Say the magic word

Jul 1, 2000 12:00 PM, Randy Southerland

You hear it from every supplier, manufacturer and integrator in the security business. Everyone, it seems, is peddling a hardware system or software package that is "open.'

Open equals good. Proprietary is bad.

Open architecture, open systems, integration and seamless integration are phrases thrown around by manufacturers and integrators like warm-up pitches before a game. Here is the big question from end users: What does it all mean to me? Is open architecture just another empty phrase like "user-friendly," or is it the pathway to a better security system?

Talking to industry observers confirms that open architecture is very much in the eye of the beholder. While promising a bright new era of greater choice and easier integration of systems, it may instead turn out to be the same old proprietary system.

What is the main message for a security director who is tired of proprietary hardware that keeps him or her on a short leash to a single manufacturer? You have your work cut out for you trying to make sense of the emerging world of open systems.

Open architecture: Does It really exist? "There's probably no open architecture system on the market," contends Rob Zivney, vice president for marketing at Hirsch Electronics, Irvine, Calif. "It's a question of how close you can get."

Gary Larsen, president of Automated Management Technologies (AMT), Minneapolis, and an outspoken advocate of open architecture, observes that the phrase "open architecture" means different things to different people. "A lot of it can be very self-serving in terms of how it provides an advantage for a particular vendor," he cautions.

True open architecture provides the ability to place equipment from different manufacturers on a single system so they can all interoperate and communicate, says John Gandinger, design engineer with Louisville, Ky.-based Electronic Systems USA, which was recently acquired by Johnson Controls.

"You don't have to have special gateways or special software to make a component talk to another component," he explains.

Larsen adds, "I think that everyone will ultimately agree that all that you can really say about open architecture is that it uses standards that are published and available to everyone."

What is the openness state-of-the-art? Like witnesses to a traffic accident, observers provide varying vantage points.

"What's out there today isn't really open. A lot of companies think that if they provide an interface with other programs or other equipment, that makes the product open when it really isn't. The architecture is really proprietary," asserts IBM's manager of security systems George Temidis, an enduser.

Temedis says, "When companies are just getting started, they try to keep things proprietary. Look at proximity cards and how many different standards there are out there and how everyone is using different protocols and different communications. And nobody is getting it together yet."

Security industry consultant Bob Bryant says that the entire industry has tried for decades to force the end-user to accept proprietary systems.

"They are all today somewhat proprietary. While some of those manufacturers - let us say five out of a thousand - have decided they want to go open, they're still going to do it on their terms," he contends. "They're going to use their existing hardware, their existing software, and their existing platforms. In doing so they're really not going to create an open environment. They will be primarily proprietary."

Bryant says fewer than half a dozen companies - he won't say which ones - can provide an enduser with a system that is adaptable to truly open architecture.

"In the future they should at least be able to 'plug and play' when it's available," he says. "So all the investment the enduser makes now can still be realized down the road. But that's only if he chooses one of these six and under these specific requirements."

How open is open? Nearly everyone in the industry agrees that access control systems are more "open" than they once were, although some admit that openness is in some cases limited. It also hasn't reached the sort of integration and openness that can be found in the building automation industry.

Customers can buy "off the shelf" PCs to run access control systems, and that represents "open architecture" to some.

One of the big questions is whether the security industry has a de facto standard such as the computer industry's Windows operating system.

"In the computer industry, open systems is an old subject," observes Rudy Prokupets, executive vice president for research and development and chief technology officer for Lenel Systems, Pittsford, N.Y. "Nobody debates it anymore. If you're proprietary, you're dead. Apple is an example, and even it is trying to open up."

Microsoft leads, but who challenges? The security industry has been compared to the personal computer industry. Today, while there are many computer operating systems still available, Microsoft Windows is regarded as the de facto standard. Most people use it, but not all. You can still buy a computer running the Apple Macintosh desktop or install a system such as Unix or Linux on your computer network.

Just as it has become the leader in the computer industry, Microsoft Corp.'s Windows - NT, CE and 2000 - appears to be developing a dominant position in the access control market.

This movement is fueled in part by the fact that, as the security system has been integrated more closely into the business enterprise, the information technology (IT) department has increasingly demanded that security work more closely with other divisions.

"Open architecture is a very loose term for Microsoft's marketing. It's a buzz-word," says Mark Castillo, the IT specialist with the Orange County Sanitation District who recently finished upgrading a new Casi-Rusco system that operates on Unix. "Because there are a lot of Windows NT networks out there, the security arena is starting to go that route. Even if it's a marketing or sales ploy, it does work."

"The information that you put into an HR database is often the same that you would put into the security system database," said Steve Cannellos, general manager of Sensormatic's Access Control Division, Lexington, Mass. "You improve the quality and consistency throughout the enterprise because you're entering the data in one place. You also reduce cost because you're only entering it in one place, and that data is available globally very fast."

The drive to integrate access control with other operations has called for a system that operates with - and integrates easily into - the same standards as other departments. In most cases that standard has been Windows NT.

Many manufacturers have positioned themselves for open architecture using Windows NT platforms, according to Lockwood Greene Engineers' Tom Seiver, who has worked with several Fortune 500 companies in developing access control systems. "Everyone is migrating that way," he says.

An increasing number of security company Web sites tout the fact that they are Microsoft Solution Providers or brandish the BackOffice logo.

"Microsoft sets standards for people to follow which ensure interoperability and compatibility," says Zivney. "It means you can gracefully co-reside with other systems on that same network."

While other operating systems and communications protocols are also playing a role in the brave new world of access control, many see Microsoft as continuing to be a dominant force.

"Whatever Microsoft does, we will do," says Michael Gearhart, a project manager for Lockwood Greene Engineers.

Windows has been adopted not because it represents the best that might be available, but because it has the largest market share - as much as 90 percent of the consumer PC market and nearly 50 percent of corporate networks. Just as Apple lost the personal computer race to Microsoft years ago and has been largely relegated to the niche markets of education and high-end graphic designers, other competing systems are doomed to the same fate, if industry observers are right.

"Microsoft is already the standard," Zivney agrees. "We still try to support some Unix systems. You can debate whether NT is better than Unix. It's like debating whether VHS or Beta is better for home video. Beta was technically better, but VHS won the marketing battle. That's what is happening here."

While there are products based on different operating systems, many observers do not see them as serious competition. Whether recent developments in the U.S. Justice Department's anti-trust suit against Microsoft will have any effect on the software giant's market dominance is an open question.

Regardless of who the major players ultimately become, security and access control will continue to follow the computer industry for the purpose of self-preservation. "If it doesn't, then the computer industry will come in and new players will take over," says Bryant.

Open standards are a natural process Security system evolution has clearly mirrored other technology-driven markets in its move toward openness. That openness has, to a large extent, been fostered by developments in the power and openness of computers and the natural evolution that every industry and marketplace goes through.

Larsen notes that access control is "a spill-over industry because a lot of the technology we see is not developed within the industry." In particular, microcomputers and microprocessors have transformed the way security systems are built and operated.

In the early days, each manufacturer constructed an entire system from the ground up - including the computer - and fit everything into a tight proprietary box. Just like those thousand dollar coffee pots built for the military, each item was expensive because there was no "economy of scale."

Eventually companies came along that said, "we just want to solve this one problem. We don't want to build the whole system. We just want to build this horizontal element which we will in turn sell across manufacturers," says Larsen.

What's an enduser to do? What does an enduser need to know to move toward open architecture? Just as you can no longer depend on the trusted family doctor to make your health care decisions, a security customer needs a broader knowledge base than he did in the past.

At its simplest level, "open" means that all the parts that make up a security access system - CCTV, field panels, card readers and host computers - all work together. The connections between these disparate elements are like a highway system - it's important to know if everybody is obeying the same traffic laws. Customers must know whether introducing a "foreign" piece of hardware will mean that vehicles won't suddenly start going in a different direction.

To move from a proprietary to a more open system requires a clear idea about what the user wants his system to do and how he wants it to relate to other systems on his network.

Why go to all the trouble? What are the advantages of open architecture? The answer usually comes down to value and a push toward interoperability fueled by involvement of IT departments in security system decisions.

"We find that the security directors aren't making all the decisions anymore," remarks Zivney. "The CIO and the network guys are getting much more involved in the buying decision. So they're not just dealing at the card and reader level, but at the PC and LAN level as well."

Moving to a more open environment obviously presents its own set of problems, but also promises new opportunities as well. In the computer and other industries, open standards have driven down price and increased quality as the competitive environment has heated up.

It gives users more choices and greater flexibility. Instead of buying only from a proprietary vendor, customers can choose from different components and different platforms to meet their individual needs.

However, it doesn't mean that users will be building their own systems. "The customer still has to see a seamless product," says Larsen. "That's one role someone has to play in providing that presentation so that the customer sees one solution."

What you need to know about your security system So what knowledge does a customer need to possess in order to be an intelligent security consumer?

"You must have an open database to be really open," Seiver asserts. "I don't know that they're all providing that. It's something you have to dig out as you start reading the literature. In advertising, they all say they're open, but they don't say what that means."

An "open database" allows the user to create a link between the software and the controllers.

"The truly open components can talk to anything as long as it's an industry standard kind of thing, much as the card readers have gotten to be over the years," Seiver continues. "You can use anyone's card reader as long as it has the right output."

In addition, you must be able to access your company's information out of various databases and applications and make use of it whether through an open or proprietary system.

"As long as you have a way to leverage the information, it may not be all that bad that it's proprietary," says Cannellos. "I caution people that open architecture may not give the results or the performance they want. You have to look at what the overall application needs are and what the customer is trying to accomplish."

Customers should also consider what level of support they could receive from their supplier.

"There are a lot of other companies in this industry that have come and gone," observes Cannellos. "A newcomer may come in touting an open architecture, but they might not be around next year to support it."

The system must also be scalable to the needs of the organization. As the company grows, the system should be able to grow along with it.

"Do you have the ability in your controller or interface equipment to support most of the readers out there?" asks Zivney. "Are you limited to a 26 bit or can you do a whole lot more? A lot of the new technologies are coming out and people are dealing with larger systems."

In addition, each system should allow for the incorporation of more advanced technology, such as smart cards and biometric readers as they become available.

"You need to ask 'can it support multiple technologies?'" says Zivney.

How secure is the open approach? The security of the system itself is also a prime concern for users. Some in the industry allege that a more open system translates into a more vulnerable one.

"I wouldn't go to open architecture right now, because it's very loose and the security on it is too open," says Castillo. "But the future, for people like myself who are buying, looks very good. As NT continues to develop and closes its security loops, it's something that I can plug into my system two to five years from now."

You can find others who say security can only be found in a proprietary system. Partisans of "open" counter that even those systems can be reverse-engineered. And once breached, the system architecture must be changed in order to be secure again. Open architecture systems can also provide security through multiple layers of authentication - an approach that has made the growth of e-commerce possible.

"There are a number of different levels of authentication - such as data encryption - that are based on both public and private keys," says Larsen. "If a breach is found, it's not a matter of changing all these protocols. You simply change the keys."

According to Temidis, encrypting the database itself could provide a bulwark against hacking. "They certainly could encrypt their databases and easily communicate while locking everybody else out," he explained. "That's doable and I think e-commerce is the model."

Pushing for open architecture Another model of openness can be found in the building automation industry. In the mid-1970s, that industry took a major step toward open systems through its SPC 135 committee, which developed the Building Automation and Control Network (BACnet) protocols. A true non-proprietary open communications standard, it laid out in some detail how data was to be shared and interpreted among system components.

Where will such a push come from for true open architecture in the security industry? Perhaps it will be a combined effort from endusers coupled with a bold move by a manufacturer.

"I've had the opportunity to speak to the Security Industry Association a couple of times," Temidis notes. "Anytime I can get the ear of the manufacturers, I tell them we really want to move toward open architecture."

In addition, a move by a "player you haven't heard of before" could lead the industry toward openness, says Bryant.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue