Security management made easy
Editor / Provider: Tevin Wang, a&s International | Updated: 1/18/2013 | Article type: Tech Corner
Having physical access control integrated with video surveillance, intrusion detection and logical access systems as a complete security management platform enables a wider range of capabilities and possibilities. a&s explores how recent innovation in integrated access and security management helps better provide visible benefits to all involved.
The ability to integrate surveillance with access control is no longer considered a luxury in the market, but a necessary step to providing a comprehensive picture of security operations to an end user, said Dr. Michael Luetzeler, member of the ONVIF Steering Committee. "Using products that conform to interoperability specifications such as ONVIF, those integrations are simplified with the use of a common interface. ONVIF's pending release, for 2013, of its specification to include access control functions such as door monitoring and control will govern interoperability between access control and video surveillance systems, as well as among individual components of an access control system."
Physical access control systems integrated with network video devices would use the specification to position a PTZ dome camera for recording a person's entry after a card swipe at a particular door or activating network video recording on an invalid card swipe, Luetzeler continued. "By providing a common language, an access control standard will allow a system that enables IP-based door controllers from a variety of different manufacturers to browse devices, creating a list of types of readers and connections, and subscribe to card reader and door controller events. The same standard would also be used for device discovering and management, and controlling the outputs of the system, such as opening and locking doors, enabling or disabling access points, or switching networked field devices on and off."
The integration should deliver complete, multilayered and versatile authentication. It should also provide broad support for authentication devices and methods. The goal is better prevention of malicious denial of service attacks, improved and more streamlined incident management when breaches occur, and more efficient risk management, said John Davies, MD of Time and Data Systems International (TDSi).
The system should use an open-standard platform that can integrate with existing computing environments, such as Windows, Linux and Mac, for desktop authentication. “When enterprises need to upgrade, they should be able to simply download firmware updates or deploy field-upgradable solutions,” said Wei Jin Lee, Sales Director for ASEAN, HID Global (Assa Abloy). “Converged access solutions help organizations enforce consistent policies, and they foster the use of consolidated audit logs throughout the enterprise. Another important consideration is for organizations to future-proof their investments on mobile platforms.”
The true benefit to the end user is the increased level of security. “By automating the integration between the physical and logical systems, identities are automatically deactivated upon termination of an employee, removing any chance of someone forgetting to remove or deprovision an identity,” said Eric Joseph, Solutions Engineering Manager, S2 Security. “Additionally, it reduces the opportunity for logical accounts to be hacked by only allowing them to be accessed by valid cardholders in the facility.”
Lowering the TCO and increasing the ROI are also highly demanded. “The end user saves time and money because they are only managing one system and using one credential for both systems,” said Kim Rahfaldt, PR Manager at Amag Technology (a G4S Technology company).
Manageability and Outlook
Network stability and bandwidth will influence system performance, especially if there is video surveillance involved. “One of the biggest network challenges we face is educating the IT department on the effect of a security management system on the network,” Joseph said. “When initial conversations are started, the IT department can be very standoffish about having additional systems and information riding on their network, and potentially slowing it down. Once we are able to explain the minimum impact access control events have on the network, this becomes alleviated. Additionally, with video recording being done at individual sites or on the edge, and streamed back to security operations centers as needed, video bandwidth can be managed in a much easier way.”
The deployment does not stop at the IT department. “The management of access control systems regularly involves several departments within an organization, such as HR, IT, building management, parking services, food services, and, of course, security management,” said Steven Lewis, Senior PM at Tyco Security Product. “It is imperative that the management teams within these departments are aligned with consistent policies and procedures to ensure the performance of the platform.”
Another challenge of traditional systems is software updates. Microsoft regularly provides service packs and other updates to the Windows operating system for maintenance purposes. “This leads to increased responsibilities for the IT department,” Joseph said. “As we are able to provide alternatives to Windows-based systems, we are easily able to avoid these challenges and reduce the strain on IT personnel.”
Access control management systems have long life spans of typically more than 10 years, meaning there is more to think about than the initial cost. With TCO considerations, four key points should be taken into account: cost of acquisition, installation, operation and maintenance.
Other considerations include openness to other vendors' hardware, zero downtime, reliability and robustness, Holger Maier, PM for Security Systems, Bosch Security Systems cautioned. “It's been challenging to find and certify good sales partners or systems integrators in all parts of the world to handle the combination of many different domains, from access control over surveillance to fire and building management, plus IT and network knowledge.”
For now, proprietary systems make true integration difficult, as access control is not as tightly regulated as the intrusion and fire industries are. “In Europe, the existing EN50133 standard has been around for a while, but isn't used by everyone because the technology has moved on so rapidly,” Davies said. “There is, however, a new IEC standard which started development about 18 months ago and is currently out for parallel voting. As is usual with a lot of standards when in development, there are some good points and some contentious points. It is refreshing, though, to see a new standard being developed at the global level, and what is encouraging is the speed at which this standard has evolved.”
Stay tuned for more development!