LAS VEGAS - Demand from systems integrators and end users in recent years for greater interoperability between both security hardware and software products has resulted in the establishment of several industry standards initiative aimed at simplifying how these systems and devices communicate with one another. One of these standards bodies, the Physical Security Interoperability Alliance (PSIA), has taken a holistic approach to standards by creating specifications that attempt to cover the entire security ecosystem – video surveillance, access control, intrusion detection, etc. – of products and software platforms. More recently, the organization has spent a considerable amount of time working to develop its Physical-Logical Access Interoperability (PLAI) specification, which seeks to streamline the provisioning of logical and physical access privileges throughout an enterprise.
At ISC West 2016 on Thursday, PSIA held a briefing to discuss the recent implementation of PLAI by Microsoft Global Security, which was looking for a more simple way to grant and revoke employee access across their entire workforce. According to PSIA Executive Director David Bunzel, PSIA did not originally consider the prominent role that identity management would come to play in access control when it was first formed in the mid-2000s. Today, however, he said it is a vital part of most modern physical access control systems (PACS).
“Most of the major PACS systems are involved in supporting and contributing to this effort,” Bunzel told attendees at the briefing on Thursday. “You can have confidence that some of the leaders in this industry, probably companies that represent close to three-quarters of the installations in this country, are involved in [PSIA].”
Microsoft Realizes New Efficiencies with PLAI Architecture
According to Mike Faddis, director of Microsoft Global Security, because a company the size of Microsoft, which currently has 220,000 employees spread across more than 800 locations globally, always tends to be in flux with regards to its workforce either as a result of acquisition or natural attrition, he said it’s crucial for them to be able to standardize physical and logical access. It became even more of a challenge following the company’s acquisition of mobile phone maker Nokia in 2014 as they had to integrate thousands of additional workers, who were already enrolled in a number of different PACS, into their own system.
“From our standpoint, it is really about enabling value and bringing to the company the ability to do things that other companies can’t,” said Faddis.
And unlike the physical and IT security departments in many other organizations, Faddis said these two departments have worked together inside Microsoft for the better part of a decade, which gives them another set of built-in advantages when it comes to implementing something like the PLAI specification. However, despite the advantages they enjoy, Faddis said that trying to integrate PACS solutions is a significant challenge for any organization.
“It’ really important that we understand the PACS systems out there are challenging. I think anybody who has ever dealt with one knows it can be tough when you’re trying to bring those together and make them work together,” said Faddis. “You never know what you’re going to get when you get into it and it becomes a major challenge when we try to bring companies together. Really, the whole reason behind looking at PLAI and getting into the PSIA is Microsoft tends to buy a lot of companies and all of a sudden we’re inheriting PACS systems that, honestly, I’ve never heard of.”
While the age-old of tradition of “ripping and replacing” security technology may still be an option for some businesses, Faddis said that such action within Microsoft would result in overhauling $150 million worth of equipment. Besides that, the company is always growing and evolving, which Faddis said meant he needed something to make disparate systems work together, which is why they decided to leverage the PLAI specification. To accomplish this, Microsoft turned to RightCrowd, a provider of software products that add functional enhancements to existing PACS systems, to help create the PLAI architecture within the organization.
According to RightCrowd CTO Darren Bain, Microsoft had an HR on-boarding process already in place that they use to push information to Active Directory on down to their access control management system. Shortly after the Nokia acquisition, RightCrowd created a PLAI agent and adapters to help the systems within Microsoft and Nokia communicate one another. Now instead of having to deal with the cumbersome process of trying to provision access rights for employees of the two companies using a multitude of systems, PLAI allows Microsoft to continue using their existing system to grant or deny access privileges across the enterprise.
“The PLAI specification is a way to do this. It’s not a product, so we helped Microsoft actually implement that specification and deliver the PLAI architecture for them,” said Bain.
“Understanding the usefulness of what we can bring to the business is key and that is where PLAI came in. It allows us to look at different business units and help from an identity standpoint,” added Faddis. “It’s really about aligning business goals and enabling a smooth access control experience while optimizing our global protection around the world. Standards and interoperability are crucial, so let’s do what we can to get there.”
