In recent years, IT departments have been dealing with the convergence of several new technologies on their network infrastructure. In addition to traditional network security threats, they are now responsible for managing devices such as HVAC system monitors, smart thermostats, Smart Grid power monitoring and control devices as well as IP-based access control systems and networked surveillance cameras to prevent exploitation of these potentially vulnerable network nodes. But successful properties are now blending these disparate mechanical and electronic solutions to create a more holistic experience for everyone involved, and that experience begins at the front door.
For years, access control systems had one function - to control access to a facility. But today the Internet of Things or IoT is transforming the access control system into the means to dramatically increase the productivity of not only your facility but also your employees.
What is the IoT?
The phrase “Internet of Things” was coined by British tech pioneer, Kevin Ashton in 1999. The simplest definition and vision of the IoT is that billions of sensors and smart devices will connect and share information with each other to enhance the collective experience of the end user. This is done by collecting, cleaning and analyzing the data provided, allowing for predictive and real-time actions to take place on behalf of the user and the associated community.
It helps to think of the IoT as the Internet itself, evolved for a third time. In the first two evolutions (or waves) of the Internet, we were either connecting via a desktop computer or on a mobile device like a smartphone or a tablet. In the third evolution, smart devices communicate and deliver information to the Internet without human intervention at a scale that we’ve never seen before. Within the next decade, it is projected that there will be as many as 50 billion connected devices operating on the planet, generating data in volumes previously unseen.
One of the front lines of the IoT can be found at the entrance to a facility. With a traditional access control system, your experience begins and ends at the door - you enter a PIN or swipe a card and the door unlocks. But when that system harnesses the potential of IoT technology, the door is merely a starting point for a completely customized experience throughout the entire facility. After you present your credentials at the front door, the system will turn on the lights and adjust the temperature in your office while simultaneously alerting security that you have accessed the building. During the day, the network monitors things like water use, sending an alert to facilities if a restroom faucet is left running or if a normally locked door is left ajar. At the end of the day, the access credential is used to exit the building, triggering the reverse actions of the morning – lights are dimmed, temperatures are lowered and doors are locked. If you decide to come in on the weekend, the system will only turn on the lights along the path to your office. This ensures energy isn’t wasted, but you still have a safe environment. Depending on how your office is structured, the system could be set up to auto assign a workspace for you, complete with a telephone with VOIP, all based on customizable preferences like your desire to sit on a certain side of the building in the sunshine.
Access control is one of those areas that hasn’t previously been looked at from a productivity and personal experience standpoint, but with the IoT, you get the benefits of improved employee morale as well as significant cost savings from the many efficiencies the system can make possible.
Access control can be a “trigger” for actions with many previously unrelated functions. Every aspect of a building’s operation has the potential to tie into this network, from lighting to intercoms, video, fire safety and climate controls. This is further driving the interoperability of these previously disparate systems to enable services such as location-based decision making that will provide a new level of value to tenants, users, administrators, and owners.
Incorporating the IoT into an access control system is not without potential challenges. From an organizational perspective, depending on how integrated your physical and IT security departments are, the transition can cause confusion about decision-making authority between facility engineers and the IT leadership. This new, robust component brings with it a set of needs requirements and concerns for both groups. What was once simply door hardware that was the sole responsibility of your facility engineers is now a node on IT’s network, which leads to a lot of questions. Who is now responsible for this door and for maintaining the physical security it provides? Because it’s an IT device, does its budget also move to IT? What does IT know about access control and door hardware? How many new complications will this create for IT and the network?
The two groups must cultivate their collective experience and wisdom if they’re to have any hope of realizing the full benefits of the IoT, never mind withstanding future cyber or physical threats to their safety and security. An integrator or consultant can be very helpful during the transition, functioning as a mediator who can help both sides work through any conflicts that may arise. As always, communication is key to ensuring there are no misunderstandings about who is responsible for what.
The technology is continuing to advance at an incredible rate, but real world adoption will travel at the speed at which these groups can bridge any knowledge gaps that may exist and learn to effectively work together. The integration process may not be easy, but it is unquestionably necessary. As Scott Borg, Director and Chief Economist of the U.S. Cyber Consequences Unit recently commented, “As long as organizations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organizational level.”
If successful, the shared benefits between Facility Executives and IT are significant. A simple example can be a device that will monitor its own health, sending alerts over the network when it needs new batteries or if a switch is malfunctioning. For a facility engineer, this feature will provide them with what’s known as “no tour capability,” eliminating the need for mundane tasks like auditing doors to determine if they are closing properly or need maintenance. For IT, the benefits of being able to monitor large areas with less staff are clear.
Implementing a system that can be upgraded simply, without creating more complexity or budgetary weight is an effective means of avoiding the risks associated with being an early adopter of any technology or product. But those risks are minimal compared to the potential security threats that today’s facilities must guard against.
Have a plan. Cultivate a proactive mindset and accept that nothing is 100 percent secure. A hack is an unauthorized entry to a secure space, regardless of whether the system that is compromised involves a mechanical lock or software. Lay out a response to being hacked at the start of your selection process and keep in mind that what ultimately matters most is how quickly and effectively you are able to respond to the attack. Some digital solutions can facilitate a faster and more robust response to those situations than a traditional mechanical lock or solution. If the master key is stolen, is it easier to physically rekey each lock, or is it faster and more efficient to change the firmware remotely impacting all of the locks at once with minimal touring? How important is that speed to you? What are you willing to sacrifice for that speed? All of these things must be considered when selecting a solution and mixing mechanical and electronic tools.
One of the most important decisions will be the selection of the right manufacturer. There are many access control systems from which to choose, but it’s important to remember you’re not just choosing a product. You’re partnering with a manufacturer and the right one will provide more than just a product. Look for a manufacturer that not only has a broad portfolio to meet the various needs of your facility but one that also offers product training, industry expertise, technical services and more. A solid manufacturing partner can help you compare the various products and technologies available in the market. Plus, they can provide extensive code knowledge—particularly important since codes vary by building type, industry, and state. Some manufacturers also offer services such as security and safety assessments, specification and building standards assistance, training and more. Look for companies that have experience partnering with other consultants and stakeholders—architects, integrators, IT, one card providers, building owners, facility managers, etc.—to develop a comprehensive solution that best meets your needs.
The IoT Revolution
The Internet of Things represents a fundamental change in how we use the myriad of devices and systems within our buildings and creates the potential to dramatically increase their productivity while improving the overall experience for users. When Facility Executives, IT Leaders, Integrators, and Consultants work collaboratively to blend mechanical and electronic solutions, operational costs decrease, satisfaction rises, and security improves.
About the Author
Rob Martens is Allegion's Futurist and Director of Connectivity Platforms. For more information, visit us.allegion.com.