The Genesis of Security

Oct. 27, 2008

In the past, no one seemed to think of interoperability. Corporate managers were fully focused on the top-line growth of their companies, not foreseeing that their methodology of securing physical location and their employee base could one day become management challenges. Unknowingly, these managers were also creating a tremendous problem of disparate proprietary systems across enterprises with multiple business processes solving the same business issue at various locations.

In the last three decades, the computer revolution has further modernized the physical security aspects of enterprises. Technologies such as computerized physical access control, video surveillance sensors to detect fire, carbon monoxide, etc., have been adopted globally by burgeoning enterprises. Still, each is a standalone system, with no interoperability or centralized control. With the need for greater security, risk management and compliance to assure continued business operations, the need blossomed to develop policies that would be adopted globally across all security systems.

A New Challenge for Business

The multiple issues stemming from the deployment of so many siloed systems has fostered a new set of challenges for businesses. With no communication between locations or systems, associated business processes were also different and disparate. A terminated employee in one access control location could easily walk to another location managed by a different access control system and gain illegal entry. Likewise, a forced door entry or a surveillance breach alarm would be handled locally and would not automatically be reported to corporate security.

Explosive corporate growth and Internet Protocol (IP)-based networking have only exacerbated the issues. Yet there exists a strong need for holistic operations to assure compliance and security. Management, striving for best practices, has attempted to implement manual processes to facilitate this unity, but they depend on individuals taking actions in response to global physical security incidents – so the practice is spotty at best, and the cost, along with the exposure to risk and liability, remains immense. The problem has become so grave that companies are spending a significant amount of their annual operating budget on physical security.

Four Pain Points Emerge

Corporate physical security needs can be categorized into four areas:

The need to integrate disparate physical security systems , using a single protocol that crosses platforms. This is the ultimate definition of convergence. Businesses need to bring every physical security system – fire, HVAC, lighting, video, access control, alarm and IT – together so the data is commonly understood by all systems seamlessly. The user should be able to monitor systems and set real-time policies without worrying about underlying systems technology.

The need to standardize rules and policies within and across the physical security environment. Most corporations have very location-specific physical security applications and tools. A cardholder who works in a building in Topeka cannot use his or her card to enter another corporate location in Madrid , because they have two separate access control systems. Policies need to be centrally determined, deployed and managed in real-time, from a single, Web-based dashboard.

The need to automate processes across the enterprise. Since the physical security environment is both location-specific and characterized by myriad non-interoperating technologies and vendors, business processes also become localized, not connected and manual in nature. As a result, the system is plagued by human error, higher cost of operation and maintenance with no way for corporate management to review and oversee what is actually happening from one dashboard. Processes like new hires, terminations, changes in roles, security events, compliance management, etc., have sub-processes in both IT and physical security domains. These should be seamlessly connected and converged, with periodic reports summarizing events and offering the opportunity to make any needed policy changes.

The need to comply with corporate governance standards . The government is watching corporations more closely than ever, and corporate heads are well aware of the new regulations requiring disclosure and transparency to prevent fraud. In addition, these standards require certain methodology to be followed in the design and deployment of physical security infrastructure.

The New Convergence

One way corporations have worked to achieve interoperability has been to bring IT management into the picture. This natural evolution seems to make sense, as the IT backbone runs across all facilities and operations at an enterprise level. Still, without the ability to communicate with dozens of disparate protocols across multiple platforms, there is no way to implement this solution fully, and the challenge of creating the software to do this job is far beyond the scope or capabilities of a typical IT department. Particularly for growing corporations, the risk exposure increases exponentially each time a new satellite, office or system is put into place.

Because of these issues, many companies in the physical security arena are beginning to talk about convergence. Typically, however, the word convergence in physical security means that products that were historically analog-based or digital running on a self-contained network are now being introduced in IP-based versions that can run and be controlled via browser interface. Still, these diverse systems have proprietary platforms and do not interoperate or communicate with other manufacturers' (or even their own) systems in other areas of physical security, much less with IT security. The convergence they are referencing is only a part of the bigger picture that will have to be addressed in the long run.

Big-picture convergence will ultimately be accomplished in the form of a software layer that covers every physical security event, operation and transaction across all locations of a corporation, in a unique policy-based paradigm.

Ajay Jain is the founder and CEO of Quantum Secure. The company has introduced the SAFE System, an off-the-shelf convergence solution that addresses the four categories for corporate convergence discussed in this article. Visit www.quantumsecure.com for more information.