Selecting an access control and security system is not easy. It does, however, represent a major investment and there are a large number of companies that supply security systems. Many security managers endeavor to choose the right system by organizing a thorough procurement process on the basis of an effective inventory of functional and technical needs and requirements. Once purchased, however, systems are frequently incapable of fulfilling all of the promises in all areas. Selecting an access control and security system is not easy. It does, however, represent a major investment and there are a large number of companies that supply security systems. Many security managers endeavor to choose the right system by organizing a thorough procurement process on the basis of an effective inventory of functional and technical needs and requirements. Once purchased, however, systems are frequently incapable of fulfilling all of the promises in all areas.
The stubborn reality of security systems
Security managers may be familiar with the following scenario: In the period immediately following the purchase and implementation of a new system, things continue to work well and the system performs according to the specifications. In some respects, the system works very well indeed, whilst other components could be improved. Some time later, however, a few things are not working as well as had been hoped. The following are real examples that we have observed in practice:
The scalability of the system turns out to be insufficient as the number of users and doors to be managed grows.
The effective integration of biometrics and other forms of identification and verification into the system cannot be achieved satisfactorily.
Several locations cannot be managed effectively from a central point, and incorporating smaller, remote locations into the system appears to be impossible.
It is necessary to enter the details for users several times and to manage these at several different locations.
Users depend upon a single supplier in order to adjust or expand the system.
Retrospectively, it turns out that adapting the way in which the system works is not a simple matter. For example, users may want to incorporate a double lock function into their doorways and this does not seem possible.
In short, it comes down to the fact that in practice many systems lack flexibility with regard to adaptations. Especially nowadays, this is extremely problematic for security managers for two reasons. Firstly, the speed in which organizations are changing and developing has increased markedly, with mergers and acquisition being the order of the day. A second factor is that markets and environments are subject to significant and regular change. For security managers, it is seen their responsibility to respond to all of these changes. It would therefore be extremely useful if the systems that they are using could develop with them.
A second reason why it is undesirable for a system to be inflexible relates to the rapid development in technology applied in security and access control systems. The speed of innovation in the security market has increased in recent years. During that time, many advances have been made in the field of integration and network convergenceInternet Protocoland this trend is expected to continue.
For security managers, this means that new and/or improved tools are becoming available that can be used to raise security in their organization to a higher level. One of the prerequisites of this, however, is that they are already using security systems that are future-proof.
Tendering and procurement
Many procurement procedures place the emphasis upon functionality. The system must be capable of supporting the security processes that apply within a user's organization. The RFI (Request For Information), RFP (Request For Proposal) or other documentation therefore emphasise items such as central visualization (a plan showing the various alarms), management and printing of badges, the authorization model and other important obvious items. The problem with this lies in the fact that in 99 percent of cases, the requirements relate to how the system should work immediately after it is delivered. What happens, however, once the equipment is installed and adaptations need to be carried out afterwards?
It could be, for example, that requirements change with regards to the scalability of the system. Frequently no questions are asked about how the supplier will be able to cater for the growth of the system in the future and the amount of labour (and costs) that would be involved. The same is also true of topics such as integration, functionality, configuration and identification technology. How much effort would be required, for example, to start using mobile telephones as a means of identification, once a system had been brought into operation?
How is it possible to select the most competitive offer if the call for tenders primarily requires a specification of the acquisition costs? Even specifying maintenance costs does not seem to be sufficient for a realistic impression of the T.C.O. (Total Cost of Ownership).
It is true that it is rather difficult to chart costs of adjustments that will need to take place in the future. Predicting the future is no mean feat, even for a security manager. It must be possible, however, to select a system that is definitely ready for the future and is already future-proof.
Architecture forms the basis for the future
The examples given here relate either directly or indirectly to the very core of the security systemthe architecture. The term rchitecture refers to the manner in which the system is constructed. It consists of hardware and software, but the architecture also refers to the way in which the various components are linked together. The items referred to below relate to systems architecture and have a direct effect upon the extent to which the new system is "ready for the future."
Hardware forms an important part of the architecture. In order to support growth and change, it is necessary for hardware to be constructed of modules, which, if linked together, enable us the required functionality and scale. It is therefore simple to add modules to the system in the future.
In modern systems, two layers of software are included. Firstly, there is a server on which data can be stored. In order to be able to import and export data, it is advisable to make use of an open database on a broadly-supported database management system such as Oracle or Microsoft SQL Server. It must, of course, also be possible to link to the system via a software interface that is open and well-documented.
Software can also be found within the hardware modules in the form of the controllers. In modern systems, new or additional software can be installed on the controllers. By using technologies such as JAVA, suppliers are able to develop new functionality for existing hardware and vice versa. This separation of hardware and software ensures a high degree of flexibility. Innovation is therefore possible, without having to depreciate investments that have already been made.
A future-proof system also makes use of open standards in ICT technology. Wherever possible, communication flows via IP-networks, and standard protocols are used as extensively as possible. These protocols are fully supported and non-emulated, which means that users are able to benefit from all technical possibilities in this area such as DHCP (Dynamic Host Configuration Protocol) and DNS (Domain Name System).
Future-proof systems can also be recognized by the way in which they are able to be integrated with other systems. Depending upon requirements regarding scalability, functionality, stability, fault tolerance, security and user-friendliness, security managers can put together an optimum integration mix of their own.
Central integration via the database
Central integration via the server (software link)
Decentralized integration of equipment using commands via an IP or serial connection
Decentralized integration of equipment using dry contacts.
Particular attention must be devoted to the way in which identification and verification of identity are supported. The architecture of the system must provide an opportunity for a variety of forms of identification to be used alongside one another or in combination. It should be simple to incorporate a new or additional form of identification, such as biometrics, into the system in the future.
In order to avoid unnecessary effort in creating customized solutions, it is desirable for the system to be constructed in such a way that custom-made solutions can be achieved through the use of standard modules.
After all, the production and maintenance of custom-built systems is always extremely costly in practice. A modular construction alone does not, however, seem to be enough to enable custom-made solutions to be produced that are based upon standard modules. In addition, this system must also provide a facility to apply a logical relationship between these modules and to change this at a later date.
A successful future
Maintaining a good relationship with suppliers is important in order to get the best possible results. If the relationship has been built upon mutual respect, clear agreements and well-established principles, then the relationship is likely to be a longstanding one.
Problems can occur in any relationship, however. If there is no point in continuing to work with your supplier, it should be possible to find a new supplier for additional purchases and maintenance. It is not preferable, however, to do business directly with a manufacturer. The reason for this is that a manufacturer is frequently insufficiently-equipped to carry out projects.
Also, the security solution will always consist of a number of different systems. The best thing, therefore, is to opt for a system from manufacturers that provide a professional chain of resellers and to have the system installed by a professional organization with an understanding of a variety of systems and how these can be integrated.
If the architecture of the system so permits, the manufacturer will wish to take every opportunity to incorporate new facilities in the system. In this particular market, it seems inevitable that there will be a consolidation between the various providers.
Suppliers of systems based upon outdated architecture will not be in a position to bring about structural changes. It is therefore expected that some of these systems will be phased out.
An important way of measuring the extent to which the system will remain satisfactory in the future is the speed with which the manufacturer renews the system and incorporates new functionality and new facilities. Ask suppliers to explain how the system is able to develop in the future. Maybe then security managers will become aware of the extent to which this coincides with the future vision of security in their own organization. And maybe a system with the right architecture will help turn that future into reality!