Partners Converge

Dec 1, 2007 12:00 PM, By Michael Fickes

After years of talk, physical security systems are finally converging with IT networks to automate new tasks.


         Subscribe in NewsGator Online   Subscribe in Bloglines

A couple of months ago, a security manager at O'Hare International Airport handed a box of green, color-coded security badges to a worker and told him to sort through the box and find one with a photo that looked like himself. The worker used the badge, which had been deactivated, to get into a United Airlines cargo facility.

The worker later revealed his activities to federal officials with whom he was cooperating.

Armed with the worker's testimony, federal and local officials raided several warehouses at O'Hare on Nov. 8, arresting 24 workers employed by a temporary staffing agency. Officials also took two security managers from the staffing agency into custody, alleging that they had passed out deactivated airport security badges to all of the workers and encouraged them to give false names on their airport security applications.

Officials later said that all 24 workers were in the country illegally and that the entire affair raised serious national security issues.

Observers suggest that O'Hare is one of many U.S. airports confronting the problem of improperly vetted workers gaining access to secure areas.

“This is a convergence problem,” says Ivan Hurtt, product marketing manager with Waltham, Mass.-based Novell Inc. “Our convergence solution could have prevented this problem.”

While security professionals have talked about convergence for years, products that converge the capabilities of IT networks and physical security in useful, easy-to-manage systems are only now coming to market.

Officials later said that all 24 workers were in the country illegally and that the entire affair raised serious national security issues.

Observers suggest that O'Hare is one of many U.S. airports confronting the problem of improperly vetted workers gaining access to secure areas.

“This is a convergence problem,” says Ivan Hurtt, product marketing manager with Waltham, Mass.-based Novell Inc. “Our convergence solution could have prevented this problem.”

While security professionals have talked about convergence for years, products that converge the capabilities of IT networks and physical security in useful, easy-to-manage systems are only now coming to market.

For example, Novell and Honeywell have developed a communications device called the SmartPlus Integration Server. Honeywell's ProWatch Security Management System plugs into the Integration Server, which in turn plugs into Novell's Identity Management System. The Integration Server provides a real-time XML interface between the Honeywell physical security system and the Novell logical security system.

With this system, an employer enters a new employee's name, title, location and other information and creates a new identity. Based on the information entered into the system, the Identity Manager understands the new employee's role and provisions him or her accordingly. The provisioning process identifies what network IT systems the employee will be able to access as well as what doors he or she can pass through.

Once the provisioning has been completed, the Identity Manager tells the SmartPlus Integration Server to notify ProWatch, which tells the physical security system which doors this employee's card will open, and a card is generated. Each step happens automatically.

That's the basic system. But the XML interfaces within the system make it possible to add more pieces and more control. “One of our add-on modules is called Identity Assurance,” Hurtt says. “If this module is connected, the system does more than just link physical and logical identities. It will also make sure that new hires are who they say they are.”

In the O'Hare case, continues Hurtt, the Identity Assurance system would have checked local police records and FBI records. These two checks are also carried out automatically. Users can add more automatic services as necessary, including checks of immigration records and Homeland security terror watch lists.

Such a system with the right combination of record-checks may well have prevented the O'Hare situation from ever developing.

Why is convergence happening now?

“We are all talking XML today,” says Mark Allen, director of enterprise convergence solutions with Hirsch Electronics Corp. in Santa Ana, Calif. “Today we can put a Web server on a UNIX system and talk to it from a Windows system. We can even put a Web server on a mainframe and enable other systems to talk to it using XML.”

Think of XML as a common or standard language that all systems understand — from Linux to UNIX to Windows to Mac OSX.

The standard XML language combined with a Web server has made it easy to share data between systems and to automate activities based on the meaning of the shared data.

Hirsch has used XML to enable a number of convergence projects. Recently, for example, the company integrated its Velocity access control system with Card Manager, an identity management product from Bedford, Mass.-based RSA Security Inc.

RSA Card Manager software manages smart cards with chips. It will load various applications onto smart card chips. These include access control capabilities, digital certificates, user IDs and others.

“Card Manager will tell our system when a new person has come on board,” says John Piccininni, vice president of sales for Hirsch. “It tells our system that this is the credential the new person will use and provide information about the card.”

Just like other identity management systems, the Hirsch-RSA collaboration provisions people by following policies set up for certain titles and locations. An engineer in the Northern Virginia office will receive access privileges to certain doors but be locked out of others. When the engineer's role or title changes, the system will automatically alter the provisioning for his or her credentials. When he leaves, the system revokes both physical and logical access privileges.

In the Hirsch-RSA convergence project, the physical and logical systems are set to notice anomalies. The logical side will prevent people from logging into the network if they have not logged in at the front door.

These capabilities are not new. Convergence partners have collaborated before on such integrations. What is different is the length of time it takes to integrate two different systems. Not long ago, it would have taken weeks if not months to enable two different systems to communicate. Integrators would work things out by using an Application Programming Interface (API) or a Software Development Kit (SDK).

“We put together the RSA integration in less than a week, without an API or an SDK,” Allen says.

Hirsch has also integrated its access control system with a San Jose-based Cisco Systems Inc. Video Surveillance Media Server network video recorder. “We trigger that system with XML-based alarms,” Piccininni says. “When something happens in our access control system, we tell the Cisco server to record certain cameras at certain frame rates and to link the video to the alarm event in our system.”

Hirsch uses Windows operating systems, while Cisco's product runs on Linux. “They talk to each other easily because the communications protocols have been standardized,” Piccininni continues. “In the past, those kinds of differences were important, but today they matter less and less.”

Integrating the integrators

In early November, the PSA Security Network in Denver and 1NService of Bellevue, Wash., announced a national convergence effort. PSA is a marketing cooperative composed of more than 200 physical security integrators located across Canada, Latin America and the United States. 1NService is a group of 12 companies with 600 network technicians.

“The idea that a PSA integrator will become a network integrator in a short time — or that a 1NService network integrator will become a physical security integrator — just isn't going to happen,” says Bill Bozeman, president and CEO of PSA. “So our objective is to develop partnerships that will bring together physical security integrators, network integrators and manufacturers.”

“Our idea of convergence is to do a better job for end-users. Chief technology officers are frustrated. They don't believe that anyone has figured out the convergence security puzzle,” Bozeman says.

The recently announced convergence effort aims to converge the interested parties to handle projects for clients.

While both PSA and 1NService are promoting convergence projects with each other, companies within both organizations are working on their own projects. For instance, Atrion Networking Corp. of Warwick, R.I., a 1NService member, is rolling out a system for an $800 million Boston-based client with locations in Australia, France, the U.K. and the United States.

“Our client asked for a way to automate the process of providing door and network access to employees traveling between offices,” says Paul Cronin, vice president of customer service with Atrion and an executive with 1NService. The Atrion solution begins with a smart card carried by employees.

Every company smart card provides universal access to lobbies of offices worldwide. An employee from Boston arriving at the office in Paris would card-in at the front door. That transaction registers the employee's arrival at the company facility in Paris. The transaction is also recorded at the home office in Boston.

Next, the employee goes to the office he or she has been assigned to. Since the network will automatically deny access to any device not properly registered in the network directory, the employee cannot log in by computer. The Atrion system gives traveling employees codes that may be entered on IP phones found in each office. Once the code is entered, the network will check with Boston to see where the employee is. Upon discovering that he or she has carded in to the front door in France, the code will tell the system to recognize the employee's laptop.

Since the shooting at Virginia Tech earlier this year, a number of colleges and universities have been re-evaluating their campus security systems in light of a sudden drop in interest from prospective students.

Atrion is working with a physical security integrator to expand the video surveillance system in use at a university in Boston. “Our assignment is to make an expanded video surveillance system affordable,” Cronin says. “We're upgrading the network to higher speeds that will accommodate video.”

That will enable the physical security company to connect cameras to the network. With video flowing across the network, security officers in a single central location will monitor the video. A number of patrolling officers will be reassigned. The savings on labor will pay for the new system. Meanwhile, the IT director will get a higher quality network.

Just the beginning

Those involved in convergence projects today agree that convergence is finally becoming real and that remarkable changes are likely in the next five years.

“We have progressed exponentially in the last two years,” says Carlos Lopez-Reyna, software solutions marketing manager in Honeywell's Louisville, Ky., offices. “And that's just the beginning. Soon we'll move past identity and physical security to correlation systems that will employ smart business logic. These systems will enable you to extract information.”

Suppose, for example, that a security officer notices that someone tugged on a door to a research and development facility on Wednesday night. So what. People forget their cards once in a while. Maybe someone was lost and just trying a door. Such an isolated event may appear unimportant.

“These new applications will check for patterns,” Lopez-Reyna says. “Suppose such a program notices that someone has been tugging on the research and development door every Wednesday for the past month. Chances are, a security officer wouldn't have made the connection. But this program will notice, report it and even take an action like telling a camera to watch that door on Wednesdays.”

“In this way, we can develop predictive security systems that will learn and suggest improvements,” Lopez-Reyna says.

PSA's Bozeman agrees. “Today, we're using convergence tools to improve productivity and profitability,” he says.

Rob Zivney, vice president of marketing at Hirsch, also agrees. “One definition of convergence is putting all this new technology on the network,” he says. “But I think that convergence is a lot more than that. In the end, convergence doesn't mean security technology being connected to a network. I think it means enabling business to be more productive.”

In other words, just about anyone can add new technology to a network — given today's standard communication protocols. But the real benefits of adding technology to a network come when a security director or network IT director thinks of a creative way to use networked technology to improve business productivity and profits.

Want to use this article? Click here for options!
© 2014 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Back to Top