Enterprise access control systems are not just supersized installations. The term “enterprise” is not always well defined. Some think an enterprise has to be a certain number of access control readers; others talk about number of locations, how databases are managed, or the extent of integration involved. But there’s one thing all agree on: the larger the enterprise, the more complex — and the more differentiation from just a large system.

“When we start talking about enterprise systems that are spanning many dozens of locations and time zones, potentially different continents, at that point it is not just an access control system with 1,500 readers,” says Chris Sincock, vice president, security business, DAQ Electronics LLC, Piscataway, N.J. “You have to scale it from a processing and communications side and also provide central command and control capabilities.”

Even systems that don’t cross international borders can get large enough to face many of these same issues.

“There is a lot more attention paid to the configuration of the system,” says integrator Tom Echols, vice president, Security 101, West Palm Beach, Fla. “It might be one big system but it tends to be structured to look like a lot of independent systems with local sites that have their own ability to administer their portion of the system.”

Other things that separate large enterprise systems from the pack are:

  • they are nearly always integrated with several other security and building management or human resources (HR) systems;
  • there may be time zone issues that single sites don’t have; and
  • they tend to grow and expand over long periods of time, possibly by mergers and acquisitions that present challenges with “merging” the security systems as well.

The opportunity to do a completely new installation on a very large enterprise system is very rare. Far more common scenarios have integrators working with legacy systems and juggling changing technology, new philosophies of how security fits into the enterprise space, and how to help their customer plan for and implement these changes into a very large organism.


The Need for Standardization

One of the most common scenarios faced by integrators in the enterprise access space is having multiple, competing systems and the task of making them work as one.

“This happens often in today’s world of acquisitions,” says John Nemerofsky, president and CEO, Xentry Systems Integration, Columbus, Ohio. “As companies buy other companies they rarely have the same access control system. The issue is how to migrate to one platform, because working on two [or more] is inefficient.”

How do integrators today accomplish this?

“There are a couple of different options,” says Brandon Reich, director of global strategic marketing, Honeywell Security Group, Melville, N.Y. “The first is the one most people don’t do: Select one to be your standard and completely rip and replace all the others. That is the most expensive choice. Another is to use third-party middleware software that enables the host servers and software from multiple manufacturers to talk to each other or talk together. That can still be quite expensive and they have to maintain their existing disparate systems. Most of our integrators and end users look at ways they can slowly migrate their disparate systems onto one centralized platform, or one system.”

The middleware option is often in the form of a PSIM or similar approach, which has its benefits and drawbacks, says Justin Davis, regional vice president, Northeast region, Securadyne Systems, Dallas, Texas. “Enterprise is one of the only audiences that can justify the PSIM expenditure. It’s a sizeable investment. When you do have a large enterprise with multiple solutions, it is a great tool to bring them together and present them in a common format.”

However, he cautions that it takes a lot of interactive programming and management to make it effective, and often end users’ expectations exceed the actual performance. It also doesn’t solve the problem of disparate systems and separate databases.

Other integrators hope for non-proprietary components that can be swapped out.

“If we are lucky enough, it is Mercury-based hardware, which is often interchangeable,” Echols says. “We try to go with more open systems whenever possible.”

Mercury was one of the early proponents of “open” in the access control world and others are starting to follow suit. “We have a controller business that is growing rapidly based on the idea that anyone can implement to that protocol,” says John Fenske, vice president of product marketing, HID Global, Austin, Texas. “This is being driven by the end users, who are able to do this in other areas like HVAC. Access control has not worked that way in the past, but I think we are starting to see it evolve to that state.”

Sincock agrees. “We speak to HID Edge products and Mercury and, of course, our own product. That level of integration is extremely beneficial and fairly comprehensive. But there will be differences as to what level the manufacturer has integrated the hardware. Beyond that what has to happen for any manufacturer to talk to another proprietary protocol is to have the cooperation of that manufacturer in terms of an SDK. There is no magic solution out there. A software developer is going to have to sit down and write an interface.”

And therein is the problem.

“Access control manufacturers write interfaces to HR and elevator systems and video but they are very reluctant to write an interface to be cross-functional with a competitor,” says integrator Daniel Kilgore, director, global accounts, RFI Communication & Security Systems, San Jose, Calif.

There is definitely an awareness of this issue in the industry, however. And there has been forward motion on standardization, from the Security Industry Association’s OSDP (open supervised device protocol) and PSIA’s working group targeting the problem of multiple vendor access systems, to ONVIF’s emerging access control standard. But there is still a long way to go.

Across the industry, manufacturers are being pushed by end users to be more open, Reich says. “We are major advocates of driving the open communication standards and embracing them both from the standpoint of our technology and helping as an industry drive the maturity of the standards so they do provide the value to integrators and end users. The concept of open standards will force manufacturers like us and our competitors to really focus heavily on continuing to improve our software and the overall end to end experience.”

Dennis Raefield, CEO and president, Viscount Systems Inc., Burnaby, British Columbia, Canada, agrees. “I think access control has indeed lagged behind the rest of the industry in this regard.” Viscount offers a software-based solution, he says. “The panel system inhibits change. The more people push for flexibility on the software side, the better shape they will be in going forward.”

AXIS Communications, Chelmsford, Mass., is another manufacturer going to open systems. “Our API for access is open, just like our cameras,” says Bruce Stewart, business development manager for access control for the U.S. and Canada. “We provide a controller that can work with best-of-breed solutions.”

That’s exactly what enterprise users want, Fenske purports. “Enterprise systems need to be flexible, adaptable and dynamic, and to do that we have to leverage standards wherever possible. End users want architecture that embraces the adoption of best-in-class technologies and I think that is exactly where the industry is headed. The standards being developed today are not perfect. There is always some little customized piece. But a good integrator will understand where one ends and the other begins.”


‘Big Ship’ Mentality Meets Fast-paced Technology

It takes longer to turn a big ship than a small boat. And in very large enterprise systems, this can mean a lot more planning, strategizing and testing is needed to implement some of the changes that are coming to the industry. That said, enterprises are very aware of how new developments can help their businesses.

“Technology is making quantum leaps compared to the past,” says integrator David M. Autenrieth, owner, Systems Engineering, Wilmington, N.C. “It used to be every five years. Now it is every two months.”

According to Steve Dentinger, director of sales and marketing, Keyscan Inc., Toronto, Ontario, “Access has traditionally been a slower cycle than other technologies. We have systems out there that are 20 to 30 years old. However, hardware and operating systems are changing so dramatically, we are now seeing shorter cycles.”

Enterprise customers may not be nimble enough to change as quickly as smaller facilities, but when they do, they have the capacity to do it in a bigger way.

“We do find enterprise customers have more challenges when it comes to making a change,” Fenske says. “But they are equally as aggressive in trying to make it happen because they understand how it paralyzes their business if they don’t. They want things both backwards and forwards compatible.”

What technologies are enterprises looking at and planning for today? Some of the key ones are biometrics, NFC, Bluetooth, and the cloud.

Biometrics has the potential to really help with some of the unique problems of large enterprises, says Gary Jones, business unit director for biometric access and time solutions, MorphoTrak LLC, Alexandria, Va. For example, one client uses biometrics as a way to authenticate a user who has lost a card and allows them to print a new card at a kiosk. “It saves them time and resources and is a way of re-credentialing,” he says.

How enterprises think about credentials is changing in other ways, as well. “Mobility is a very big deal,” Reich says. “It is still in its infancy, but if instead of giving an end user a credential, they can move to a phone or other mobile device leveraging Bluetooth or NFC, this is something enterprise users are very interested in for a number of reasons.”

Cloud right now gets a mixed reception in the enterprise market, but many see it as the way forward. “They used to be reluctant to talk about it. Now they are coming to us and asking about it,” Reich reveals. “If integrators haven’t already educated themselves on cloud-based technology, they need to. I am telling you it is coming to enterprise in a big way, and integrators need to understand what the real value proposition will be for the enterprise.”

One such proposition is the ability to make faster changes and upgrades, says Peter Boriskin, director of product management, ASSA ABLOY, New Haven, Conn. “The upswelling of cloud-based technologies out there may be the opportunity for the true enterprise system to be upgraded rapidly, to be moved from system to system by leveraging cloud technologies that offer storage and mechanisms to upgrade at the click of a button. There are not many systems of scale that are cloud-based right now, but that is changing.”

“Cloud” can have different meanings and the traditional definition of the new “managed” system is not what enterprise users want. Hosted or private clouds, however, are increasingly more appealing to them.

“It is just beginning,” says Jeremy Krinitt, general manager, Frontier Security, Miamisburg, Ohio. “We don’t see a lot of enterprise customers who have their own private cloud yet, but many have invested in virtualization, and cloud is that next step.”


The Integrator’s Unique Role

When it comes to enterprise access control, integrators play a more integral and involved role than in other types of installations. For starters, it is often the case that they aren’t the only integrator involved.

“If you have a number of locations across the country or especially around the world, the end user is going to be serviced by multiple integrators,” says Dennis Geiszler, vice president of marketing, Keri Systems, San Jose, Calif. “Integrators have to make sure what they are doing is in concert with what the end user needs and what the other integrators are doing.”

Installation is the easy part, Echols believes. “Often you find databases that haven’t been maintained very well and you might have one name that is two different people with five different credentials. We tend to write up a lot of standards, not just about how to use the product but also how to set it up and configure it.”

Naming conventions are crucial, he adds. “You can’t name 500 buildings ‘front door.’ The enterprise customer, because of the scale, needs a higher level of support and maintenance and service.”

Enterprise clients look at relationships with both integrators and manufacturers much more closely, says Bruce Pontier, regional vice president, Southeast, Securadyne Systems. “They are looking at long relationships and taking much closer looks at both the integrator and the platform. They are not so much focused on the latest widget but rather the staying power of the integrator and the manufacturer.”

Constantly looking ahead is critical to keeping end users “future proofed,” Krinitt adds. “What we have found is the solution certainly makes a difference, but project management is really key. Through planning and standardization integrators can save themselves a lot of headaches in the long run.”


The Right System for the Job

Most integrators and manufacturers agree that for a true enterprise solution there are only a handful of one-stop solutions. And those manufacturers do a good job of handling the large-scale requirements of the enterprise. However, that doesn’t mean that there isn’t a place for other solutions, particularly when trying to migrate to some of the new technologies and platforms. Choosing the right product for the job comes down to a few key issues.

One of the first things to consider is whether the systems can handle the level of enterprise the client needs.

“There are not a lot of enterprise products,” says Tom Echols, of Security 101. “A lot call themselves enterprise but they are really not. I have seen systems that only support one time zone and are labeled ‘enterprise.’ Make sure the system is truly enterprise. A lot of manufacturers have a good dealer network here in the U.S., but what about Eastern Europe or Asia?”

Migration paths are very important to consider, adds Steve Dentinger, Keyscan Inc. “Make sure you evaluate the organization and [determine if] they have staying power in the industry, are dedicated to innovation and have a good migration path. With technology changing it is important to understand what a potential upgrade path would look like.”

Scalability is key, says Daniel Kilgore of RFI Communication & Security Systems. “I generally steer my customers to the larger systems. Every one of the big systems is scalable.”

However, while the large systems hold the corner on the enterprise market, the newer players sometimes feature the most innovation, integrators say, and that tradeoff can be worth considering.

“Look at the new entrants in the market,” says Dennis Raefield of Viscount Systems Inc. “Look for the innovative guys and try them on a limited basis. Dig in and vet and ask for demos and test systems to make sure they work as promised. There is always a risk, but if you only stay with the big ones, you won’t get as much innovation. Sooner or later one of those innovative companies will no longer be small.”

HID Global’s John Fenske adds, “Integrators need to ensure that what they are installing today and the architecture today will support that business in the future. When you look at it from that regard I think there are lots of folks that are beginning to participate in access control at the core as a good solid access control system that can manage multiple sites. But there may be some components that they don’t have.”

The bottom line is to do your due diligence, advises Jason Ouellette, product line director, access control for Tyco Security Products, Westford, Mass. “It is crucial to review the architecture of the enterprise solution to see how it can be distributed to handle scalability and geographically separated locations. This is key to ensure that as an integrator your credibility stands when committing to the projected growth plans of a customer enterprise.”



For more reading on this subject, see these articles on SDM’s website: