Today's technology allows greater integration of identity recognition and access management. We look at how businesses are implementing converged security.
Technological advances mean that the old distinctions between security, facilities and IT management are becoming blurred in modern workplace buildings.
Intelligent design of IP (Internet Protocol) networks means they can now include telephony and business critical systems, alongside CCTV and other security measures allowing physical access to the building.
Real advantages can be had by using the same network infrastructure for both physical and logical access control and security.
This convergence is bringing benefits across departments. IT, security, facilities, operations and property managers can save money and see a quicker return on investment. It also provides systems that are better tailored to users' needs, creating a more productive work environment.
But this is not a straightforward matter. Systems, processes and people all present challenges to a successful convergence strategy.
Mike Williams, general secretary of the Intelligent Building Group and managing director of independent consultancy CDC, says, "Technology can be an enabler of many things, but you have to be willing to go through organisational change, which is often where projects like this break down.
"IP has been very disruptive now that most organisations have migrated their networks. And IT suppliers are saying they can use these networks to transform their security capability."
He agrees, however, that IP networks have changed the dynamics of the relationship between physical and logical security.
Just as centralising voice, video and data control has helped businesses save money and increase operational efficiency, so adding access control systems can take another layer of process and legacy technology out of an organisation's cost and management structure.
Case study: BT Group
BT Group head of global security Mark Hughes says converged physical and IT security has been a long-term goal at BT for five years now. The company is rolling out one access system for its distributed business, which also handles some initial network authentication protocols for controlling access to IT systems.
"IP has enabled us to effectively bundle many IT services using one common platform," he says.
"CCTV, intrusion detection systems and electronic access control to our sites and back-office systems can be handled and back-hauled on a single circuit. This has been possible as IP networks and encryption technologies have matured and stabilised."
Hughes says the cultural change will always be harder to predict as a consequence of merging traditionally separate functions. He agrees that highlighting the benefits of new systems and strong top-down sponsorship is essential, but he also agrees that it will be an IT-led play.
"Those guys and systems work for me. But obviously, it depends on the physical estate - we have a very distributed one - and assumes that IT manages the logical and access control systems.
"But having that control in one place for BT allows us to react to all different types of incidents, whether they are environmental, physical or IT-based.
"The ability to authenticate different ways in the network layer so there is no conflict between types of incidents is important, but most of all, we look at this as holistically assessing risk, whether it is physical or logical."
Case study: Ikea Pilot Store
The Ikea Pilot Store in the Netherlands tests systems for the rest of Ikea. It has upgraded its analogue security setup to modern digital surveillance using IP networking. This has increased security, improved service levels and reduced shrinkage.
The store has improved its surveillance capabilities by moving to a pure digital platform. It has also added integration with its Microsoft Navision enterprise resource planning (ERP) system to control shrinkage and reduce errors at the cash registers.
It uses Milestone XProtect software to integrate IP video images with transaction data and provide new IP video tools for global corporate education facilities.
XProtect is designed to work with a flexible mix of hardware for different location needs, and will be able to integrate with even more systems in future, such as customer counting systems for better queue management.
"We have achieved our goal to upgrade our surveillance to a networked digital system for improved performance and an integrated approach," says Remco Hempenius, project manager at the Ikea Pilot Store.
"We are cost effectively reusing existing equipment while adding a mix of new hardware, all controlled by the XProtect software.
"We appreciate the ability to choose our own combination of cameras, a flexible approach that this software supports. And XProtect Retail gives us real added value in handling shrinkage."
Ikea operates a mix of Axis and Sony network cameras plus various analogue cameras converted to digital images through Axis blade servers, all running on Windows XP. The networked video data is integrated with the transaction information in the Navision ERP system.
"The system builds trust with our staff for their protection," says Hempenius. "It has been a good exercise to follow up on routines and protocols with the store manager, staff and security personnel. And we have decreased internal shrinkage by 50%."
Of the decision to move to IP networks, he adds, "We needed the detail that the Milestone system's digital engine would give us to analyse sales and CCTV data in more detail.
"We saw a greater potential for return on investment in this store, where others have lower turnover or levels of inventory loss.
"We maintain the system in-house. It is 10 times faster than analogue and the 300 cameras around the store and above the tills manage three terabytes of data that is refreshed every 30 days."
What the experts say
David Lacey, founder of security user group the Jericho Forum, says most convergent security strategies should look to harness the ID and access management overlap between physical security systems and network and application data or authorisation mechanisms. Both are following a similar technology trend.
"Identity management is very similar to asset management," he says. "Objects, data and people need managing. And less than 50% are probably your own staff, data and physical assets. Often, more than half are outsiders, so it is no longer sufficient to operate a whitelist approach to your perimeter.
"You need to bring together proper asset systems and people databases."
However, operating an integrated, deperimeterised system is not easy, says Lacey. "An architecture for deperimeterised security infrastructures is more complicated and some of the boxes and facilities needed are not yet fully enough developed."
As such, he says any plans to centralise security functions would be hard to finance given the likely long-term return on investment and strategy involved and difficult to sell politically, because everyone - facilities, operations, security and IT - need to follow the same strategy.
Andy Kellett, senior researcher at analyst firm Butler Group agrees that there is a growing awareness from ID management and access management suppliers to facilitate greater integration.
"Many companies are already struggling to complete single sign-on provisioning and deprovisioning systems," he says.
"But given the work already done, this is most likely going to be IT-led. The growth of facilities driven by technology allows you to get convergence of those systems in place that make the whole infrastructure easier to manage centrally."
Information security: Who should be liable for security? >>