As mentioned in previous posts, all data paths eventually converge via LAN/WAN… so how will physical security evolve to accommodate this reality?
Technology has one and ONLY ONE purpose in the physical security space: improving the effectiveness and/or efficiency of the response. Whether your security response plan is centered around an active, or forensic approach, the technology investment provides ROI only when it improves the delay, deterrance, or prosecutorial effectiveness of the security plan.
That is the current formal approach, but it overlooks an important vulnerability… the system integrity itself!
Are you aware that the transmission of user data from the card to the reader on 90+% of the non-federal card access applications today is not secure? Proximity, iClass and MiFare card formats (most common today) offer little to no data security when read by a typical wall reader. Identity information is easy to intercept and easy to use to defeat systems. Let’s take this thinking one step further. Are you aware that Wiegand Data – the dominant card reader data protocol in the security industry today – is a completely un-encrypted format?
What is the Importance?
This requires an understanding of the paradigm-shift that is happening in the industry as we speak. When you logon to your corporate network, most likely your identity is being verified through certificate-based authentication and that communication is fully encrypted via an AES protocol. That would be the case over both wireless AND hard-wire. Now, think Physical Protection Systems… five years ago, would I have ever thought that encrypted data would be required over hard-wire? Today, we have a new C-Suite member who is responsible for this question and Data Security in general: The Chief Information Security Officer. Why another expensive position on the executive team? How many companies have had their data networks attacked recently? How many hacks have been successful? How many dollars can be saved, if advance planning can prevent just one of these attacks? Justification enough…
CISO – CIO – CSO
The CISO is defining corporate data security protocols. Who implements them? Whether I.T. is handled by a CIO, or an I.T. Director and whether physical security is handled by a CSO, or Security Director is irrelevant. Would you want to be responsible for a system that has been identified as highly vulnerable? So, where do these people go for help? Vendor partners providing data security solutions!
Data Solutions in Physical Security Systems
If you are a security consultant, or a security sales engineer… take heed, your future success will depend on familiarity with Data Solutions. Data Security is fast becoming the differentiator that is adding the value sophisticated end-users want. Most of the industry challenges come from the edge of the system. Here are a few emerging technologies that are critical to resolving vulnerabilities in this area:
HID has developed a new physical security credential format, capable of managing digital identities securely – with both a physical and virtual method of delivery to the card reader. This technology has been branded: SEOS. Every security consultant and dealer needs to know this product. It is by far the best method for protecting identity data and moving it to the card reader. This technology in conjunction with BLE & NFC will change credential technology forever. This is not the best forum for a detailed discussion of the functionality. Suffice it to say, google this HID product and start learning what it can do now.
There is an open format serial data protocol (OSDP) that has been around for some time, just waiting for a reason to exist. OSDP is a two-way serial protocol intended to be used between controllers and readers. This protocol requires an RS485 compliant five conductor. Besides offering an encrypted solution, it ends the one reader to one port wiring limitation of Wiegand Data. I highly suggest discussing OSDP with your security system manufacturer and planning to change to OSDP capable wall readers right now. HID offers several models. OSDP is coming soon to a theater near you!
The third technology provides a data solution for physical security that requires IP Edge Controller System Architecture. With an IP Addressable Network Appliance offering intelligence at the Edge, 128 bit AES Encryption is possible over the important IEEE 802 protocols: WiFi Wireless and PoE Hard-Wired. Of the two encrypted data options mentioned here, this is a technology that is available today. Consider the Sargent and Corbin-Russwin integrated lock products with IP Edge controllers onboard, or the Mercury and HID Edge solutions above the ceiling.
**Encrypt over hard-wire? You betcha!**