Andy Grove, the founder and former chairman of Intel Corporation, calls it an inflection point: “a time in the life of a business when its fundamentals are about to change.” Access control has reached one of these points. IT technology is starting to impact every area of a traditional system. While much has been written about the use of the corporate network and about new forms of credentials, the changes in computer software will also be profound.
Historically, access systems have been hosted by a computer running a traditional Windows program. If additional workstations were required, each used an additional client program. There is, however, a growing trend to question this basic design. At the center of the changes is the browser user interface standardized by the Internet. Let's have a look at a few examples of how some creative people have used that interface to change the basics of access control.
Spreading out the Task
Fundamentally, access control management applications haven't changed in 25 years. You fill in a database that either allows people to get in the door or not. What has changed is the way these systems get administered. Over the years, system size and complexity have increased, so the job of maintaining the access database has mushroomed. While large companies today routinely tie their systems back to an HR database to reduce that workload, such interfaces only solve half the problem. They contain the “who” information, but the information on where each person can go, and when, is still missing. Instituting a rule- or policy-based approach that allows a certain type of employee certain levels of access will help, but it is not a cure. There are always exceptions.
Worse, the trend is for the number of controlled doors in buildings to increase. With more doors, a policy-based system becomes less effective at reducing the administrative workload. Why will the number of doors increase? I have discussed this subject on these pages in greater depth in the past, but converting the door hardware to an IP-based technology has the potential to cut total system cost by a third. (See ST&D Jan.2005: “IP Access on the Way.”) Less cost per door means more doors.
The answer? Administering that data is not a job the security department can hold onto. They need to control the process, not the work itself. In fact, the only answer that meets the dual demands of security and cost effectiveness is to enlist the help of “security area managers” around the company who can administer privileges for their area. If your system is big enough, and your budget small enough, you have no choice. Even a smaller organization may need to distribute database administration if it includes a number of smaller offices scattered around the country.
Familiar Interface, Less Training
But how do you train this large a number of administrators and keep them trained? You need a system that requires zero training. While nothing out there literally fits that bill, the standard Web page interface we all know and love comes closer than most. A number of companies such as AMAG, GE Security (CASI), and TAC (Andover Controls) have introduced access control systems with an optional browser-based user interface. Middleware Associates introduced a new system at ASIS that uses that interface exclusively. Does it really cut training? That depends on the implementation, but in general, yes. “If a person knows how to order something online from QVC, they know how to operate a Web-based system,” said Matt Barnette, vice president of sales for AMAG.
Of course, when large numbers of people will be accessing the system, it ordinarily means each of their computers needs to have a client software package installed and paid for. The cost of installing and maintaining these packages can be significant, and it's most certainly not what the IT department wants to spend their time doing. A Web-based system eliminates that issue, since all corporate computers come with a browser pre-installed. Not only are there no initial client software installations, but there are no recurring updates to those computers either. “Using a pure Web environment drastically lowers the total cost of ownership, because there are no client license fees or client software to maintain,” said Patrick Conners, founder and president of Middleware Associates.