Considering Convergence

Convergence. It is the term now being applied to myriad changes in the security industry. Is it a buzzword or a paradigm shift? Security has evolved into an enterprise concern that affects the way most institutions view their business. Basic access...

Prokupets: For Lenel, it's not a trend it's a fact of life. In every one of Lenel's mid-size or larger enterprise installations, there is integration with HR and IS systems. Any change in an employee's status such as hiring, termination or access privilege change must be immediately reflected in the access control system. There must be automated real-time synchronization of the cardholder data between the security system and the HR system. Without that, there is an information gap, which means that the data exchange must be done manually. That's why such a level of integration is essential if a security system is to be beneficial and effective, if it is to achieve its full potential.

Nilsson: Several of Axis' customers have installed applications with integrated physical access control and IS access control. Other functions that are commonly integrated are network video and HVAC. Typically, only larger corporations with thousands of employees are interested in these fully integrated systems. However, we estimate this to be a growing trend also for mid-size corporations in the near future, further fueling the convergence trend. An improved economy will accelerate the pace in which companies install integrated systems, which will save them money in the long term.

Lockhart: The next paradigm shift will be in how access control is and must be integrated into and with the HR and IT functions. The main drivers are 1. common database with HR/payroll, 2. time and attendance with biometrics and common database, 3. IT cyber and biometric interfaces to control access to input devices, and 4. bi-directional, smart card technologies to update the card, kill it, or perform other transaction-level requirements. Drivers here include HIPAA and Sarbanes-Oxley compliance.

Tabib: For most large accounts, the integration with HR platforms is very common. Using the Software House C Cure 800 product, we achieve that via the use of an ODBC connector. The lack of any standards prevents more sophisticated connections for data exchanges. Recent establishment of the Open Security Exchange Committee will hopefully create a common guideline for all manufacturers to follow.

ST&D: Do you expect to see security solution middleware coming more from the security systems integrator's side or the IT side?

Moss: I'd expect to see it come from the IT side, because the level of complexity of the IT-side products is much higher. Consider an interface between your security system and something like SAP or Peoplesoft. You can bet that Peoplesoft is a lot more complicated than the security system, and the special knowledge to operate Peoplesoft is usually only found in big IT departments.

Tabib: Most large corporations have already shifted a large portion of the security design and implementation to their IT departments. We witness a growing shift from the security manager to the IT manager. Furthermore, most security integrators are not yet equipped to design and deliver a networked solution that is on the caliber expected by the experienced IT department. As such, corporate IT is for the most part charting the way.

Zivney: Neither. The standards mentioned for the previous question will significantly eliminate or reduce the need for middleware. To support the standards and the intent of the standards, the manufactures will have to step up and ensure the interoperability. If testing labs emerge as they have for BACnet, then third parties such as NIST may step up and validate fundamental interoperability.

Taylor: We are seeing security IT focusing on this presently, but we expect more traditional IT vendors to become influential.

Prokupets: I don't expect security solution middleware to come from either side, but rather from the security system manufacturer. This new software will be available as a security system middleware platform, allowing other manufacturers of security systems, IT partners and independent software developers to build their own security applications on top of the platform. This is really the essence of security middleware.

Nilsson: We see a lot of new companies, many with an IT background, popping up with software solutions for video management applications that can store and manage network video. For the large systems, most middleware applications today come from the large security companies, while the IT companies haven't attacked this higher-end market yet.

ST&D: What are the most confusing (or frustrating) elements or impacts of convergence for customers, integrators and manufacturers?