Editor’s note: This is the 66th article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
With a few exceptions, the electronic physical security systems industry has had a poor record of interoperability for the past 50 years.
As a result, the industry incumbents are in a very precarious position for several reasons. We need to understand that position and get out of it quickly.
Consumerization of IT
From a security industry perspective, for decades information technology arrived in three phases: first to business, then to security, and finally to consumers.
The emergence of personal computing and the Internet changed that picture, so that now information technology arrives first to consumers, then almost simultaneously to business and physical security. The specially built display hardware for security’s rarely-affordable video walls of the past has now been replaced by displays that can be purchased at Walmart or Best Buy for 5% of the legacy wall cost. And you can download software to run it from the Internet.
The most interoperable device the world has ever seen is a consumer device that nearly everyone carries on their person: the smartphone. It is because of its ever-expanding interoperability – driven by software, not by physical gadgetry – that organizations experienced BYOD.
Bring Your Own Device was and still is an underrated global phenomenon whereby consumers (employees) forced their organizations to transform their business information systems, so employees could access them from their own laptops, tablets, smartphones and home PCs. Businesses initially resisted but had no choice, and of course that turned out to be better for businesses in a myriad of ways.
The security industry got reluctantly dragged into BYOD and didn’t rush to embrace it. The industry at large did not realize that BYOD would increase their user base over a thousand-fold, and eventually require physical access control systems to adopt mobile device credentials and video management systems to support the smartphone.
While this was going on, another phenomenon happened.
Big Outside Companies
Jump into Security
Companies outside the security industry, following the path of IT consumerization, decided to get into residential security (a large end-user customer base) and we saw the independent arrival of Alarm.com and the residential video doorbell. (See The Amazon Effect and The Flip Side of Amazon for another part of that picture.)
For some reason the security industry largely remains focused on what has just happened and finds it hard to sufficiently consider what’s next, in spite of the non-stop exponential advancement of technology.
These outside companies (e.g., Apple, Google, Amazon, and Microsoft) are heavy into AI, and large enterprise organizations have launched digital transformation initiatives that now include a strong AI element. Note that the phrase is “digital transformation” not “digital incremental improvement.”
Incremental improvement is a phrase that characterizes the physical security industry’s history.
As an industry, we don’t do transformation. That’s partly a funding issue resulting from the narrow focus of the industry – whereby large opportunities are simply out of sight. But it’s worse than that because industry incumbents pooh-pooh innovative ideas. In the early days, the "Not Invented Here" syndrome was rampant, and most security industry companies were fully infected. Traces of that still remain.
For example, there was a point in time when all access control companies either had no software or reluctantly had an employee write it, and they gave the software away free with the hardware. Then Lenel Systems arrived from outside the industry, with a vision that photo ID badges would become ubiquitous and a critical part of access control.
Decried and laughed at, Lenel went on to transform access control and security software in general. Milestone Systems was founded by software folks who came from the world of finance. Axis Communications was an IT company that made print servers.
First, we laughed at the new ideas, then we followed them reluctantly. But the arrival of big companies should give us pause. Outsiders look at the physical security industry and what do they see? A large customer base that is severely underserved from a modern-technology perspective.
We need to transform the industry internally now, which requires the incumbent companies to understand not just the state of technology advancement but the success factors behind the success. If we don’t transform internally, transformation will occur by means of the outside companies who replace the incumbents.
The Good News
The fact that we’re lagging in digital transformation isn’t all bad. It means that we can look at the successes others have had and learn from them.
This approach has the advantage of allowing us to bypass the lessons others learned the hard way and do it right from the get-go. That will help us catch up with the time we lost by not paying enough attention to technology advancement.
This article provides a general characterization of the industry as a whole, but it is important to note that there have been efforts to foster interoperability within the Security Industry Association (SIA) and its standards development, and by the Physical Security Interoperability Alliance (PSIA) and ONVIF.
ONVIF has transformed the video sector significantly – which before their efforts had a significantly high level of customer dissatisfaction over the lack of interoperability. As of June 2022, ONVIF had 496 member companies and more than 23,000 conformant products. Specifics on these organizations can be found on their websites and in security industry trade magazines and websites.
There is also the newer LEAF Consortium, which is an association of partner entities intent on bringing interoperability to the Access Control and Identity Credentials market and beyond. LEAF is combining the best security protocols and ISO standards with the most advanced technologies to provide a complete specification for interoperable solutions. The number of LEAF-enabled products are growing.
What progress has been made has been slow in coming, and much broader and faster implementation of interoperability is required to achieve the level of industry transformation currently needed.
Interoperability means that software and hardware products can work together regardless of the manufacturer because they communicate or function in the same way.
Their implementations can be different, patented, etc. – but their functionality at the point of interoperation is standardized.
Today, we have multiple software applications that can work with the same hardware, but it’s a one-hardware-to-several-software situation.
We need “many-to-many” interoperability for software and hardware. More-advanced card readers, for example, require explicit support from the access control hardware manufacturers. There isn’t a commonly used standard.
Physical security systems are cyber-physical systems, meaning that they have both a physical (device) element and a cyber (information technology) element. That means both have software system and hardware system interoperability.
Software interoperability increasingly involves data exchange, an important aspect of smarter buildings but also an important aspect because of the arrival of AI.
Today’s security systems are increasingly expected to provide data relevant to facility and business operations (especially for video in several sectors: retail, manufacturing, and critical infrastructure).
Software from the leading video and access control companies have open APIs, but the industry itself has not fostered software interoperability beyond the scope of buildings systems operation.
Hardware interoperability has been a sore point for long time, and standards development in any industry is, by its nature, a lengthy process. The sorest spot has been for access control in contrast to video.
Access Control Interoperability
The narrow focus of interoperability for access control is exemplified by the compatibility path that two companies (Alcatraz AI and Orion Entrance Control) have been force to take with their new AI-enabled products.
These products have valuable data that they could provide to the access control systems they interface with. However, they can’t provide it (it’s still there waiting) because to be compatible with existing security system deployments they must use a Wiegand, OSDP or relay-based interface. There is no way to pass data to the access control database.
Alcatraz AI produces an AI-enabled privacy-compliant facial authentication device that also performs tailgate detection. It includes an ONVIF-conformant camera whose video stream is available to the video surveillance system.
It has rich metadata it could potentially provide about the situation at the reader, but there is no standard way for access control systems to accept such data, and complex on-off integrations are out of the question.
Orion Entrance Control’s DoorGuard product performs tailgate detection and prevention. Using a relay interface to the access control hardware, it can signal whether to grant or deny access. However, the DoorGuard device has valuable data it could provide about the people count at the door entrance and the tailgating attempts. But again, there is no standard way for the access control system to receive it.
Emerging Silicon Valley-style companies are looking to close the security gaps that the security industry to date has not been able to address cost-effectively. They see them as opportunities to provide innovative solutions. Tailgating is one such longtime access control security gap. But to interface with access control systems, these high-tech companies have to go back to the stone age because that’s where most of the security technology landscape is.
Next week’s article, Interoperability – Part 2, will take a close look at two new technologies that have emerged to rapidly accelerate industry interoperability for access control hardware.
By way of providing a common vendor technology to produce interoperability, they make it possible for any access control manufacturer to implement interoperability at a fraction of the cost and calendar time that it would normally take with each vendor developing solutions independently. We’re talking on the order of hundreds of person-years of development being eliminated across the access control industry.
These technologies are very advanced. It requires an article of its own to explain how they satisfy the current and future needs of access control customers – including the many large-enterprise-level customers whose in-house software and AI development capabilities far exceed those of any security industry company.
What does it mean to be a customer-focused manufacturer for that class of customer?
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Follow Ray on Twitter: @RayBernardRBCS.