Roundtable Q&A: How Standards and Technology are Shaping Access Control

July 14, 2015
Converged responsibilities, network security, authentication set the tone for advancements

Security Technology Executive editorial director Steve Lasky recently sat down with several of the industry’s top experts to find out what was trending and what issues were shaping the future of access control technology. Here is what they had to say:

STE: Like IP overtaking analog in the video sectors, how will traditional mechanical access control co-exist with new and emerging electronic and wireless access control advancements?

  • Jason Ouellette, Tyco Security Products: In today’s market, brand new systems are more commonly being specified as full IP systems with the support of an electronic credential. There are a large number of legacy installations presently in use and once they reach the end of their 10-20 year life cycles in the access control industry, fully IP security systems will likely replace them with cloud based options and electronic credentials. So while serial communications currently accounts for roughly 60 percent of access control sales, IP will eventually eclipse serial based sales as these legacy systems are replaced and become antiquated.”
  • Julian Lovelock, HID Global: With the adoption of mobile access control, cards and phones are already converging into centralized identity management systems.  The ultimate objective goes beyond supporting both form factors, though.  Even more valuable is the ability to use either form factor -- or both -- to secure access to the door, to data, and to cloud applications, while providing a seamless user experience.    Developments in converged back-of-house technologies are enabling strong authentication and card management capabilities for computer and network logon while also ensuring that physical and logical identities can be managed on a combination of plastic cards, smartphones and other mobile devices.
  • Peter Boriskin, ASSA ABLOY: Historically, electromechanical devices were simply mechanical devices with solenoids or other basic electronic components incorporated into them. Recently we have seen significant advances in the capabilities of electromechanical devices with products like ASSA ABLOY’s EcoFlex electrified mortise locks. Built on the same foundation, they share common aesthetics and security features with our mechanical locks, allowing them to co-exist seamlessly in the same facility. Additionally, improvements in the technology of electromechanical hardware has allowed us to merge electromechanical hardware with innovations like low power wireless. By combining these ideas, we are able to create much more advanced products without compromising security.
  • David Ella, AMAG Technology: For applications with a lower need than 100% online availability such as dorm rooms at universities, we are finding an increased demand in wireless locks.  Access control products are integrating with wireless lock products to meet the diverse demands of customers who need both technologies to effectively secure buildings.
  • Ajay Jain. Quantum Secure: When ‘IP only’ video devices emerged, hybrid systems appeared that could handle both analog and IP devices.  Initially seen as a transitional stopgap, it looks now that hybrid systems will stick around – there are even new analog cameras being introduced for some applications. In a similar way, access control technologies and systems that can connect legacy and modern systems will see quick growth. Some applications will transition to emerging technologies, and some will remain a hybrid of old and new for some time.  Management systems will need to support both.
  • John Szczygiel, Brivo: Electronic and wireless access controls will compliment and extend the traditional metal key but not replace them for quite a while. The newer technologies will enable more openings to become part of the automated access control systems. The exciting trend here is towards ultra-low power wireless devices. The extended battery life of these devices will make many more applications in physical security very practical.
  • Mitchell Kane, Vanderbilt Industries: Delivering the best solutions for our end-users will necessitate embracing new technologies and supporting the expanded functionality/utility that these new technologies offer. To be successful, we must adapt our software to accept the integration of new devices all the while maintaining a logical user interface. From an end user’s perspective, this means keeping the programming of disparate devices constant with core products, the only real distinction should be how and when data is updated at the remote devices. The trend of co-existence between traditional mechanical access control and emerging electronic and wireless access control is all about consistency among these technologies across multiple systems, allowing users to streamline installation, service and maintenance, and easily expand their access control network when needed.

STE: Are the increased standards pressures by organizations like PSIA and ONVIF realistically migrating the access control industry to a true open architecture IP-based intelligent controller environment? If so, how is your technology roadmap designed for future adopters?

  • Jason Ouellette: Our roadmap has always been focused on adopting these standards, where they make sense, to ensure that our products have the ability to talk to readers from multiple solution providers. This quite simply protects the customer’s investment which we fully take note of.  OSDP is one of the more aggressive open standards that we see moving into the industry, addressing communication between the reader and controllers and can support both legacy serial based communications as well as the newer IP based solutions.Tyco Security Products has also recently participated in a PSIA demonstration of the PLAI Agent, showing how a an Active Directory LDAP based logical identity can drive a physical credential across multiple physical access control system (PACS) providers  We are well in tune to the need for convergence of logical and physical identity management. It will be difficult to see a fast and widespread adoption in access control though until more legacy systems are replaced with IP based solutions. Until then, there will be certain limits on how much standardization can occur. Reconciling these competing technologies will inevitably change the direction of the access control market and will really spur the further development of access control standards.
  • Peter Boriskin: We sit on the boards of both PSIA and ONVIF. We take standards very seriously and value being part of these organizations. Standardization is important in the security industry and we design our products to be integrated into a standards-based eco-system. I think there is a level of caution from those in the security industry around these standards, especially how we develop proper testing and ensuring the standards are comprehensive. Addressing these two areas will be critical moving forward.
  • Scott Lindley, Farpointe Data: Standards have long played a role in access control and will continue to build momentum.  For example, to enable broader compatibility with a broader range of access control panels, many RFID readers and credentials first emulated magnetic stripe data standards developed by the International Organization for Standardization (ISO).  These standards defined many of the reader and card attributes, such as data formats, timing and physical size. Today, many access control panel providers comply with the Institute of Electrical and Electronics Engineers (IEEE) standard IEEE 802.3 which defines the backbone of open architecture Ethernet technologies. New standards, such as the Open Supervised Device Protocol (OSDP) specification which offers the promise of widespread functional integration of disparate card readers, access control panels and other security management systems, will allow for new features and even greater interoperability.
  • Frank Gasztonyi, Mercury Security: The notion that there can be an open architecture, IP-based intelligent controller that is based on PSIA, ONVIF, or any other standards body is misguided. This is due to the fact that “intelligent controllers” deliver constantly evolving solutions to diverse problems, which means the blueprint for how manufacturers should meet their customers’ needs will never lend itself to be defined by a standards body or committee. At the same time, the industry cannot overlook standards that facilitate the transfer of data, rather than what do with it. As such, utilizing and supporting standards continue to be an important part of Mercury’s roadmap.  We have implemented and deployed several multi-party solutions based on PSIA, OSDP and other standards accordingly.
  • Robert Laughlin, Galaxy Control Systems: These are extremely positive goals, and PSIA and OnVIF are certainly committed to this process. Wrangling dozens of manufacturers is complex; however we do believe that overall the industry recognizes that it is in the best interest of our customers to work towards the goal together.
  •  David Ella: Someone once said that the great thing about standards is that there are so many to choose from, and that’s very true of physical security. AMAG is more interested in standards that increase physical and cyber security than opening up access control systems through published protocols. Going forward the end-to-end integrity and security of the system is going to be the most important thing to ward off cyber-attacks. The real openness that most systems need is at the software level and we heavily promote integrations using secure XML web services.
  • Ajay Jain: No, the standards aren’t creating pressures - it’s the customers, because they are no longer willing to use closed systems.  More and more, they now insist on open architecture for their security and access control systems to ensure that they can pick best-of-class system elements that will work together.  This is true at every level of their solution from card and readers, to management reporting, and to the “things” that are beginning to emerge from the Internet of Things. Providers that aren’t open to supporting these standards risk being viewed as outdated and unwelcome with many customers.
  • John Szczygiel: This will be a reality when there is wider adoption of the full standards, assuming that the standards are responsive to the needs of the market. In the near term, most systems will continue to take the walled garden approach, balancing specific customer needs with the potential for interoperability offered by the standards. In the interim we’re seeing a positive move away from custom integrations per sub-system to an Application Programming Interface (API) type of approach that is so common in the IT world. This provides the ability for systems to be modular and extensible and yet full featured.
  • Mitchell Kane: Open architecture is an often discussed, highly desirable feature for end users who want to feel comfortable not being committed to a single system for a lifetime. Things change and needs evolve; it is nice to be able to upgrade access control software and have it communicate with all existing panels and smart locks without the need for rewiring and replacing hardware – similar to moving from one VMS system to another. Unfortunately, unlike the IT world, this market has been historically protectionistic; camera manufacturers more readily accepted standards such as ONVIF in the video market. We have to remember that this market has always been driven by standards, such as NTSC or PAL. Today, there is a big movement underway toward the responsible decision to not only integrate with proprietary manufactured boards but also with de facto industry open products (such as Mercury Security). Our road map has always been to adapt to standards as they are ratified. In the meantime, with the market influx of smart locks from various companies, this market appears to be in the proprietary protocol mode and will be for many years to come.
About the Author

Steve Lasky | Editorial Director, Editor-in-Chief/Security Technology Executive

Steve Lasky is a 34-year veteran of the security industry and an award-winning journalist. He is the editorial director of the Endeavor Business Media Security Group, which includes the magazine's Security Technology Executive, Security Business, and Locksmith Ledger International, and the top-rated website SecurityInfoWatch.com. He is also the host of the SecurityDNA podcast series.Steve can be reached at [email protected]