Software is key in the integration world of access control

As integrators look to link access control with various security systems, software is what makes it all possible
Monday, March 1, 2004

More sophisticated access control systems, along with the convergence of physical security with other corporate functions such as building controls and human resources data bases that use the corporate IT network, has sparked continued evolution in access control-related software.

In his view, said Rudy Prokupets, chief technology officer and vice president-research and development for Lenel Systems International, customers are looking for seamless integration, open architecture and integration between electronic, or physical, security and IT security.

And within that framework, he said, it is a must that a company’s human resources or active directory have the ability to exchange data with the access control system so company’s “can enable and disable accounts seamlessly.” Beyond that, he said, customers are looking to create links with other systems ranging from fire and life safety to building automation to network management.

One trend to the next

The first trend was to integrate everything (related to access control) into one console, noted Rob Zivney, vice president-marketing for Hirsch Electronics. “Now the trend is to integrate security into the rest of the building systems,” he said.

“In the past,” said Paul Piccolomini, general manager at Software House, “we could deliver a product that could run on a proprietary system. But we can’t do that now.” The need to work within a company’s IT infrastructure has changed the dynamic, he said, from a security-only function to a system “that integrates as many third-party products as possible.”

Depending on a company’s size and needs, the access control system can range from “pretty fundamental” to highly sophisticated, noted Jerry Cordasco, vice president and general manager of Compass Technologies.

The small access control user, he said, “wants simplicity of use, so administration (of the system) doesn’t become a nightmare.” As a result, Cordasco explained, “the software has to be intuitive.”

Larger customers, such as Compass Technologies’ college and university clients, seek solutions that put multiple functions on one access control card, whether it’s a smart card or a more basic card technology such as proximity or mag stripe.

What a one-card solution requires, he said, is database interface so information can easily flow from access control used for dorms and laboratories to other systems such as debit usage in college cafeterias and bookstores.

“It’s absolutely critical that the system can function on the (IT) network and infrastructure and co-exist with other systems,” Cordasco said.

With one card providing so many different levels of access, the number of transactions occurring within the network can be huge, he said. For those providing software solutions, the question to ask is: “Is your software capable of handling incremental transactions? This is where people fall down on scalability,” he said.

It’s about moving data

Ultimately, Cordasco said, “access control software has to be designed to effectively and efficiently move data. When traffic or transactions increase, you can’t have the system fall apart.”

Joe Schuler, senior vice president-sales and marketing for ImageWare, agreed that sophistication and integration are requiring software to be flexible and serve a variety of needs.

“We’re seeing more and more use of biometrics (in access control),” he said, which requires software to support it. (See related story.)

Another influencing factor, he said, is the convergence of human resources, security and IT. While these functions are still generally dealt with separately, Schuler said, “they are increasingly coming together to work off a common access card.”

In fact, he said, “a high-tech card can be the common link between systems,” similar to how ATM cards provided the link among proprietary electronic banking systems.

Making use of existing infrastructure is important, said Pat Young, vice president and general manager – fire and security solutions for Johnson Controls.

“Customers need to maximize the value of their security solution, using every piece of hardware that they have to minimize additional investments,” Young said. “They need to be able to maximize the use of legacy systems, thus old technologies for card readers are advanced as hybrid solutions,” Young said.

Also critical, Young noted, is integrating CCTV infrastructure.

Bringing it all together

Beyond the challenge of integrating different vendors’ products is the need to unite the security and IT departments.

It’s a new paradigm for the industry, said Prokupets. As security becomes more important, so too does the convergence of physical security and IT. He said Lenel has focused on providing a solution that integrates the two spaces “so it can be managed from one point.” Because of this, he said, companies are looking for an individual who understands physical security, but also has IT skills.

“A person can break through a physical door, but also through a firewall, so the (security) function has to be unified. You can’t forget about one side or the other,” Prokupets said.

Piccolomini said the days of separate security administration and IT teams within a company are disappearing. “We see it merging closer together, with IT and physical security having more of an alliance,” he said.

Because of integration both within an end user’s company and among systems, Piccolomini said the industry is seeing a trend toward “openness” as well as the development of industrywide standards.

“When a customer makes an investment, they want the product to follow industry standards,” he said.

“The customer is buying it as a system, and wants it to work end-to-end, turnkey,” said Zivney of Hirsch Electronics.

Much of the emphasis on interopera-bility, said David Hawkins, business development manager for Software House, “comes from the IT world because it has to sit on their network.” What results, he said, “is the communications between access control systems is better because it ties back to IT.”

The higher level of sophistication within the access control market, said Zivney, “isn’t changing what you do, but how you do it.”

Today, he said, “we are dealing more with software to software interface.” To achieve this, Zivney said, “it takes a higher level of resources, a higher level of skills.”

Zivney said the advent of XML, which he called “the universal way to describe data,” will make data sharing even simpler down the road.

“There are very strong things happening outside our industry that are pushing us in that direction,” he said of XML. One of those is the government, which is beginning to specify that projects use XML for two-way communication, he said.

“What excites me about it,” Zivney said, “is you don’t have to do dozens of interfaces for CCTV, burglar alarms” and other systems.

XML is a standard, Prokupets added, “and every time there is a standard that aids interoperability.” What XML will bring to the equation, he said, “is the ability to exchange data in a standard way between different applications.”

While Zivney said those on the IT side of company “will have no problem with XML” he acknowledged some on the security side may struggle at first.

“We’ll see a forking in the road,” he said, with higher level security dealers and installers embracing the changes, while others “try to do sophisticated systems without making the commitment.”

the Security knowledge

Although IT departments have a perceived edge with understanding and handling networking and integration, Piccolomini and Hawkins both warned against letting the IT sector take over all physical security-related functions.

Businesses that have been in security a long time have a level of sophistication that isn’t easy to replicate, explained Piccolomini.

“We have had conversations with IT directors and they want to own everything,” said Hawkins. But he said end users shouldn’t let IT dominate “because they won’t necessarily know when and why to put something (security-related) into place.”

Compass Technologies’ Cordasco agreed. “IT people don’t understand the access control world. They think they know security because they know IT security, but that doesn’t give them the expertise in physical security.”

Cordasco said a security director, engineer or integrator still need to play a critical role. “IT just doesn’t know enough about physical security to ask the right questions,” he said.

What is needed for dealers and integrators, said Piccolomini is training on the front end and alignment with IT within the organization.

Schuler said who takes the lead depends on which system “drives the action.”

“If we look at an area where physical security is of paramount importance, then it’s likely to the be the purview of security,” he said.

But going forward, he said, “mostly we’ll see HR, IT and security presenting a united front.”

Prokupets said the software developer can also act as the liaison with the customer and the integrator by helping to design and configure the system.

Because security is a “hot issue,” Young of Johnson Controls predicted more software developers will enter the market, but pointed out that “security requires a significant knowledge base to be successful. Many have tried and failed,” Young said. “However, the trend suggest more will enter the market as development tools become easier to use and the time to market decreases.”

Young said what separates companies is the “delivery mechanism.”

“That team has to have a broad knowledge base and the skill set to design, project engineer, install, service and maintain a complex system,” said Young. “The ability to deliver complex solutions efficiently is the most critical component.”