For the past several years, talk about converging physical and logical access control has been mostly just that — talk. Budget constraints, perceived lack of need and an absence of cohesive, affordable solutions have made it difficult for integrators to find much traction in this market.
But government initiatives, technology advancements and high-profile hacking incidents may be about to move convergence from a “like-to” to a “have-to” in many industries. SDM polled four integrators with varying levels of experience in convergence about their opinions on the market, what is changing and how integrators can best prepare for and benefit from the concept of convergence.
Michael Flannery, director of product management, access and video solutions, Tyco Integrated Security, Boca Raton, Fla., works primarily in the government space. He has done several lower level convergence projects and is currently partnering with an IT company to provide an HSPD-12 driven solution at a government agency.
Brent Mahoney, systems engineer, G4S Technology LLC, Omaha, NE has partnered with vendors and end user’s IT staffs to offer customized convergence solutions, both at the Active Directory/Single Sign-on level and on more complex projects.
Eric Yunag, president/CEO, Dakota Security Systems, Sioux Falls, S.D., is working on pilot projects with some of their customers in the healthcare and financial markets to provide synchronized IT and physical access control services.
Jim Coleman, president, Operational Security Systems, Atlanta, Ga., is the current president of Security-Net. He has done convergence installations that range from high-level full convergence to smaller solutions.
All four see challenges ahead for integrators, but also great opportunity if you prepare your company and your clients for what is coming down the road.
SDM: What is the current state of the convergence market and what does the term “convergence” mean to the integrator right now?
Flannery: My definition of convergence is where the physical identity and credential bound to identity are merged. I believe that the future is bright for these opportunities, especially as federal spending starts to upgrade the IT back office systems to support logical access.
Mahoney: I am seeing movement towards convergence. When I look at what that means, it is really two systems having physical and network access being interwoven. I have worked on highly integrated systems denying or giving physical access based on time they are there, their physical location, etc. Those systems are very specialized and we don’t see a lot of those projects. But there is still convergence happening all the time. For example, Active Directory and single sign-on are forms of convergence that most integrators could go out and do right now without adding a huge cost.
Yunag: I would agree that we are still in this pattern of more people talking than doing. But when we talk about convergence in terms of access control today, it is convergence of the identity of the person, not just the credentials. The identity of the person is the same between systems and their access can be granted or revoked simultaneously. From my perspective, I think IT and information security groups see the obvious long-term implications of this concept and they are starting to see this as inevitable at some point down the road, so they want to gain clarity as to what this will look like. People are confused by both the credentials available and the lack of widely adopted standards on the physical security side. This is, in my opinion, why we are still in period of non-adoption.
SDM: Where is convergence headed and how can integrators stay on top of this trend?
Coleman: People start spending money on solutions when there is actual damage and we are in a period of time now when there is profound damage being done. As we’ve moved into an environment where information is stored in the cloud and people can access that from anywhere, it is no longer a situation where everything is housed within your own building. You can get into information from a lot of places. Facilities can’t just have physical security take care of that anymore. That is one thing that will prompt doing more than just user name and password. Unfortunately, physical security is not in that environment. That is the problem. There is no perimeter anymore. What is driving heightened awareness isn’t coming from the physical side, it’s coming from logical. Companies right now are not talking convergence as much as hardening the logical side. Will that make convergence more important? I could argue that it won’t. Except there is this idea that they will start using smartphones for physical credentials — that could tie the two things right back together.
Flannery: I agree the tipping point will be when the investment for logical access adoption falls below the financial risk for loss or misuse of the protected data and infrastructure. Cyber attacks are on the rise both in public and private sectors, and the old username and password scheme is highly vulnerable. But physical security is still a big part of protecting the infrastructure. At some point in the future, the two will be inseparable and indistinguishable from one another. So do I think there is money to be made in it? Yes.
Mahoney: We will see more regulation come through and new threats emerge; but a lot of this growth won’t stand alone as a singular project. It will come to life in larger system upgrades. Because of the lifespan of network devices and computer components, you will continue to see systems upgraded and updated and new areas of convergence will open up and generate new revenue streams. Users are looking at NFC on mobile devices and using that for logical and physical access. Whether a private corporation or another sector decides they want that level of security will drive those projects. The question is whether they will call their security integrator or someone else.
Yunag: I believe that one of most important things that could happen to drive this forward is a true physical/logical standard. PSIA is doing good work with their physical logical access interoperability standard, for example. That is what it takes to reach the tipping point of adoption. I view convergence as something that is inevitably going to occur. But in my mind the longer it takes for our industry to adopt standards, the less chance for integrators to capture revenue and profit from that. It opens the door for software and IT companies to develop solutions around physical security. The sooner we embrace our leadership roll in all of that, the better the opportunity for all of us to benefit from revenue and profit with that leadership position.
SDM:What advice would you give integrators to help them be ready to implement and be in the forefront of converged solutions in the future?
Flannery: I think we can’t ignore each other anymore. IT integration companies need to realize there are some specific skill sets needed for physical security. At the same time, we as an integrator need to have some IT skills. It is important to demonstrate to the IT integrator that we do have specific skill sets and can talk in peer to peer fashion about topics. I think everybody should be talking to an IT integration partner. We don’t want to be just hardware installers in the future. We want to continue to move up the value chain to provide more valuable services.
Coleman: The reality is you have a base of customers and they don’t all use the same IT resources. Larger ones have in house ones. Medium size ones maybe outsource that. It’s not like you can go to one company and say ‘we are going to do this together.’ You really have to go to the IT department with all your customers. That alignment with IT is ongoing and deeper. For a variety of reasons you have to invest in personnel that have the IT skill sets.
Yunag: All of us as integrators have good, existing clients. Getting counsel and thought leadership from your existing customer base is the most obvious and beneficial place to start. A lot of them are forming opinions about this already. When they find out you can be a resource about that very thing it helps you stay involved in shaping the types of solutions they will eventually employ. It is a bit of defensive strategy. If a year from now our customer wants to do convergence, they will remember us. And we don’t have to start from ground zero with these conversations.
Mahoney: Definitely partner with your client’s IT department. When you go to discuss it with them, have a list of options to meet their needs. Make sure you have a specialist in those areas and that your vendors understand that client’s particular needs. A lot of these discussions get very complex. I certainly think convergence is part of our business now. And it can be part of a profitable revenue stream going forward.