A Vision for Effective Application of Technology

I.T. brickwall

Common Technology Oversights

In my experience, there are three very common discoveries when I reach out to new potential partners:

  1. A lack of awareness that their existing systems have much more potential functionality than they currently utilize.
  2. A realization they have invested too much money in related systems that have no potential to work together.
  3. Disappointment when I point out they have no VISION for leveraging technology to improve efficiency and mitigate risk, no DESIGN STANDARD to drive future system selection and no ROAD MAP to prioritize investment.

Mission

As a consultant, I find it is important initial meetings are positive. Highlighting these oversights may be a painful experience, if the discussion is mishandled. It is critical to help an end-user’s team become excited about the future of these systems, after concerns have been addressed… I have a PASSION for applied technology. I attempt to ensure everyone around me knows that excitement. Applying technology to resolve challenges and improve operational efficiency is challenging AND very rewarding. As design professionals, we lower costs, improve profits and mitigate risk and liability. A value message that should be conveyed with every interaction. I particularly enjoy that last meeting on every project when we review results, discuss what has been achieved and adjust that road map (discussed above) to check items off the list.

Achieving the Mission

It would be impossible to share the entire discussion here, so let’s review a few important elements that will exemplify the mindset discussed above:

Professional Services Model

What should be the expectation when working with a technology vendor? I dislike the idea that a vendor’s only role is to sell and install systems/equipment. Automated solutions are complex and require years of training and experience to fully understand applications. These companies should be “partners”, not just “contractors”.

Partnering

What does it mean to be a partner? Simply put: a partner adds value to the relationship. Too many fail to realize – the advantages to leveraging automation can be far greater than the initial investment to deploy systems.

What are Professional Services?

Your technology partner should be performing the following functions:

  • Optimizing existing systems.
  • Discovering an organization’s “pain-points” and recommending features and benefits of existing and new solutions to eliminate them.
  • Learning an organization well enough to recommend solutions to improve operational efficiency.
  • Education regarding new products and technologies.
  • Assistance with developing a 3-5 year road map and future-proofing investment in technology.

A quick word of advice – if you are working with a technology company that is not capable of this kind of relationship, find one that is.

Examples of Professional Services

Database Data Exchange (DDE)

When I bring up this topic, some folks become suspicious. Database programmers are very expensive. That level of expertise and integration is unnecessary here. I am referring to “interfaces”, NOT integration. Interfaces can utilize SQL Queries and Active Directory Service Interfaces to share data. These tools are application agnostic and do NOT require an integration to be deployed. It is a best practice to ensure platforms are SQL and LDAP (AD protocol) compliant. What is the benefit of exchanging data across databases?

Simple Example – University / K-12 users all have Student Enrollment, HR, Transactional (POS), Network and Physical Security user databases which require data entry. The user database from one software platform can be selected and maintained as a source to keep the others updated. An Interface can be written to share changes (deletions/additions) at the end of every school day to eliminate data entry in the four other systems, thereby eliminating daily administrative functions involved with user record maintenance.

Advanced Example – Still using the previous example… how about expanding the information in each user record to include: security hierarchy, area of study, extra-curricular activities, etc. This information could be used to update situational permissions, privileges and building access rights, thus eliminating additional administrative functions.

Application Programming Interface (API)

API creates integrated functionality across related systems. Automating – not data exchange this time – but logic that can be used to manage “if-then” functionality for signaling devices and software, or in the most complicated scenarios – offering complex event recognition and other similar functions. This can be expensive and difficult to accomplish when customized across systems, but my suggestion here is: let others do if for you – FOR FREE!

Simple Example – Card access software has the ability to trigger other systems when an individual enters a space. This capability can be leveraged to offer numerous advantages with related systems:

  • Security Authorization: Trigger a video surveillance camera to authenticate identity and add a date and time stamp to recorded video.
  • Energy Savings: Trigger lighting control or HVAC VFD’s in individual areas to save energy.
  • Risk & Liability Management: Synchronize audio with a video feed to monitor high-risk areas.

Advanced Example – This can get in the weeds fast, but let’s look at a few rough ideas. Here is one feature type: activity recognition across systems. Here is another: shared functionality between cloud, desktop and mobile interfaces.

How Can This Be Free?

Please read through this section more than once and incorporate into your Organizational Design Standards. Engage an integrator (partner), or consultant to research strategically aligned manufacturing partners who have already written an API across their platforms. It is that simple. Engage a quality integrator that is able to leverage this capability and you have immediately future-proofed your technology investment.

Example – Here is the setup: A multi-building campus has extensive intrusion detection (IDS) with card access (ACS) and video surveillance (VMS) systems. The campus utilizes at least a few on-site security guard personnel. The three systems have previously written API(‘s) (integration) across to the other platforms. Alarm maps have been uploaded to either the ACS, or VMS. An alarm event posts in the event log triggering a text to a guard. A guard responds by opening an app on their smart phone that shows the alarm map to pin-point the location of the security event and immediately dispatches. Enroute, the guard triggers a Macro which uses inter-operability features to pull the four real-time camera feeds closest the alarm location into a split-screen on his phone, then verifies recent ACS events. This scenario improves guard response time and preparedness and allows fewer personnel to cover the same area.

Not the Future, Now!

I hope I have been successful in describing the potential functionalities that can be achieved with this approach. This capability is here now.  Why not put this on your Technology Road Map, or begin suggesting this approach to your clients today?

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

Advertisements
Posted in Integration, Physical Security, Technology | Tagged , , , , , , , , , , , | 1 Comment

2015 Bicsi Fall Conference – A Security Vendor Perspective

Bicsi

As a Biz Dev Manager in the physical security technology space, Bicsi members are an important emerging channel. This year the trade show was particularly productive.

This was a well-attended conference, with a particularly good showing from technology consultants and system designers. I always enjoy this trade show, because the topics of discussion lean toward emerging technologies. Since my employer is well-known for introducing new products every year and skirting the boundary of leading edge solutions, this trade show is an excellent forum for our message.

Competing Channels

I am seeing the Technology / Structured Cabling / IP Network space taking market share from traditional physical security channels. The end-user value messages of integrated functionality and database data exchange is leveraging the convenience and operational cost savings components offered by the industry. Manufacturer’s sales and marketing teams will soon sit-up and take notice. Threat, risk and physical security response planning is becoming a separate area of expertise and in the near future – every project will require both a technology AND physical security specialist to complete the design.

IP Edge Architecture (IoT)

Low cost, extremely high bandwidth solutions are being introduced that will accelerate the explosion of “Internet of Things” (IoT) type devices. In the security systems space, that will mean more network “Edge Intelligence” system design.

  • First: Passive Optical Network (PON) and Passive Optical LAN (POL) solutions (in lieu of copper) are bringing a virtual unlimited data pipe almost directly to the device, while at the same time lowering cabling cost.
  • Second: The low-voltage power distribution bottleneck is being resolved. Ultra-PoE power solutions may reach up to 100W of power per port and composite cable options (combination Cat 6/Fiber) are resolving the conductor issue. The life-cycle cost savings associated with managed PoE power distribution will more than pay for the minimal additional infrastructure cost. The advantage of this solution is easily recognized by the most unsophisticated end-user and it doesn’t require a crystal ball to see where new building construction design will be headed.

I spoke to almost 60 technology consultants and contractors at this conference, all wanting to have a discussion regarding the convergence of network infrastructure and automated systems design. Many of those in the industry with their RCDD certification seem to be uniquely suited to bridging that gap.

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

Posted in Physical Security, Power Distribution, Technology | Tagged , , , , , , , , , , , | Leave a comment

2015 ASIS Global Conference Review

asis-logo

The weekend recovery begins, after a long (but productive) ASIS focused week… This year I spent time walking the trade show floor and thinking about larger physical security industry issues and how the ASIS Conference is positioned.

End-User Focused Event

There is no mistaking the ASIS Conference End-User focus. ISC West, the other big trade conference in the industry, is quite different and very much a Distributor / Dealer event. The difference was highlighted for me this year. The trade show floor traffic was light, but it was still a productive event. With less booth traffic, the other activities were amplified. It helped me emphasize End-User meetings, reinforce strategic relationships and focus on their feedback. Even the consultant and dealer meetings were specific to End-User needs. It was a good lesson. As a Biz Dev Manager, broader marketing efforts can be a distraction and cause you to take your eye off the ball…

Observations from the 2015 ASIS Conference 

Missing Technology

The technology highlights were as expected: 4K & 8K video and broadening the spectrum of IP enabled equipment. The take-away was more about what was missing, than what was showing: Fiber, Fiber, Fiber… where were the PON and POL solutions? Data and power infrastructure technology is changing. Where were the PoE power distribution solutions to the edge? Changing infrastructure technology is making security systems less expensive to deploy for new construction in particular. This is an important developing trend and I was hoping to see it better represented.

Network Infrastructure and Security

In speaking with End-Users, many of the training classes were focused on Cyber Security. The writing is on the wall… technology is forcing the convergence of Physical and Logical Security. I heard more than one Security Director talk about CIO’s requiring all data transmission within security systems (wireless AND hard-wired) be encrypted. Moving into the future, it will be important to understand HID’s SEOS technology and OSDP protocol. I. T. Directors may not be making the actual physical security decisions, but they will be the MAJOR influencer in solution selection. It is imperative (as security professionals) we become comfortable with LAN / WAN (and Cloud) discussions and how to use security solutions leveraging the network for data and power transmission. This skill-set is needed NOW, not in some distant future. Training / Education in the physical security space covering associated data infrastructure and logical security will be a key differentiator for security integrators as we move into the future.

Long Range Wireless

Long-range wireless data has been all about microwave. This is an expensive solution with proprietary data protocols. If your company has applications for this technology, get familiar with directional WiFi. One of the manufacturers (Ubiquiti Networks) was showing at ASIS (in a back corner). Think under $500 for up to 1000′, with the capability of up to one mile (line of sight). Don’t hold me to these numbers, but this is what I was told. Think open IEEE 802.11 data protocol too! This doesn’t resolve the need for hard-wired power distribution, but at least for data, underground conduit to the perimeter at commercial sites can be eliminated. Perhaps this is not the solution for critical infrastructure projects, but how much of the perimeter security market is comprised of these kind of projects?

Integrations and Database Data Exchange

Finally, I know this is my personal impatience… but can’t the industry move a little faster making system inter-operability and database data exchange simpler? This is what end-users want! The mistaken idea that offering this functionality will dilute a captive installed base is ridiculous. These features will only drive more revenue and grow the over-all automated solutions market. There is demand for Intrusion Alarm, Video Surveillance, Card Access, Lighting Controls, Intercom, Visitor Management, Asset Tracking systems (naming a few) to share data and drive intelligence across platforms. We need more strategic corporate partnerships between companies developing related systems technologies.

Industry Discussion

If there are industry professionals interested in discussing these ideas, please feel free to reach out. The more we discuss these trends, the better chance of speedier adoption. I think the trade organizations (ASIS, Bicsi, ISC2, SIA, etc.) are the obvious choice as forums for the discussion.

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

 

Posted in Physical Security, Power Distribution, Technology | Tagged , , , , , , , , , | Leave a comment

Secure Data and Identity Management Solutions

Target Cartoon

As automated building systems become more dependent on shared network infrastructure, I.T. (Information Technology) Directors and CISO’s (Chief Information Security Officers) are beginning to realize these systems are adding significant vulnerabilities and risks to their network and sharing this realization with other corporate executives. This seems to be driving two very interesting emerging trends:

  • I see more Security Budgets moving away from Enforcement and Facility Operations and becoming funded by Technology Budgets.
  • Technology Budgets are moving under management of CISO and CIO executives.

What Has Changed?

What seems to be driving these changes? In talking with I.T. contacts, there appears to be growing concern regarding network data vulnerabilities in the private sector. For many large companies, successful network attacks can cost the equivalent of years of operational budgets. We don’t hear about this kind of activity for obvious reasons – the idea of at-risk sensitive data is toxic to employees / partners / customers.

The importance and influence of Data Security roles is growing. They are being viewed as critical positions and being asked to oversee and even manage technology functions within companies. So an interesting question might be: Why are more organizations seeing a correlation between cybersecurity and physical security design and operations? Today, this question hits closer to home than you might think…

Network addressable equipment of ANY kind is at risk, especially when the equipment can be physically accessed by a third-party. Think IP Surveillance Cameras and IP Card Access Controllers…

Scenario #1 – DDoS Attacks

See Computer World article authored by Lucian Constantin at this link:

Attackers hijack CCTV cameras to launch DDoS attacks

DDoS attacks overload and bring down large networks by adding more traffic than the network can support. No hacking of security passwords and such, just network failure due to moving massive amounts of data. In this piece, the author emphasizes that in 2013 a researcher was able to successfully launch a DDoS botnet attack hijacking 420,000 IoT (Internet of Things) devices, including thousands of IP Addressable Security Cameras. I am sure very few physical security professionals have considered designing a video surveillance system around defending against that kind of attack! Many strategies can help, such as: address filtering, traffic monitoring apps, restrictive network permissions, etc.

Scenario #2 – Data & Digital Identity Vulnerabilities

Encryption

As I noted in a previous post (link: Physical and Logical Security Convergence), Access Control and Intrusion Systems generally utilize un-encrypted data transmission… even though there are technologies available (see link above) to close that gap and eliminate the vulnerability. Intercepting data from Physical Security Systems can allow individuals to gain access to facilities that house mission critical processes. Eliminating opportunity is a key element in deterrence here.

Identity Authentication

It is possible to utilize certificate based identity authentication in a card access environment today. Formats such as Microprocessor Based Credentials (cards), Edge Controllers and virtual Mobile Credentials can manage encrypted certificate information. See these links: Mobile Keys / SEOS / PoE Locks. These safeguards have the ability to verify the status of certificates (expired/revoked), proof of possession and more. Most physical security professionals think of Identity Management as printing a current photo on an access control badge. Safeguarding identity information on the credential is important, but just as critical is the the security of that data as it moves from the credential to the reader and reader to controller.

Authorized Access

When designing systems with Host-Client architecture these concerns become even greater. Client applications typically can permit full access to the server core. Safeguarding identity information and verifying authenticity is critical, before allowing administrator access to your core via a client connection.

The obvious safeguard is often overlooked. Today, IP Cameras and IP Controllers are intelligent devices with enough processing power on board to be a laptop computer five years ago. These devices frequently offer password protected access features and NO, default passwords are not acceptable.

Every layer in system design usually has at least a few built-in data safeguards. In physical security, we are so focused on physical unauthorized access and intrusion events, we forget that the security systems themselves must be designed with Cybersecurity in mind (defend data). Commissioning of security systems just took on a whole new level of importance in the deployment process. Consider adding a line item to your project Gantt Chart for commissioning of data security safeguards. You will make a CISO somewhere very happy!

Scenario #3 – 3rd Party Access to Switches and Servers

Does your company house a blade rack containing servers and switches in an electrical, telco, or I.T. closet (IDF Room) OUTSIDE your data center? Are 3rd party contractors permitted to physically access these spaces? How is the rack secured? With some $15 cam lock that can be broken with a screwdriver? There is a fantastic new product that can add a card reader directly to blade racks to manage access, provide alarm signaling AND audit trail. See this link: Server Rack Card Reader Lock.

Douglas Levin is a consultant employed by ASSA ABLOY, Inc. Please contact him on LinkedIn for more information on this topic.

Posted in Cybersecurity, Physical Security, Technology | Tagged , , , , , , , , , , | Leave a comment

PoE Power Distribution – The Future for Effective Building Automation

midspan

Having met with many factory representatives this past year whose companies are developing this technology, in my opinion it is time to start talking seriously about broadening the use of PoE in system design. The current IEEE 802.3af PoE (Power over Ethernet) standard was just the first “shot across the bow” in network power distribution and it’s 15W (~1A@12V) per port limitation is just not robust enough to support most equipment – utilizing only one twisted pair for power and 3 pair for data. That is about to change…

The Technology

For the techies out there, this explains the solution.

Cat 5 cable uses four twisted pairs for data and was commonly used for 100MB/s bandwidth network applications. Cat 6 represents a significant upgrade with larger diameter copper conductors capable of supporting 1oGB/s bandwidth and a bit more wattage (or amps), inspiring the proposed IEEE 802.3at (PoE+) standard (compliant equipment is available today) offering 30W (~2A@12V) per port. A good start, but the technology that will change low-voltage system design is the coming new IEEE 802.3 4-Pair standard being researched. For the non-electrical engineers out there like me, think – the similar technology utilizing electrical outlets for home networks: four twisted copper pairs sharing data and power transmission! Early talk is projecting 60W (~4A@12V) per port! Imagine the equipment that could be powered by a 1000W mid-span at 60W per port!

Electrical Contractors Losing Relevance Inside the Building?

I posted a previous article on “Disruptive Technologies” and this is a prime example. Could the electrical trade become limited to high-voltage power distribution only in the future? If you were a network contractor / security contractor / A/V contractor (etc.) – why would you design with conventional power distribution? PoE requires no special licensing and eliminates another subcontractor requiring supervision. If you are a building owner/manager, can you recognize the advantages to having an I.T. Support Group managing the power distribution for automated building systems? Companies are making such large investments in technology todayand hiring VERY highly trained and educated professionals to support and deploy it. Isn’t there a value message for having these specialists support and manage the power grid feeding these systems too?

Something Truly SPECIAL with PoE Power Distribution

So, what else does PoE bring to the table to enhance its value? Simple, easy optimization and supervision! Sustainable building design has become the de-facto standard for best practices in the construction industry. Lowering power consumption and simplifying infrastructure are KEY tenets of this design approach. Network capable, IP Addressable power distribution devices offer simple ways to auto-negotiate voltage and power loads, enabling proper voltage distribution and limiting power use to only what is consumed at the edge during operation. A traditional 6A low-voltage power supply connects a transformer to the grid and continuously pulls at least 50W of power. The definition of inefficient power design… In addition, intelligent power distribution offers the ability to use PoE systems for life-safety applications too. I know many fire marshals are looking at this technology closely. The security industry has developed a standard for this solution: UL294b. Other building automation industries should be following suit. This is the future…

Does Your Organization Have a Technology Road Map?

Technology has an effective window, similar to the vegetables in your fridge. Not a few days, but certainly a 5-10 year time-frame. If your company is not planning for these changes now, current budgets are certainly being spent investing in technologies likely to become obsolete in the near future and preventing access to system options that will be main-stream features/functions needed in the foreseeable future.

Douglas Levin is a consultant working for ASSA ABLOY, Inc. Please reach out to him on LinkedIn, if you would like more information regarding this discussion.

Posted in Physical Security, Power Distribution, Technology | Tagged , , , , , | Leave a comment

ASU Unveils Cybersecurity Program

ASU

I spent several hours at ASU SkySong in Tempe, AZ with Jim Cook a couple of weeks ago discussing the broader road map for the data security space. Jim has an interesting job title: ASU Director of Business Development for the Office of Knowledge, Enterprise, and Economic Development. I didn’t know such an office existed at ASU… I was very impressed with his personal insight into the area of data technology and security AND with the university’s foresight to recognize the need for education in this area of specialty. The leadership demonstrated by ASU here will provide economic benefits for the entire Metropolitan Phoenix area. Here is a brief overview…

Facility under Construction

ASU has decided to start a program centered around cyber security. A building is currently under construction with classrooms, offices and a functional data center mock-up that will house the program. I was brought into discussions regarding the physical security design on this project by Jim and a colleague Laura Ploughe (Director of Business Applications and Fiscal Control). More than other types of facilities, Data Centers demand a collaboration between Logical and Physical Security professionals. CPP’s work along side CISSP’s to ensure the security of critical data storage and processing environments.

Goals

The intent of this program is to educate future network and data center managers and incubate the development of related new technologies and associated start-ups. The vision is to develop an industry leadership role at the forefront of new trends and leading-edge technologies. This is an exciting idea long over-due for an area like ours, with a strong technology footprint.

Technology

ASU has an interest in demonstrating the future direction of data technologies. Our discussion encompassed broad swathes of the I.T. / I.S. space: PON (passive optical network), POL (passive optical LAN), Wireless Data, Encryption, Identity Management, System Integration and much more. We explored physical security ideas like: convenience vs. effectiveness, complexity vs. user-friendliness, aesthetic concerns, limiting intrusion on the work environment, future-proofing technology investment, etc. The time really flew, as we got lost in our shared enthusiasm for the topic…

Business Alliances

The facility will not be ready until later next year, but ASU is interested in developing national and local business alliances and strategic partnerships now to provide a real-world understanding of industry trends, challenges, needs… These relationships will also provide a conduit for placing interns and a base of potential employers looking to hire these special ASU graduates. From my perspective, this could easily turn into the local “think tank” developing the new talent that will influence the future of the industry in our area.

If you find yourself reading this post and would like to explore what ASU has to offer your company in this regard, I would be happy to try and make the connection. This was published on my personal blog with the permission of Jim Cook.

Posted in Physical Security, Technology | Tagged , , , , , | Leave a comment

Convergence of Physical and Information Security

Convergence

As mentioned in previous posts, all data paths eventually converge via LAN/WAN… so how will physical security evolve to accommodate this reality?

Technology has one and ONLY ONE purpose in the physical security space: improving the effectiveness and/or efficiency of the response. Whether your security response plan is centered around an active, or forensic approach, the technology investment provides ROI only when it improves the delay, deterrance, or prosecutorial effectiveness of the security plan.

That is the current formal approach, but it overlooks an important vulnerability… the system integrity itself!

Devil’s Advocate

Are you aware that the transmission of user data from the card to the reader on 90+% of the non-federal card access applications today is not secure? Proximity, iClass and MiFare card formats (most common today) offer little to no data security when read by a typical wall reader. Identity information is easy to intercept and  easy to use to defeat systems. Let’s take this thinking one step further. Are you aware that Wiegand Data – the dominant card reader data protocol in the security industry today – is a completely un-encrypted format?

What is the Importance?

This requires an understanding of the paradigm-shift that is happening in the industry as we speak. When you logon to your corporate network, most likely your identity is being verified through certificate-based authentication and that communication is fully encrypted via an AES protocol. That would be the case over both wireless AND hard-wire. Now, think Physical Protection Systems… five years ago, would I have ever thought that encrypted data would be required over hard-wire? Today, we have a new C-Suite member who is responsible for this question and Data Security in general: The Chief Information Security Officer. Why another expensive position on the executive team? How many companies have had their data networks attacked recently? How many hacks have been successful? How many dollars can be saved, if advance planning can prevent just one of these attacks? Justification enough…

CISO – CIO – CSO

The CISO is defining corporate data security protocols. Who implements them? Whether I.T. is handled by a CIO, or an I.T. Director and whether physical security is handled by a CSO, or Security Director is irrelevant. Would you want to be responsible for a system that has been identified as highly vulnerable? So, where do these people go for help? Vendor partners providing data security solutions!

Data Solutions in Physical Security Systems

If you are a security consultant, or a security sales engineer… take heed, your future success will depend on familiarity with Data Solutions. Data Security is fast becoming the differentiator that is adding the value sophisticated end-users want. Most of the industry challenges come from the edge of the system. Here are a few emerging technologies that are critical to resolving vulnerabilities  in this area:

Identity Management

HID has developed a new physical security credential format, capable of managing digital identities securely – with both a physical and virtual method of delivery to the card reader. This technology has been branded: SEOS. Every security consultant and dealer needs to know this product. It is by far the best method for protecting identity data and moving it to the card reader. This technology in conjunction with BLE & NFC will change credential technology forever. This is not the best forum for a detailed discussion of the functionality. Suffice it to say, google this HID product and start learning what it can do now.

Data Encryption

There is an open format serial data protocol (OSDP) that has been around for some time, just waiting for a reason to exist. OSDP is a two-way serial protocol intended to be used between controllers and readers. This protocol requires an RS485 compliant five conductor. Besides offering an encrypted solution, it ends the one reader to one port wiring limitation of Wiegand Data. I highly suggest discussing OSDP with your security system manufacturer and planning to change to OSDP capable wall readers right now. HID offers several models. OSDP is coming soon to a theater near you!

The third technology provides a data solution for physical security that requires IP Edge Controller System Architecture. With an IP Addressable Network Appliance offering intelligence at the Edge, 128 bit AES Encryption is possible over the important IEEE 802 protocols: WiFi Wireless and PoE Hard-Wired. Of the two encrypted data options mentioned here, this is a technology that is available today. Consider the Sargent and Corbin-Russwin integrated lock products with IP Edge controllers onboard, or the Mercury and HID Edge solutions above the ceiling.

**Encrypt over hard-wire? You betcha!**

Posted in Physical Security, Technology | Tagged , , , , , , , | Leave a comment

How to be Relevant to I.T. Professionals

Tech Solutions

I.T. Expanding Influence into Related Trades

It really doesn’t matter which technology products/systems you offer today, the end-user approval process will eventually pass through the I.T./I.S. group. While the buying decision is likely to be based on the need and led by the the trade area concerned (lighting, A/V, security, fire, HVAC, etc.), the individuals most likely to bless the system choice are I.T./I.S Directors. I know many of us are more comfortable with the previous sales process that was primarily driven by the Facilities Director, but today all of these decisions are influenced by data infrastructure design and data security.

So, if all paths lead through the LAN/WAN at some point, how do we learn how to engage this new player critical to the decision making in this space? Here are a few suggestions:

– Learn the general certifications and certifying bodies in the data and information space: CISSP (ISC2-network security), RCDD (Bicsi-network design). Become familiar with what they are trained to do. There are many more, but I have found these are the two I run into most frequently. They have continuing education requirements. Try to offer education programs that can support the need.
– Get to know the new C-Suite roles that affect the buying decision for your product:

CISO – Chief Information Security Officer

Didn’t start seeing this position influencing security solutions until a few years ago. Previously, I ran into the CIO (Chief Information Officer) occasionally, but as data networks are hacked more frequently, this role will impact your system design more. Try Googling “DDoS Cyber Attack” some time. It will give you a little chit-chat to fill-in the time. Develop an overview of data encryption technologies and certificate authentication protocols (digital identities) to develop a level of comfort with this role. This role can work hand-in-hand with the CSO (Chief Security Officer) position, or be part of that responsibility. In future posts, I will cover the convergence of  physical and logical (data) security…

CTO – Chief Technology Officer

This role has the long-term budget authorization responsibility. Learn to define these terms and identify how to use them related to your products: “return on investment”, “future-proofing”, “open-architecture”, “inter-operability” and “data exchange”. Leveraging technology spend to improve efficiency and effectiveness in systems and the workforce is this role’s key focus. Although, the area of their responsibility that can affect sales in the technology space most – is systems life-cycle planning. Be prepared to engage regarding product / technology obsolescence, protecting investment and developing system road maps.

Solutions Selling

Let’s move on to the most important element of this discussion. Technology sales has changed dramatically in the last decade. The sizable cost of new technology purchases today demands that sales professionals focus on uncovering the driving need. You simply must be comfortable with the solutions sales approach. A decade ago effective account management alone could develop a significant base of business. Today, we have moved past the idea of simply adding value to the process. The “Grail” is a two-pronged approach: 1) understand the user’s pain-points well enough to match product/system benefits with meeting needs, or 2) work together to identify solutions to provide additional efficiency improvements, or cost savings.

Automation is only effective when the technology produces results. If you can become comfortable with selling solutions, you will be embraced by the I.T./I.S. space. That reputation will grow and it will bring business to your doorstep!

Posted in Physical Security, Technology | Tagged , , , , , , | Leave a comment