Clark: Web-based services have introduced a whole new dimension to information access and sharing within an organization. The three-to-five-year future will include further integration with other enterprise systems and third-party integration. But keep in mind that the Web is not the ideal interface for every aspect of an access control system—at times other data is needed to help inform decisions. Additionally, for functions requiring device interactions like capturing photos or reviewing video, controls must be downloaded onto the machine, which means it is not a purely Web-based solution.
Our overall enterprise standpoint is that an access control solution has to have the right combination of Web-rich clients and mobile clients, which allows the end users to pick the right interface for their needs.
Kosaka: Network security concerns need to be resolved before Web-based systems are fully adopted. In today’s market, Web-based access control systems have a place in the “small security” sector. Many of the companies requiring access control have fewer than 100 employees with the need to control less than 12 security doors. In many instances, the security manager is the president/owner or one of its managers, where security takes a secondary role and its use becomes a tedious task. By offering simple card access management tools and no workstation software to worry about, Web-based systems continue to mature in today’s security market. The Web itself offers a convenient infrastructure for application communication, allowing users to access security data no matter where they are. The convenience factor will encourage higher usage and acceptance, which in turn will increase new application developments.
Thompson: Web-based technology is very well suited to conventional access control with three primary benefits: 1) Improved workflow by allowing non-security personnel to enter data and queue up badge additions/deletions/changes for an authorized security decision-maker to simply review and approve—streamlining the whole paperless process; 2) Provide for limited access functions to authorized users of portions of the security management system from any connected Web browser—eliminating the need for occasional users to have physical access to the full workstation environment; and 3) Allow for improved mobility of the security staff through wireless PDA connectivity to the security system.
Because of these benefits, and others, functions will continue to migrate from dedicated security workstations to Web servers.
Zivney: The fastest growing part of our business is professional services. This business is driven by the need for interoperability at the enterprise level ….
With the introduction of new standards from SIA, BACnet, and NIST implementing interoperability through XML and Web Services, this will become a standard product offering for all.
ST&D: What strategies would you suggest for end users still employing traditional card-based access control technology but moving towards an IP-based retrofit?
Kosaka: Before making any decision to upgrade your exiting system to an IP-based network communication infrastructure, one needs to make certain that your existing system can be upgraded and what benefits you will receive in the upgrade process. Many people jump into upgrading their system without knowing if the controller or the exiting software package can support the new communication architecture or a combination of old and new. In many cases, upgrading existing controllers to an IP-based network will only increase communication speed by a small fraction.
The “old” RS485 technology is a highly reliable network compared to an Ethernet network, which relies on … servers and routers. The only outside vulnerability to an RS485 network is the physical cutting of the RS485 cable. TCP/IP networks rely on hubs, routers, servers or even the Web for proper operation. If any one of the devices fails, you could lose all or part of your network.
Peterson: My suggestion is not to focus only on the technology. Understand the operational and policy and procedure changes that come with an IT-centric strategy. First, involve the IT and infrastructure group in your strategy decision. Define roles and responsibilities between IT, security, facilities, operations and any other affected group. Focus on what expertise and services each entity provides toward a comprehensive deployment. Then agree on how the business units will work together and share information during the planning, deployment, operation, administration and maintenance activities. Applicable internal standards, policies and procedures may need to be revisited and revised to reflect changes in strategy. Focusing on a technology solution without first considering how that decision may affect the business operation could adversely impact system acceptance and the perceived overall effectiveness.