Security: an open road lies ahead

Suddenly, when it comes to security systems and devices, the word ‘open’ has become a good thing. In just the past few years, manufacturers have begun to endorse open systems. Consultants have started to specify open products and more than one organisation has raised its head above the parapet claiming to have something to do with ‘openness’.

What, though, does ‘open’ mean in all of these instances? Is it real, or is it hype? Should we care either way? The answers to these questions and many more besides lie just ahead of us. First of all, let’s explore the various ways in which information technology (IT) and its convergence with physical (in this instance electronic) security – alongside several other, related factors are revolutionising the security business space.

Openness in the security industry can trace its roots back to IT that carries the same terminology. In the IT world, ‘open’ is synonymous with ‘freely available’ and refers directly to easy-build solutions that make use of open technology. Open database connectivity – or ODBC for short – is the classic example of a technology that comes from the IT industry and is now employed in the security sector. Its purpose is to lay the foundations for data to be accessed in applications regardless of whomever manufactures the database management system to house that data.

Using ODBC, you can write statements in a language called SQL. Those statements will subsequently retrieve data from any database system. Thus, SQL Server from Microsoft, MySQL (Oracle’s database management system) or any of the others that support the ODBC interface may be deployed on an interchangeable basis. It is this last fact – the ability to make applications independent of manufacturers’ technologies (in this example a database management system) that is the source of the O in ODBC.

ODBC: the beginnings

Since ODBC is an open standard that applies to many database management systems, one might wonder where on Earth it came from? Certainly, no single manufacturer could decide to define a standard for the entire industry to follow. In the case of ODBC, the volunteer standards body SAG the SQL Access Group created the standard as we know it.

Open systems often but not always stem from the work of cross-industry volunteer groups. The Hayes Modem Protocol that’s built into the telephone line modems on millions of computers is one such example. This protocol received a kick-start because the first company to manufacture a programmable modem – the DC Hayes Company – invented that protocol and then published it. Thereafter, to be compatible with software that used the Hayes Modem Protocol, other modem manufacturers copied the protocol and extended it.

Alas, being a pioneer may guarantee fame but does not always mean fortune... Hayes went bankrupt in 1999.

In essence, what Hayes had invented was an open standard for software-based modem control. This particular example highlights two further characteristics of openness: survivability and extensibility. In the Hayes case, survivability is clear. Its open protocol outlived the company, to the good of all users of Hayes-compatible products. If the protocol had died with the company, millions of end users and hundreds of software manufacturers would have been left holding the baby. That's no exaggeration, either.

Wiegand takes the honours

Almost everyone agrees that a better protocol could easily have been invented, but momentum kept the Hayes version going while a huge end user base ensured that it maintained its position as the Number One standard for all.

For the end user who decides to adopt a closed system, the only choices for moving forward are to do so with the original manufacturer or face up to the need for an entire system replacement. Neither, frankly, is an attractive option

Is it so unusual for a company to invent an open standard as Hayes once did? Not at all. In fact, most so-called standards materialise in this fashion. The Wiegand protocol for access control card readers is an excellent case in point. It was developed by Sensor Engineering as a low-cost method of outputting data from access cards ‘swiped’ through a slotted card reader. Today, almost every manufacturer of card readers has a Wiegand equivalent.

The Wiegand protocol has survivability. It is used with proximity readers, smart card readers and even keypads and biometric devices. The fact that it’s universally adopted is due simply to its enormous installed base. Even though every manufacturer that uses it wishes it were better designed, there’s currently no mechanism that will allow this to happen.

On that note, the security industry has a very poor record when it comes to open standards. With the exception of the Wiegand protocol and the widespread use of NTSC/PAL standards in video cameras – bearing in mind that NTSC and PAL are broadcasting rather than security standards – few examples exist. Why should it be the case that there are so few open standards in the security industry? Does their adoption not make economic sense? The answer depends on the size of the consumer base for the technology in question.

In the IT sector, there exists many times the number of consumers of ODBC when compared with, say, the number of consumers of digital video recorders in the security marketplace. The introduction of ODBC ushered the arrival of new and innovative products that would not have been possible if a separate product development were required for each database system. By way of example, Crystal Reports is a very popular report-writing software that relies on ODBC.

Once openness hits an industry, though, there is no turning back. If a database management system manufacturer were to decide to opt-out of ODBC support, that manufacturer would certainly pay for its decision in lost revenues. Such a decision would, in essence, isolate that manufacturer from the broader market.

In the security industry, on the other hand, it was historically the case that not enough consumption existed to make openness pay for the manufacturers. This meant that most manufacturers didn’t publish interface specifications that would allow the integration of new features and products from others with the systems they produced themselves. For the end user who decides to adopt a closed system, the only choices for moving forward are to do so with the original manufacturer or face up to the need for an entire system replacement. Neither is an attractive option.

Paving the way for change

The closed product attitude of the security industry is slowly beginning to give way, though. Three major forces are driving this evolution: growth in the security marketplace, the increasing convergence of IT and physical security and the ever-increasing complexity of new products entering the security arena.

In much the same way that telephony converged around the network infrastructure with the introduction of IP telephones, so too physical security is following suit. Converged systems bring with them the programming and data handling practices of the IT Departments that manage the very networks on which these systems depend.

Finally, the complexity of some of the new products now beginning to emerge particularly in the areas of video analytics and biometrics means that it is highly unlikely any manufacturer will be able to afford to build the most sophisticated solutions without going beyond its own stable of products. Open systems are essential if that last point is to be addressed.

As our industry moves further and further towards open systems and products, single source buying will give way to Best of Breed buying. Under this new approach, buying will be more complicated but on the plus side the range of options available to buyers will be far, far more exciting.