A single database for all information storage, one user interface for all operations and open architecture are the three major elements needed for a successful, integrated security system. We examine the path leading towards a Total Security Knowledge Management solution for the discerning end user.
Today's practising in-house security and facilities specialists are faced with increasingly complex technology to manage. Technology that's far more complex than was the case even five years ago. Certainly, many have found it difficult to keep pace with advances in Information Technology, particularly networking and digital capabilities, video technology and biometrics among others.

The effort expended to incorporate these advances into a complete facility or enterprise-wide security system is made more difficult by the fact that no single company manufactures all the components required in any one system. This is similar to desktop PCs. You may purchase a model that's a recognised brand, but open it up and there'll be components inside from a host of manufacturers.

Alas, in the security sector few manufacturers have the capability at hand to put all of the components together into a seamlessly-integrated platform that can be run through a single user interface from a manager's desktop.

Historically, the interfacing of systems was accomplished through hardware means with relays and black boxes. Later on, dissimilar databases were stitched together to share information periodically. Today's requirements for detailed and real time information and response have made these technologies obsolete. A modern, robust security system needs to be able to incorporate all of the types of commonly-used electronic system components (eg CCTV, fire alarms, intruder detection, access control and visitor management systems) into one manageable, cost-effective and reliable system.

Three steps towards integration
True, seamless integration is accomplished by way of three major elements in the system: a single database for all information storage, a single user interface for all operations and open architecture.

While data such as that from a human resources system may be imported into the security database, reliable integration requires the use of one database. Real time data transfer between dissimilar databases is rarely flawless. Transferring data from a secondary system to the security database ensures that the right information is available in real time when critical events occur.

Using different software from different companies and gluing together all manner of different user interfaces doesn't promote smooth system operation or reliability. The key to seamless operation is the linking of critical events to a variety of information and response options. A single user interface is crucial to making these complex functions easy for security officers to respond to and manage.

Most large security companies try to 'box in' the end user by requiring them to use proprietary hardware. This may seem safe in the beginning when you're surrounded by nods and promises from sales people, but ask anyone with a system that's more than six-to-eight years old and they'll probably be experiencing some legacy woes in trying to migrate towards new technology.

No matter what the sales talk may suggest, if the system you're considering cannot work with more than one brand of network panel or digital video server you are likely to come unstuck at some point in the future.

Understand also that there are now widely used open standards in the security industry. Most of the open standards in use today are adapted from IT standards. In essence, that means you need a leading edge system – designed on the latest platform technology and updated typically on a twice-yearly basis – in order to take advantage of all the IT advances as they become available.

Most system manufacturers only offer substantial upgrades every 18-24 months. Don't be caught out by a slow mover!

Looking for the right synergies
Once you have found an open system you've really only completed half the task. The system cannot merely be open but must be designed and developed to embrace disparate technologies and bring them together in a sensible, practical way. A suitable system would embody the 'Total Security Knowledge Management Solution' concept. That means not only are the major systems identified above truly integrated, but also that the whole is greater than the sum of the parts.

The best example of this is digital video management. Video is the most difficult technology to integrate into an access control and alarm monitoring system, but also perhaps the most valuable. The ability to record and preserve video footage of any suspicious activity is critically important in today's security conscious and litigious business environment. With a fully-integrated video management solution, intrusion events and other access activity may be linked with video footage taken at the alarm location without the need for operator intervention.

Imagine calling up an alarm from an alarm monitoring system, viewing the associated video and then exporting that video to e-mail it to the appropriate authorities – all from one designed system...

Visitor and asset management
Other sophisticated integration includes access control combined with visitor management and asset management. Visitor management electronically manages visitors and visits to a facility. Using a front desk PC, receptionists could pre-schedule visits, assign visitors to specific employees, sign in visitors when they arrive on site, capture their photos, track them through the facility, sign them out and subsequently run a visit history report.

Asset management, meanwhile, could be seamlessly integrated into an access control system to manage and monitor physical assets throughout a facility. This would allow the tracking of an asset's current owner, the asset's history, the reader at which the asset was to be found most recently and who it is that currently has possession of that asset.

Using different software from different companies and gluing together all manner of different user interfaces doesn’t promote smooth system operation or reliability. The key to seamless operation is the linking of critical events to a variety of informati

Asset alarms can be linked with the video, such that when an asset is presented at a checkpoint, the system can record a video clip of the person at that reader.

Additionally, if a solution is based upon open architecture there's an ability to further integrate IT that, traditionally, hasn't been associated with security. Open IT programs allow security operations to integrate with the latest in digital certificate technology and LDAP-compliant directories. This capability has important ramifications for network security and the use of smart card technology.

Let's take a look at some hypothetical scenarios illustrating the kind of integration opportunities that could be offered. When a cardholder account is created in an access control system, it would automatically create a Windows account for that person. The Windows account name would be derived from the cardholder name within the access control system's database. The access control system's account and the Windows account are then linked to the same person.

When a user's Windows 2000 or XP account is created, it would then automatically create a cardholder account, badge and access rights within the access control system's database. It follows that the access control system account and the Windows account are then linked to the same person.

On another level, when a user's Windows or other Active Directory/LDAP account is disabled, it deactivates the cardholder's access badge in the access control system. The converse is also true, thus if a person is 'terminated' their rights to enter a campus or building and access the corporate network are instantly revoked from a single point (ie a check box with the cardholder record).

If an employee presents their access badge at an entrance reader, and therefore gains access to the building, they're allowed to log-on to their computer. If the system doesn't see any access activity then computer log-in is denied.

This high level of true integration and IT influence is radically changing certain elements of access control systems. For example, what used to be simply a traditional badging capability (ID management) is now a sophisticated central manager for all aspects of a given employee's credentials (credential management) including ID badge, biometric information, PC log-on authority, asset management and smart card management. All from a single point.

Tight integration should allow for almost undreamed of ease-of-use. Security operators are often less computer literate than the administrators who purchase or manage the system, but competent integration should make the operation of even advanced tasks much simpler.

For instance, some manufacturers have employed a 'two click' rule when developing their applications. Essentially, this means that all viewing, interrogation and responses in the systems can be accessed and initiated through a maximum of two mouse clicks. Thus the operator is unlikely to become lost in a hierarchy of menus. As there are multiple applications (modules) accessing a single database and using a lone Graphical User Interface, such a system is inherently more reliable than several separate and stand-alone systems trying to carry out the same task.

Main routes to market
When selecting a manufacturer with whom they can work, end users should always make a point of visiting their premises and evaluating the operation, not to mention the deployment vehicles used by the systems producer to install its kit. If the manufacturer also happens to be an installer, end users must always be aware that they could be locking themselves into a single source of supply which, in the longer term, could mean greater expense.

If your chosen manufacturer opts to go to market via resellers, be sure that you evaluate its accreditation procedures for channel partners. Are resellers merely selected for the volume of business they can produce? Do they purchase off the page from a distribution house? Or are they evaluated for the value they can add to the product in the marketplace, and the support they can offer?

A good test is to verify that the manufacturer has a fully-equipped training facility, and that the resellers must be factory-trained before they have any form of access to the product in question.

When considering the logistics of such a security system make sure that you evaluate the deployment vehicle being used. How many trained engineers does the chosen company have on its books? What is their geographic distribution? How many similar systems have they installed and, most importantly from an integration and IT-related perspective, how IT concentric is the company? Do they boast Microsoft-certified or Cisco-qualified engineers?

Don't just stop there, though. Ensure that you visit a 'live' reference site that's using the proposed solution in earnest and obtain the views of an existing end user as to the reliability of the system, its ease of use and the degree of systems support provided. It's all-too-easy to witness a five-minute demonstration of a piece of software with some sexy features without necessarily looking to identify its underlying flaws. Flaws which the salesperson is very obviously not about to declare to you.

Whether you are in need of one or more add-on modules, a fully-integrated security system can deliver a solution that best fits your growing security needs – all packaged in a single system with one database to manage and one user interface to be learned.

Source

SMT

Postscript

Phil Mailes is director of Lenel Systems International's operations in the UK, Ireland and Sub-Saharan Africa