3 Emerging Issues in Access Control

Kim Kornmaier, CPP by Kim Kornmaier, CPP | 06.17.2013

I recently attended the International Association of Professional Security Consultant’s (IAPSC) Annual Conference in beautiful Napa, California. It was a great event that brought together a diverse group of security consultants with expertise in areas such as: risk analysis, commercial and residential property security systems design, loss prevention, and liability.

As the lead of Honeywell’s Security in Design program– an initiative focused on setting the standard with the consultant community for innovative end-to-end security products – I came away from the event with a lot of great information. One highlight was a panel discussion I participated in titled: Staying Ahead – Emerging Issues in Access Control. Here are three key takeaways from the discussion that caught my attention. Even if you’re a security dealer not actively working with a consultant, I think you’ll find the information beneficial.

1. The Opportunity in Securing Data
The risks facing commercial end users are continuously changing. More than ever, security systems manufacturers and their dealers must consider IT threats such as cybercrime, data breaches, malicious malware and loss of proprietary information, as critical to a client’s security needs. There are a number of circumstances where sensitive data or processes can be compromised. For instance, imagine the damage a disgruntled, recently-fired, employee of a mortgage company can do with access to his employer’s financial records or its clients’ information. One major opportunity of growth for security dealers resides in solutions that provide cross provisioning which transcend business applications by equipping systems with cohesive cybersecurity and physical security capabilities. The security threats today are complicated and typically cross over at least two business sectors (i.e., IT and physical, or physical and operational).  Dealers must not only have in-house ability and understanding of IT-based solutions, but they also must have an understanding of the threats and risks they pose. To help institutions prevent an information breach, Honeywell is offering solutions capable of sharing uniform systems and other controls across a variety of business functions.

2. Legacy Support is Critical
A manufacturer’s end-of-life or legacy support policy is a top concern for consultants and dealers looking for new or updated security systems on behalf of a client. Hardware must be designed to remain flexible in light of today’s standard for rapid technological advancement. It’s important for consultants and dealers to know if the latest versions of a solution or technology will remain compatible with the existing system. The compatibility of legacy architecture is critical in the current economic atmosphere. CSOs and security managers –at large or small organizations– have to fight for budget to update or replace systems. Consultants, like security dealers, are under pressure to recommend controls that won’t be outdated when the next version of software or a solution, hits the market. 

3. The Forecast is Cloudy
Cloud implementation and compatibility is also top of mind for security consultants. Mobility goes hand-in-hand with remote storage and remote access. BYOD (Bring Your Own Device) and cloud computing are buzzwords; they are attractive features that company managers and employees expect to interact with. Remote access capabilities are facilitated by cloud services; therefore, cloud compatibility should be available in products and installations. Integrating cloud security is an important factor of setting up new company infrastructure.  What security products or platforms are manufacturers creating to address the demand for cloud security and remote access integration? Manufactures, dealers and consultants must be prepared to address the impact cloud and mobile solutions may have on a business’s processes and policies. For instance, how will these solutions impact an institution, in regards to prosecuting or chain of evidence controls? Systems managers and IT departments will be required to implement new processes and policies to help ensure remote access is only granted to authorized employees. While remote access capabilities provide convenience and ease of use, security systems manufacturers and dealers must also consider the complications these features introduce and be prepared to meet the challenges around them.  

Are you actively working with, and taking advantage of, these trends in access control? If so, let me know in the comments below. I will be glad to discuss this issue to support you going forward.

1 Comment

Add Comment
  1. David Bunzel 06.19.2013/1:11 pm

    One way security integrators and consultants can address the access control issues laid out above is by using products and systems that comply with the Area Control Specification and/or the Access Control Profile (http://psialliance.org/AreaControlOverview.html) from the Physical Security Interoperability Alliance (PSIA).

    PSIA-compliant products all share the same event vocabulary. With the Area Control specification, systems and components from different manufacturers can quickly share data about terminated employees or unauthorized access. Security professionals need only enter the revocation command once; it will then propagate automatically to the other systems. Access privileges across a corporate or campus network are cancelled within minutes, with minimal effort, greatly improving security.

    A clear common vocabulary across compliant components also makes it easier to integrate IT security and physical security systems to address potential blended threats. In addition, that commonality means consultants and integrators can add vital new components into legacy security solutions more quickly. That’s because they only need to map the legacy systems’ communication to one PSIA-compliant vocabulary, not many different interfaces.

    Finally, because the PSIA specifications are created by leading industry vendors, the specifications reflect industry demand, including support for cloud, wireless and mobile security solutions.

    Vendors like HID, Ingersoll Rand (Schlage), Kastle Systems, Honeywell, Mercury, Proximex, and ASSA ABLOY are all actively implementing these specs into products. Inovonics has already introduced a PSIA-compliant access control wireless gateway, and we expect to see more commercially available solutions soon. So the industry is well at work on meeting these emerging issues for end users.

Add a Comment

*Denotes required field