Security consultants also need to be more IT savvy regarding the kinds of systems integration the products they specify will be involved in. In most cases the software that "glues" the various applications together (middleware) will be provided by IT. The requirements and design for the middleware will include the security system integration. Not only must the security consultant be able to discuss the security system's role in the overall integration, he must specify a system that is up to the task.
The Big Danger: Ignoring the Customer
The previous article in this series (ST&D August 2004, "Playing Catch Up: Convergence With IT and Building Controls") discussed the need for interoperability between systems and pointed to the building controls industry as an example of customers driving change. In retrospect, we see that both customers and companies would have benefited from a more timely industry response. The article suggested that the security industry take a lesson from the building controls industry and actively pursue interoperability without having to be dragged into it by the customer base.
There is danger in looking to the history of building controls industry for guidance. It took 10 years to develop the BACNet specification, and it will be years more before BACNet contains the needed support for security systems, and again more before companies adopt it.
The danger is this: Unlike the HVAC and lighting control portions of the building controls industry, the security industry cannot safely drag its feet for years. The building controls industry did not have outsiders waiting in the wings that could simply come in and take the business away from its integrators. The security industry does. The IT industry has the technology, the people, and the money to pull it off.
Encroachments have already taken place, as we've seen, with IP-based video systems, and similarly with Web-based visitor management and identity management systems. Some security industry companies responded by adopting the related IT standards and interfacing with the IT systems. Most did not respond at all.
The Threat of Microsoft
Implementing an identity management system is no small task. So to help make the introduction, Microsoft offers a six-month evaluation version of Microsoft Identity Integration Server 2003, which is downloadable from the Microsoft Web site. Microsoft Server 2003 includes a free implementation of a Public Key Infrastructure system suitable for small businesses. PKI is a component required for smart-card-based access control to information systems. Both Windows 2000 Server and Windows Server 2003 support smart cards for Windows logon.
What if Microsoft took a liking to networked video? Would we see a six-month trial version of Microsoft Video Management Server 2005? If that happened, you could expect to see the Microsoft development Web site offer a video server development kit, so that anyone could interface to the software.
Part of the threat of Microsoft is that it creates systems that are standardized to allow other groups to use the same technology. This would signal the end of popular proprietary technology and the beginning of a drop in system prices.
IT has thrived on open standards and interoperability. Security industry manufacturers fear open standards and interoperability. They would much prefer things to remain unchanged. But the IT door has already been opened, and it cannot be closed.
Cisco reports that the chief lessons learned from the transition to digital CCTV pertain to making the best use of Cisco IT resources. "Physical security and IT security are converging," said Chatterton, "and the two groups need to work more closely than before. When we managed the servers ourselves, a hardware or software problem was a serious issue for the department. Now we just generate a case and IT uses their technical resources and expertise to resolve the issue. We had to shift our culture to let IT do the work and run through its own processes."
Like Cisco, many end users are experiencing corporate culture change due to convergence. Unless there is a corresponding culture change within security industry companies, the end-user change will amount to a shift away from traditional security companies to IT services companies.