISTICS OF CONVERGENCE
For integrators already offering convergence as well as those in the talking or planning stage, laying the proper groundwork of connections, training and experience is imperative.
“It is paramount to have in-house capabilities to help with design and delivery of the solution to the customer,” Howie says. “When it comes to actually doing convergence we need to get our guys up to speed in the IT world.”
Ferrian feels there is an argument to be made for not doing it all in-house, however. “We looked at logical security and thought it required more expertise than we have time for.” Collaborating with others who were “experts” in their respective areas made for an extremely smooth installation, he recalls.
ASG is committed to a holistic approach to security, says Vice President of Technology Scott Schmidt. “This demands we attract, hire and retain professionals from IT, business optimization and security. I have performed consulting and integration of physical and logical security on a number of clients. The primary convergence was the use of the physical security smart cards to log into the user’s PC and network with a PKI and certificate authority infrastructure managing the identities. I have also established physical access control assignment based on the logical network management software such as Active Directory.”
Top Convergence Technologies
When it comes to the credential best for a physical/logical convergence solution, many integrators agree that smart cards and biometrics are the top choices.
“When you start thinking about how to create convergence between physical and logical, you have to think about physical access control but also the single sign-on for logical,” says Alwyn Howie, Johnson Controls. “Do we use a biometric? A combination of biometric and passwords?”
While smart cards allow multi-function uses including payment solutions, biometrics authenticates the person.
“Many companies want to feel that they are positive of the identity of the person accessing that desktop,” says Rick Leighton, vice president of national accounts, Stanley Security Solutions. “The biometric solution is a cost premium compared to a traditional card reader, but we are constantly looking for opportunities to value-add that. In this case the company’s green initiative was the way to present it again and drive that solution with additional funding.”