NT and beyond

Feb 1, 2001 12:00 PM, By Randy Southerland

There was a time when all the company security director had to worry about was checking door locks, monitoring CCTV, and other facets of physical security. Those were the days before the growth of large corporate computer networks and before the need for a security system to be compatible with those networks. Those were the days before Windows NT.

Security directors soon found themselves knee-deep in IT. Even as computer personnel are being drawn into the realm of security, traditional security directors are seeing the need to be far better versed in the language and skills of the IT world.

As corporate networks have come to be dominated by systems such as Microsoft Windows NT (and its successor Windows 2000), there has been increasing demand for security systems that can run on the same platform. Security equipment companies have worked to meet the demand.

Company IT users are increasingly demanding that certain standards be met before equipment can be loaded onto their networks. Systems must be standardized to the platform they're running on, whether it's NT or something else.

“You still see Unix specifications every now and then, but 80 to 85 percent of the specs these days are all requiring NT and that underlying technology,” says Jeff Ross, product marketing manager for enterprise applications at Lenel Systems International. “Over the last five years they've gained tremendous market share.”

If convergence of IT and security is driven by technology, traditional separation of the two can complicate its application in today's world.

Separate or together?

“In our company security and IT are two completely separate organizations that handle both things,” says George Temidis, manager of security systems at computer giant IBM. “There's cooperation, and people work together, but it's not all one shop. It isn't one-stop shopping. That's some of the difficulties that we run into. Down the road maybe we'll get to the point where we'll all be in one, but it still isn't there today.”

As the two disciplines approach convergence, security equipment companies are coming to realize that they have to able to sell their products to managers with a background in logical security as well as in physical security.

“With security systems today being networked and given the different types of technology that can sit on the network, by default, it is bringing IT into the game,” says Ross. “For anything residing on the network, the IT person — in one way or another — will be responsible for the bandwidth and making sure the security system isn't going to do anything to the corporate network.”

The IT manager must plan for these developments and ensure that these components will work with the existing network.

“That's why it's more common now for the salesmen or anyone who's doing access control to talk to the IT personnel,” asserts Mark Castillo, IT specialist with the Orange County (Calif.) Sanitation District. “They have the ultimate decision. I've heard sometimes in the industry that some facility manager out there is working on putting in an access control system, and they put all these specs together on their own, but they don't facilitate the IT side. So when your people come to start installing it, they have equipment out there that the IT people are not going to let them put on (the network).”

Converging at the network level

“The whole network side is bringing the two together,” says Ross. “Actually, going forward, the thing that's bringing them together is the realization that you do have physical security and you do have logical security, but the common denominator is your people. The same employees who are logging onto your network are going through your doors and through restricted areas. Companies want to have a common platform.”

True open architecture allows equipment from different manufacturers to be placed on a single system so they can all operate and communicate. This situation is often seen in the computer world with software from a multitude of manufacturers running on Windows NT. Most security systems, on the other hand, have traditionally been proprietary — products from one company could only be used with that particular company's system. If a security director wanted to switch to something else, he was faced with the prospect of throwing the entire system out and starting anew.

Closer cooperation of physical and logical security is not coming easily. Many in the security industry have been reluctant to become closely intertwined with the IT side.

“I think there's a little bit of intimidation factor there,” says Temidis. “IT has its own language and has its own well-established processes. It's intimidating for some security folks.”

That realization is prompting physical security personnel to better educate themselves in order to acquire the tools they need to function in a world dominated by computer-literate IT staffers.

“If you take an IT person and transplant them into security, there are a lot of pieces missing there,” says Temidis. “People occupying the security director's chair need much more of an IT background, and much more of an IT education. The people who are well versed in IT and its language can understand the concepts and make things happen faster.”

In turn, the security industry is beginning to think differently about its role and its approach to the job. Increasingly, they are starting to recognize the need to meet the technical standards of the IT department. In large part this is a recognition of the fact that as security systems are being introduced into corporate networks, it is the IT side that will have approval rights on whether they ultimately will be attached or not.

“IT people are definitely involved in equipment decisions whether security people like it or not,” said Temidis. “The security industry has been a little bit slow to move in that direction, but they seem to have gotten the message.”

Ross recalls that in years past “we would walk into a room and do a presentation to nine or ten security guys and an IT person might pop in for five minutes and not say much. Today, we walk into the larger projects and it's the opposite. There are five or six IT guys and one or two security guys.”

The IT side is also largely unconcerned with the “bells and whistles” of the system.

“They're concerned with the underlying architecture. Is it an open system?” explains Ross. “Is it a standard database?”

Other options

While some believe that Windows NT will come to dominate the market, others say that high-end security systems tend to run on Unix.

“It's usually a Unix base that is becoming more of an open standard,” says Temidis. “It was always intended to be, but everybody has got their own variation on it. The open standard of the IT world is the direction in which security people are moving.”

He shares the reluctance of some members of the security community who believe that Windows is not the only game in town.

“I think there's a whole lot of interest in Linux right now,” he says. “The bigger systems are still running on Unix.”

The rising popularity of Linux has in turn revitalized interest in Unix.

“Linux really is a version of Unix,” says Temidis. “A move from any of the Unix platforms to Linux is easy and Linux is very hot and growing very fast. It's becoming more popular because of its stability, flexibility, and the ability to secure it.”

Securing Windows NT tends to be more difficult, perhaps because it is so widespread throughout the world, and potential hackers have had more time to develop ways of getting at it.

Windows NT has already captured a large market share. Its products are widely available, easy to install and use, and most of all, they have developed a momentum among users.

For the record

About the author

Randy Southerland is an Atlanta-based writer and regular contributor to iSecurity.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue