Today's technology allows greater integration of
identity recognition and access management. We look at how
businesses are implementing converged security.
Technological advances mean that the old distinctions between
security, facilities and IT management are becoming blurred in
modern workplace buildings.
Intelligent design of IP (Internet Protocol) networks means they
can now include telephony and business critical systems, alongside
CCTV and other security measures allowing physical access to the
building.
Real advantages can be had by using the same network
infrastructure for both physical and logical access control and
security.
This convergence is bringing benefits across departments. IT,
security, facilities, operations and property managers can save
money and see a quicker return on investment. It also provides
systems that are better tailored to users' needs, creating a more
productive work environment.
But this is not a straightforward matter. Systems, processes and
people all present challenges to a successful convergence
strategy.
Mike Williams, general secretary of the Intelligent Building
Group and managing director of independent consultancy CDC, says,
"Technology can be an enabler of many things, but you have to be
willing to go through organisational change, which is often where
projects like this break down.
"IP has been very disruptive now that most organisations have
migrated their networks. And IT suppliers are saying they can use
these networks to transform their security capability."
He agrees, however, that IP networks have changed the dynamics
of the relationship between physical and logical security.
Just as centralising voice, video and data control has helped
businesses save money and increase operational efficiency, so
adding access control systems can take another layer of process and
legacy technology out of an organisation's cost and management
structure.
VoIP quality of service monitoring advice >>
Intelligent Building Group >>
CDC website
>>
Case study: BT Group
BT Group head of global security Mark Hughes says converged
physical and IT security has been a long-term goal at BT for five
years now. The company is rolling out one access system for its
distributed business, which also handles some initial network
authentication protocols for controlling access to IT systems.
"IP has enabled us to effectively bundle many IT services using
one common platform," he says.
"CCTV, intrusion detection systems and electronic access control
to our sites and back-office systems can be handled and back-hauled
on a single circuit. This has been possible as IP networks and
encryption technologies have matured and stabilised."
Hughes says the cultural change will always be harder to predict
as a consequence of merging traditionally separate functions. He
agrees that highlighting the benefits of new systems and strong
top-down sponsorship is essential, but he also agrees that it will
be an IT-led play.
"Those guys and systems work for me. But obviously, it depends
on the physical estate - we have a very distributed one - and
assumes that IT manages the logical and access control systems.
"But having that control in one place for BT allows us to react
to all different types of incidents, whether they are
environmental, physical or IT-based.
"The ability to authenticate different ways in the network layer
so there is no conflict between types of incidents is important,
but most of all, we look at this as holistically assessing risk,
whether it is physical or logical."
BT Group website
>>
Case study: Ikea Pilot Store
The Ikea Pilot Store in the Netherlands tests systems for the
rest of Ikea. It has upgraded its analogue security setup to modern
digital surveillance using IP networking. This has increased
security, improved service levels and reduced shrinkage.
The store has improved its surveillance capabilities by moving
to a pure digital platform. It has also added integration with its
Microsoft Navision
enterprise resource planning (ERP) system to control shrinkage
and reduce errors at the cash registers.
It uses Milestone XProtect software to integrate IP video images
with transaction data and provide new IP video tools for global
corporate education facilities.
XProtect is designed to work with a flexible mix of hardware for
different location needs, and will be able to integrate with even
more systems in future, such as customer counting systems for
better queue management.
"We have achieved our goal to upgrade our surveillance to a
networked digital system for improved performance and an integrated
approach," says Remco Hempenius, project manager at the Ikea Pilot
Store.
"We are cost effectively reusing existing equipment while adding
a mix of new hardware, all controlled by the XProtect software.
"We appreciate the ability to choose our own combination of
cameras, a flexible approach that this software supports. And
XProtect Retail gives us real added value in handling
shrinkage."
Ikea operates a mix of Axis and Sony network cameras plus
various analogue cameras converted to digital images through Axis
blade servers, all running on Windows XP. The networked video data
is integrated with the transaction information in the Navision ERP
system.
"The system builds trust with our staff for their protection,"
says Hempenius. "It has been a good exercise to follow up on
routines and protocols with the store manager, staff and security
personnel. And we have decreased internal shrinkage by 50%."
Of the decision to move to IP networks, he adds, "We needed the
detail that the Milestone system's digital engine would give us to
analyse sales and CCTV data in more detail.
"We saw a greater potential for return on investment in this
store, where others have lower turnover or levels of inventory
loss.
"We maintain the system in-house. It is 10 times faster than
analogue and the 300 cameras around the store and above the tills
manage three terabytes of data that is refreshed every 30
days."
Ikea website
>>
Milestone XProtect >>
What the experts say
David Lacey, founder of security user group the Jericho Forum,
says most convergent security strategies should look to harness the
ID and access management overlap between physical security systems
and network and application data or authorisation mechanisms. Both
are following a similar technology trend.
"Identity management is very similar to asset management," he
says. "Objects, data and people need managing. And less than 50%
are probably your own staff, data and physical assets. Often, more
than half are outsiders, so it is no longer sufficient to operate a
whitelist approach to your perimeter.
"You need to bring together proper asset systems and people
databases."
However, operating an integrated, deperimeterised system is not
easy, says Lacey. "An architecture for deperimeterised security
infrastructures is more complicated and some of the boxes and
facilities needed are not yet fully enough developed."
As such, he says any plans to centralise security functions
would be hard to finance given the likely long-term return on
investment and strategy involved and difficult to sell politically,
because everyone - facilities, operations, security and IT - need
to follow the same strategy.
Andy Kellett, senior researcher at analyst firm Butler Group
agrees that there is a growing awareness from ID management and
access management suppliers to facilitate greater integration.
"Many companies are already struggling to complete single
sign-on provisioning and deprovisioning systems," he says.
"But given the work already done, this is most likely going to
be IT-led. The growth of facilities driven by technology allows you
to get convergence of those systems in place that make the whole
infrastructure easier to manage centrally."
Jericho Forum website >>
Human factor is key to good security
>>
Converged networks deliver the best security, say execs
>>
Irish parliament deploys converged IP network >>
David Lacey’s
security blog
The latest ideas, best practices, and business issues associated
with managing security
More on security
>>
Information security: The route to compliance >>
Information security: Who should be liable for security?
>>