Making The Connections

Jun 1, 2005 12:00 PM, By James Gompers

Recently, the CIO of a major corporation wondered aloud how he was supposed to achieve a highly integrated security solution when he was observing no open migration between unlike systems and little interoperability among vendors. In short, he asked: “What's up with the security industry?” Good question — because truly integrated solutions should involve standards and guidelines that are often lacking is our industry.

Looking for a better way

The problem is not that there is no interoperability or migration. There are several vendors who have integration partners and share Software Development Kits (SDK) and source codes in order to provide integrated solutions. But what happens if an end-user already has an established digital recording system in the security program and wants to upgrade the access control to benefit from an integrated security management system (ISMS)? In this case, the user is locked into the access control partners that integrate to the existing digital video recording system — unless that system is replaced as well. Such limitations can stifle a security upgrade. Furthermore, with more IT/IS involvement in security projects, there is increasingly less tolerance for closed, proprietary platforms.

When looking to integrated, converged solutions for security programs, another challenge is selecting qualified security dealers or integrators. What tools or certifications exist to facilitate selecting the right integrator for a project? The lack of common standards in both cases continues to make it difficult for end-users to fully realize the benefits of many of the advances occurring in security today.

Current tools and protocols

Let's take a look at what standard protocols and tools are currently available.

TCP/IP

Starting with communications, the security industry has moved to and standardized on the network communications standard TCP/IP or Ethernet for connectivity. This has been a huge step forward in the security industry by enabling users to share features, functionality and interoperability among unlike systems, thus making it possible to enjoy the benefits and cost efficiencies offered by an integrated security management system platform. It is now possible through one graphical user interface to have access control, information security, CCTV, intrusion, building automation and control, asset management, emergency communications, fire alarms and many other applications an users' fingertips. Unfortunately, the user is still limited to the security system provider's technology. Users do not have the freedom to choose the product, solution or provider, but the industry is slowly migrating in that direction.

Another benefit of using TCP/IP as a communications standard is the amount of dark fiber (unused fiber strands between data closets) and the surplus of unused or abandoned copper in IT infrastructures — making it cost effective for installation. Finally, access to internal support and resources from the IT/IS staff for network-based activities is another significant benefit.

Software Development Kits (SDK) and APIs

Some vendors “share SDKs,” but what does that mean? An SDK or Software Development Kit provides vendors and solution developers with documentation, source code and the sample code needed to write integration software that allows for interoperability between systems.

SDKs may include the APIs (application programming interfaces) supported by the specific vendor's application.

This tight control over sharing of information is one of the primary reasons that open source code within the security industry is so difficult — vendors do not want to give away their intellectual property. If vendors are totally open, this creates potential vulnerabilities with the systems and solutions that users count on to secure assets. Greater cooperation among the security vendors to integrate the various systems and solutions used in security operations is necessary for users to benefit from advancements in technology and integration. This will not happen anytime soon.

Extensible Markup Language

Extensible Markup Language (XML) has been creating some interest of late. Unlike HTML, in which the meaning of all tags is pre-determined, XML allows vendors to define their own tags. XML is not dependent solely on the application it currently talks to, but instead can create and use services-based requests and functionalities within a solution. For example, if an organization wanted to integrate information security into its physical security plan, it could create a services-based application for identifying a violation in accessing a database or network sector. Passing along this information to the security system could enable a floor plant to pop up and show exactly where this violation is taking place so the user can respond appropriately. Such an example begs the question: Why have physical security departments been so slow to adopt information security into their programs?

Information — particularly proprietary information — is the second most valuable asset an organization possesses — the first is personnel. As time goes on, XML will enable users to gain substantial ground in the effort to integrate both their security operations and integrate information security and organizational operations. Widespread penetration and use of XML could prove to be the single biggest factor in advancing security integration in the next few years. Greater use of XML — especially as potential standard — will lead to more integration and increased benefits to end-users.

Needed: Certifications and resources

By now, it should be clear that the level of IT/IS knowledge needed to effectively implement integrated security applications is large and growing, and it is critical that security dealer/installers have the proper resources to assist end-users with their applications. When selecting an installer/integrator, end-users need to be mindful of the following certifications and resources that integrators should possess. Currently, few of them do.

• The Microsoft Certified Systems Administrator (MCSA) can maintain, optimize, secure and troubleshoot a Windows network. This is a good starting point for technicians and installers to possess when working on integrated security solutions.

• The Microsoft Certified Systems Engineer (MCSE) can design and implement infrastructure solutions based on the Windows platform and Microsoft SQL Server software. A must-have for integrators to effectively enter the converged and integrated security market, this designation should be a minimum requirement for engaging a security integrator in a project.

• The Cisco Certified Network Associate (CCNA) can effectively install, configure, operate and troubleshoot simple routed LAN and WAN networks. This is also a good resource for installers and technicians to have when implementing a converged or integrated solution.

• The Cisco Certified Network Professional (CCNP) can effectively install, configure, operate and troubleshoot complex routed LAN, routed WAN, Switched LAN networks, and Dial Access Services. Security integrators should possess a CCNP when entering the convergence and integrated market space. Creating advanced security networks is sometimes beyond the skill and knowledge of a CCNA, so this resource is invaluable.

To effectively compete in the integration and convergence space, dealers (aspiring to be integrators) should, at a minimum, have MCSE and CCNP certified staff. To better ensure a successful, integrated solution, the end-user needs to perform due diligence on the capabilities and resources of the dealers and integrators being considered.

Organizations such as SIA (Security Industry Association) and NFPA (National Fire Protection Association) are currently undertaking activities focused on certifying individuals in security and integration. End-users, however, could really benefit from an integrator certification stamp of approval to assist in the selection process of qualified convergence and integration providers.

Establishing and advancing standards in security integration and convergence has been a monumental task. In this time of need for standards and compliance, the industry should be looking to the IT/IS world for guidance and examples of success.

Given this reality, it is the responsibility of the end-user to not only perform due diligence on the prospective integrators and vendors, but to also take responsibility to fully understand and articulate what they are trying to accomplish within their security program. Convergence and integration are not just isolated, magic phenomena, they are an ongoing, progressive process to achieve a safe and secure working environment while protecting the organization's physical and information security.

---

ABOUT THE AUTHOR

JAMES GOMPERS is founder and president/CEO of Gompers, Inc., which is made up of Gompers Technologies Design Group (GTD Group), Gompers Technologies Testing and Research Group (GTTR Group) and the Gompers Alliance. The Gompers Alliance pools talent from top consulting firms in the security, communications, and data industries to provide total solution plans and services to clients in North America and around the world. He has more than 20 years of experience in the security industry. Want to share an example of your own integration experience? E-mail questions or comments to him at jim@gompers.com.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue