Differentiating System Integration as a Service

cartoon_strays-in-database

Professional Services Role in Physical Security

I find it interesting to note that most manufacturers in the security industry call their channel partners “Security Integrators”, rather than Security Contractors. It represents a fundamental misunderstanding of system delivery business models. Does this miscalculation represent a hopeful wish to magically transform their dealers into the true Value Added Re-Sellers (VAR’s) needed to improve market share?

In my previous sales and marketing roles,  equipment sales was focused on efficient and effective applications engineering. This was appropriate in the technology landscape of the 90’s and 00’s. The need to move on from this mindset is critical in today’s world. The pervasiveness of IP Data, LAN/WAN, Edge IP Devices, PoE+ Power Distribution, Cloud Computing, Advanced Data Encryption and Certificate-Based Identity Management… have built a framework requiring a “Systems” approach to automation technology. Companies unable to bring a true “integration” focus to their client base will be left behind.

Integrator vs. Contractor

  • What is a Security Contractor? For construction projects, these companies estimate card access, intrusion alarm and video surveillance systems from specifications and bid projects. Upon award, they supply and install equipment, pull and terminate wire  and load software. For retrofits and upgrades, they follow owner’s direction to price and deploy systems strictly within the parameters of their narrow focus.
  • What is a Security Integrator? A company that looks for system installation projects with opportunities to add value through site survey, consulting, designing new, or improving poorly engineered scopes of work. For retrofits and upgrades, they focus on discovery (End-User Needs Assessment) – understanding a prospect’s priorities based on asset values, and operational concerns while helping to evaluate threats, risks, site requirements and performance of existing systems. These activities are essential to addressing vulnerabilities and tailoring solutions.

Company #1

By definition, they use old technology to deploy the same solutions being installed time and again – regardless of whether the square peg fits in the round hole.

Company #2

Discovers a partner’s pain points and customizes solutions to assist in mitigating risk, reducing operating expense and improving efficiency and effectiveness.

Why should we examine these two business models?

Company #2 must employ trained, experienced professionals in sales, design and installation roles. This requires higher operating costs and higher gross profits to fund reinvestment. Here is another example of the typical conflicting business models: lean logistics versus value added service. That is why company #2 can survive only if they deliver real, results based solutions and convey their value proposition effectively to their clients. Part of the Company #2 mission is to seek out new technologies, products and systems that allow them to offer the BEST solutions available to provide measurable results.

Company #1 does not have the skills inventory to be an integrator and will not survive over the long term. The only scenarios where logistics models are successful are when cost control and scalability are leveraged – making them excellent targets for acquisition. There will always be another company out there bigger and more efficient.

Company #2 will foster customer satisfaction and loyalty, generate higher profits and NEVER be caught unaware by industry disrupting technologies.

Defining Professional Services

Assessments

Evaluating: risk, vulnerability, site conditions, system obsolescence, infrastructure

Determining Needs: improving efficiency, effectiveness and cost control, technology and investment planning

Solutions

  • Increasing data bandwidth to support more robust systems
  • Leveraging new technologies to enhance functionality
  • Offering new system capabilities via improved inter-operability from integration of related systems
  • Eliminating administrative overhead via shared data across multiple databases
  • Better client decision making through education and advice
  • Network optimization
  • Providing API’s, DDE and managing identity certificate handling
  • Offering trained certified employee services: PSP, CISSP, DBA, MCSE, etc.

Burglar Alarm (Intrusion Detection) Contractors

This is another often misunderstood channel. Intrusion detection is most often tied to offsite monitoring contracts. This industry is defined by the recurring monthly contract revenue business model embraced by these companies. Burg is a reactive approach to security and is much less expensive than the proactive access control approach. Both have their place in an overall layered security plan… but don’t mistake a burg contractor for an integrator. Top-notch security integrators will be capable of deploying both types of systems *and* offer monitoring services.

Competing, Conflicting Channels

When I assess a metro market – FIRST, I discover and separate the network/structured cabling contractors, security integrators, security contractors, burg contractors and miscellaneous players (i.e. commercial locksmiths). Understanding HOW different channels deliver systems to the market:

  • Understanding the role these different types of companies play in serving the overall market is the key to manufacturers developing an effective go-to-market strategy and finding the best partners for specific technologies to minimize channel conflict

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

Posted in Integration, Physical Security, Technology | Tagged , , , , , , , , , , , , | Leave a comment

Changing Face of Social and Business Media

communication

WordPress, LinkedIn, Facebook, Google+, etc…

These services have begun making subtle changes. What I used to think was a modern marvel and the key to providing open access to ideas and improved communication is becoming something else. I don’t believe there is nefarious intent. It is more the impact of optimizing for mobile data connections and hand-held devices. These and other sites are beginning the move and the result is horrifying.

 

sagan

Changing Interfaces and Platforms

I have noticed many social and business media outlets slowly eliminating enhanced features and streamlining for the upcoming change. The dumbing-down is becoming a natural consequence of the hand-held and wear-ables phenomenon. In the same way most lost the individual skill to write letters when email arrived, quantity of information and access is beginning to replace content. Rich content is too difficult to deliver over the coming technologies. Are our media moguls betting we will accept greater access and connectivity as an alternative? This continuing loss of thoughtful content and movement towards written sound-bytes is frustrating at best. It reminds me of the world recap in 30 minutes on the evening news, or the idea of finding all your current events information on Twitter feeds. Personally, I would rather have one lengthy substantive interaction, than 50 single sentence, meaningless exchanges. Food for thought about the changing state of technology and where it is taking us.

Technology Based Media SOLUTIONS

I make my living applying the latest technologies to real-world challenges and in the process offering improved efficiency, added  functionality, reduced risk, better communication and more data from which better decisions can be made faster. None of this can be accomplished without establishing goals before the work is begun. Social and business media today seem to be operating under the presumption that access and connectivity will be viewed by the public as most important. Any blogger will tell you, it is all about the content when attempting to attract traffic. I have to ask the question: Is the 140 character Twitter limit a teaser to attract you to a link with more content, or are people pulling their content directly from the feed? Before we all decide a computer on a watch is the coolest thing since sliced bread, maybe we should all be thinking about the impact of the move towards tablets, smart phones and watches. How can we ensure that limited mobile data connections and device memory can deliver substantive content, instead of meaningless sound-bytes designed to incite emotional, rather than intellectual response?

Better Technology IS Good

These changes are amazing and represent huge leaps in our ability improve lives, bring knowledge to the world and improve business profitability, but somewhere we must find the vision to direct the APPLICATION of this technology towards net positive gains. Is less thought-provoking, single sentence communication better? Should we strive for a more meaningful exchange of ideas as a worthwhile goal? How do we become more vocal and change this looming trend?

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

Posted in Technology | Tagged , , , , , , , | Leave a comment

A Vision for Effective Application of Technology

I.T. brickwall

Common Technology Oversights

In my experience, there are three very common discoveries when I reach out to new potential partners:

  1. A lack of awareness that their existing systems have much more potential functionality than they currently utilize.
  2. A realization they have invested too much money in related systems that have no potential to work together.
  3. Disappointment when I point out they have no VISION for leveraging technology to improve efficiency and mitigate risk, no DESIGN STANDARD to drive future system selection and no ROAD MAP to prioritize investment.

Mission

As a consultant, I find it is important initial meetings are positive. Highlighting these oversights may be a painful experience, if the discussion is mishandled. It is critical to help an end-user’s team become excited about the future of these systems, after concerns have been addressed… I have a PASSION for applied technology. I attempt to ensure everyone around me knows that excitement. Applying technology to resolve challenges and improve operational efficiency is challenging AND very rewarding. As design professionals, we lower costs, improve profits and mitigate risk and liability. A value message that should be conveyed with every interaction. I particularly enjoy that last meeting on every project when we review results, discuss what has been achieved and adjust that road map (discussed above) to check items off the list.

Achieving the Mission

It would be impossible to share the entire discussion here, so let’s review a few important elements that will exemplify the mindset discussed above:

Professional Services Model

What should be the expectation when working with a technology vendor? I dislike the idea that a vendor’s only role is to sell and install systems/equipment. Automated solutions are complex and require years of training and experience to fully understand applications. These companies should be “partners”, not just “contractors”.

Partnering

What does it mean to be a partner? Simply put: a partner adds value to the relationship. Too many fail to realize – the advantages to leveraging automation can be far greater than the initial investment to deploy systems.

What are Professional Services?

Your technology partner should be performing the following functions:

  • Optimizing existing systems.
  • Discovering an organization’s “pain-points” and recommending features and benefits of existing and new solutions to eliminate them.
  • Learning an organization well enough to recommend solutions to improve operational efficiency.
  • Education regarding new products and technologies.
  • Assistance with developing a 3-5 year road map and future-proofing investment in technology.

A quick word of advice – if you are working with a technology company that is not capable of this kind of relationship, find one that is.

Examples of Professional Services

Database Data Exchange (DDE)

When I bring up this topic, some folks become suspicious. Database programmers are very expensive. That level of expertise and integration is unnecessary here. I am referring to “interfaces”, NOT integration. Interfaces can utilize SQL Queries and Active Directory Service Interfaces to share data. These tools are application agnostic and do NOT require an integration to be deployed. It is a best practice to ensure platforms are SQL and LDAP (AD protocol) compliant. What is the benefit of exchanging data across databases?

Simple Example – University / K-12 users all have Student Enrollment, HR, Transactional (POS), Network and Physical Security user databases which require data entry. The user database from one software platform can be selected and maintained as a source to keep the others updated. An Interface can be written to share changes (deletions/additions) at the end of every school day to eliminate data entry in the four other systems, thereby eliminating daily administrative functions involved with user record maintenance.

Advanced Example – Still using the previous example… how about expanding the information in each user record to include: security hierarchy, area of study, extra-curricular activities, etc. This information could be used to update situational permissions, privileges and building access rights, thus eliminating additional administrative functions.

Application Programming Interface (API)

API creates integrated functionality across related systems. Automating – not data exchange this time – but logic that can be used to manage “if-then” functionality for signaling devices and software, or in the most complicated scenarios – offering complex event recognition and other similar functions. This can be expensive and difficult to accomplish when customized across systems, but my suggestion here is: let others do if for you – FOR FREE!

Simple Example – Card access software has the ability to trigger other systems when an individual enters a space. This capability can be leveraged to offer numerous advantages with related systems:

  • Security Authorization: Trigger a video surveillance camera to authenticate identity and add a date and time stamp to recorded video.
  • Energy Savings: Trigger lighting control or HVAC VFD’s in individual areas to save energy.
  • Risk & Liability Management: Synchronize audio with a video feed to monitor high-risk areas.

Advanced Example – This can get in the weeds fast, but let’s look at a few rough ideas. Here is one feature type: activity recognition across systems. Here is another: shared functionality between cloud, desktop and mobile interfaces.

How Can This Be Free?

Please read through this section more than once and incorporate into your Organizational Design Standards. Engage an integrator (partner), or consultant to research strategically aligned manufacturing partners who have already written an API across their platforms. It is that simple. Engage a quality integrator that is able to leverage this capability and you have immediately future-proofed your technology investment.

Example – Here is the setup: A multi-building campus has extensive intrusion detection (IDS) with card access (ACS) and video surveillance (VMS) systems. The campus utilizes at least a few on-site security guard personnel. The three systems have previously written API(‘s) (integration) across to the other platforms. Alarm maps have been uploaded to either the ACS, or VMS. An alarm event posts in the event log triggering a text to a guard. A guard responds by opening an app on their smart phone that shows the alarm map to pin-point the location of the security event and immediately dispatches. Enroute, the guard triggers a Macro which uses inter-operability features to pull the four real-time camera feeds closest the alarm location into a split-screen on his phone, then verifies recent ACS events. This scenario improves guard response time and preparedness and allows fewer personnel to cover the same area.

Not the Future, Now!

I hope I have been successful in describing the potential functionalities that can be achieved with this approach. This capability is here now.  Why not put this on your Technology Road Map, or begin suggesting this approach to your clients today?

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

Posted in Integration, Physical Security, Technology | Tagged , , , , , , , , , , , | 1 Comment

2015 Bicsi Fall Conference – A Security Vendor Perspective

Bicsi

As a Biz Dev Manager in the physical security technology space, Bicsi members are an important emerging channel. This year the trade show was particularly productive.

This was a well-attended conference, with a particularly good showing from technology consultants and system designers. I always enjoy this trade show, because the topics of discussion lean toward emerging technologies. Since my employer is well-known for introducing new products every year and skirting the boundary of leading edge solutions, this trade show is an excellent forum for our message.

Competing Channels

I am seeing the Technology / Structured Cabling / IP Network space taking market share from traditional physical security channels. The end-user value messages of integrated functionality and database data exchange is leveraging the convenience and operational cost savings components offered by the industry. Manufacturer’s sales and marketing teams will soon sit-up and take notice. Threat, risk and physical security response planning is becoming a separate area of expertise and in the near future – every project will require both a technology AND physical security specialist to complete the design.

IP Edge Architecture (IoT)

Low cost, extremely high bandwidth solutions are being introduced that will accelerate the explosion of “Internet of Things” (IoT) type devices. In the security systems space, that will mean more network “Edge Intelligence” system design.

  • First: Passive Optical Network (PON) and Passive Optical LAN (POL) solutions (in lieu of copper) are bringing a virtual unlimited data pipe almost directly to the device, while at the same time lowering cabling cost.
  • Second: The low-voltage power distribution bottleneck is being resolved. Ultra-PoE power solutions may reach up to 100W of power per port and composite cable options (combination Cat 6/Fiber) are resolving the conductor issue. The life-cycle cost savings associated with managed PoE power distribution will more than pay for the minimal additional infrastructure cost. The advantage of this solution is easily recognized by the most unsophisticated end-user and it doesn’t require a crystal ball to see where new building construction design will be headed.

I spoke to almost 60 technology consultants and contractors at this conference, all wanting to have a discussion regarding the convergence of network infrastructure and automated systems design. Many of those in the industry with their RCDD certification seem to be uniquely suited to bridging that gap.

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

Posted in Physical Security, Power Distribution, Technology | Tagged , , , , , , , , , , , | Leave a comment

2015 ASIS Global Conference Review

asis-logo

The weekend recovery begins, after a long (but productive) ASIS focused week… This year I spent time walking the trade show floor and thinking about larger physical security industry issues and how the ASIS Conference is positioned.

End-User Focused Event

There is no mistaking the ASIS Conference End-User focus. ISC West, the other big trade conference in the industry, is quite different and very much a Distributor / Dealer event. The difference was highlighted for me this year. The trade show floor traffic was light, but it was still a productive event. With less booth traffic, the other activities were amplified. It helped me emphasize End-User meetings, reinforce strategic relationships and focus on their feedback. Even the consultant and dealer meetings were specific to End-User needs. It was a good lesson. As a Biz Dev Manager, broader marketing efforts can be a distraction and cause you to take your eye off the ball…

Observations from the 2015 ASIS Conference 

Missing Technology

The technology highlights were as expected: 4K & 8K video and broadening the spectrum of IP enabled equipment. The take-away was more about what was missing, than what was showing: Fiber, Fiber, Fiber… where were the PON and POL solutions? Data and power infrastructure technology is changing. Where were the PoE power distribution solutions to the edge? Changing infrastructure technology is making security systems less expensive to deploy for new construction in particular. This is an important developing trend and I was hoping to see it better represented.

Network Infrastructure and Security

In speaking with End-Users, many of the training classes were focused on Cyber Security. The writing is on the wall… technology is forcing the convergence of Physical and Logical Security. I heard more than one Security Director talk about CIO’s requiring all data transmission within security systems (wireless AND hard-wired) be encrypted. Moving into the future, it will be important to understand HID’s SEOS technology and OSDP protocol. I. T. Directors may not be making the actual physical security decisions, but they will be the MAJOR influencer in solution selection. It is imperative (as security professionals) we become comfortable with LAN / WAN (and Cloud) discussions and how to use security solutions leveraging the network for data and power transmission. This skill-set is needed NOW, not in some distant future. Training / Education in the physical security space covering associated data infrastructure and logical security will be a key differentiator for security integrators as we move into the future.

Long Range Wireless

Long-range wireless data has been all about microwave. This is an expensive solution with proprietary data protocols. If your company has applications for this technology, get familiar with directional WiFi. One of the manufacturers (Ubiquiti Networks) was showing at ASIS (in a back corner). Think under $500 for up to 1000′, with the capability of up to one mile (line of sight). Don’t hold me to these numbers, but this is what I was told. Think open IEEE 802.11 data protocol too! This doesn’t resolve the need for hard-wired power distribution, but at least for data, underground conduit to the perimeter at commercial sites can be eliminated. Perhaps this is not the solution for critical infrastructure projects, but how much of the perimeter security market is comprised of these kind of projects?

Integrations and Database Data Exchange

Finally, I know this is my personal impatience… but can’t the industry move a little faster making system inter-operability and database data exchange simpler? This is what end-users want! The mistaken idea that offering this functionality will dilute a captive installed base is ridiculous. These features will only drive more revenue and grow the over-all automated solutions market. There is demand for Intrusion Alarm, Video Surveillance, Card Access, Lighting Controls, Intercom, Visitor Management, Asset Tracking systems (naming a few) to share data and drive intelligence across platforms. We need more strategic corporate partnerships between companies developing related systems technologies.

Industry Discussion

If there are industry professionals interested in discussing these ideas, please feel free to reach out. The more we discuss these trends, the better chance of speedier adoption. I think the trade organizations (ASIS, Bicsi, ISC2, SIA, etc.) are the obvious choice as forums for the discussion.

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

 

Posted in Physical Security, Power Distribution, Technology | Tagged , , , , , , , , , | Leave a comment

Secure Data and Identity Management Solutions

Target Cartoon

As automated building systems become more dependent on shared network infrastructure, I.T. (Information Technology) Directors and CISO’s (Chief Information Security Officers) are beginning to realize these systems are adding significant vulnerabilities and risks to their network and sharing this realization with other corporate executives. This seems to be driving two very interesting emerging trends:

  • I see more Security Budgets moving away from Enforcement and Facility Operations and becoming funded by Technology Budgets.
  • Technology Budgets are moving under management of CISO and CIO executives.

What Has Changed?

What seems to be driving these changes? In talking with I.T. contacts, there appears to be growing concern regarding network data vulnerabilities in the private sector. For many large companies, successful network attacks can cost the equivalent of years of operational budgets. We don’t hear about this kind of activity for obvious reasons – the idea of at-risk sensitive data is toxic to employees / partners / customers.

The importance and influence of Data Security roles is growing. They are being viewed as critical positions and being asked to oversee and even manage technology functions within companies. So an interesting question might be: Why are more organizations seeing a correlation between cybersecurity and physical security design and operations? Today, this question hits closer to home than you might think…

Network addressable equipment of ANY kind is at risk, especially when the equipment can be physically accessed by a third-party. Think IP Surveillance Cameras and IP Card Access Controllers…

Scenario #1 – DDoS Attacks

See Computer World article authored by Lucian Constantin at this link:

Attackers hijack CCTV cameras to launch DDoS attacks

DDoS attacks overload and bring down large networks by adding more traffic than the network can support. No hacking of security passwords and such, just network failure due to moving massive amounts of data. In this piece, the author emphasizes that in 2013 a researcher was able to successfully launch a DDoS botnet attack hijacking 420,000 IoT (Internet of Things) devices, including thousands of IP Addressable Security Cameras. I am sure very few physical security professionals have considered designing a video surveillance system around defending against that kind of attack! Many strategies can help, such as: address filtering, traffic monitoring apps, restrictive network permissions, etc.

Scenario #2 – Data & Digital Identity Vulnerabilities

Encryption

As I noted in a previous post (link: Physical and Logical Security Convergence), Access Control and Intrusion Systems generally utilize un-encrypted data transmission… even though there are technologies available (see link above) to close that gap and eliminate the vulnerability. Intercepting data from Physical Security Systems can allow individuals to gain access to facilities that house mission critical processes. Eliminating opportunity is a key element in deterrence here.

Identity Authentication

It is possible to utilize certificate based identity authentication in a card access environment today. Formats such as Microprocessor Based Credentials (cards), Edge Controllers and virtual Mobile Credentials can manage encrypted certificate information. See these links: Mobile Keys / SEOS / PoE Locks. These safeguards have the ability to verify the status of certificates (expired/revoked), proof of possession and more. Most physical security professionals think of Identity Management as printing a current photo on an access control badge. Safeguarding identity information on the credential is important, but just as critical is the the security of that data as it moves from the credential to the reader and reader to controller.

Authorized Access

When designing systems with Host-Client architecture these concerns become even greater. Client applications typically can permit full access to the server core. Safeguarding identity information and verifying authenticity is critical, before allowing administrator access to your core via a client connection.

The obvious safeguard is often overlooked. Today, IP Cameras and IP Controllers are intelligent devices with enough processing power on board to be a laptop computer five years ago. These devices frequently offer password protected access features and NO, default passwords are not acceptable.

Every layer in system design usually has at least a few built-in data safeguards. In physical security, we are so focused on physical unauthorized access and intrusion events, we forget that the security systems themselves must be designed with Cybersecurity in mind (defend data). Commissioning of security systems just took on a whole new level of importance in the deployment process. Consider adding a line item to your project Gantt Chart for commissioning of data security safeguards. You will make a CISO somewhere very happy!

Scenario #3 – 3rd Party Access to Switches and Servers

Does your company house a blade rack containing servers and switches in an electrical, telco, or I.T. closet (IDF Room) OUTSIDE your data center? Are 3rd party contractors permitted to physically access these spaces? How is the rack secured? With some $15 cam lock that can be broken with a screwdriver? There is a fantastic new product that can add a card reader directly to blade racks to manage access, provide alarm signaling AND audit trail. See this link: Server Rack Card Reader Lock.

Douglas Levin is a consultant employed by ASSA ABLOY, Inc. Please contact him on LinkedIn for more information on this topic.

Posted in Cybersecurity, Physical Security, Technology | Tagged , , , , , , , , , , | Leave a comment

PoE Power Distribution – The Future for Effective Building Automation

midspan

Having met with many factory representatives this past year whose companies are developing this technology, in my opinion it is time to start talking seriously about broadening the use of PoE in system design. The current IEEE 802.3af PoE (Power over Ethernet) standard was just the first “shot across the bow” in network power distribution and it’s 15W (~1A@12V) per port limitation is just not robust enough to support most equipment – utilizing only one twisted pair for power and 3 pair for data. That is about to change…

The Technology

For the techies out there, this explains the solution.

Cat 5 cable uses four twisted pairs for data and was commonly used for 100MB/s bandwidth network applications. Cat 6 represents a significant upgrade with larger diameter copper conductors capable of supporting 1oGB/s bandwidth and a bit more wattage (or amps), inspiring the proposed IEEE 802.3at (PoE+) standard (compliant equipment is available today) offering 30W (~2A@12V) per port. A good start, but the technology that will change low-voltage system design is the coming new IEEE 802.3 4-Pair standard being researched. For the non-electrical engineers out there like me, think – the similar technology utilizing electrical outlets for home networks: four twisted copper pairs sharing data and power transmission! Early talk is projecting 60W (~4A@12V) per port! Imagine the equipment that could be powered by a 1000W mid-span at 60W per port!

Electrical Contractors Losing Relevance Inside the Building?

I posted a previous article on “Disruptive Technologies” and this is a prime example. Could the electrical trade become limited to high-voltage power distribution only in the future? If you were a network contractor / security contractor / A/V contractor (etc.) – why would you design with conventional power distribution? PoE requires no special licensing and eliminates another subcontractor requiring supervision. If you are a building owner/manager, can you recognize the advantages to having an I.T. Support Group managing the power distribution for automated building systems? Companies are making such large investments in technology todayand hiring VERY highly trained and educated professionals to support and deploy it. Isn’t there a value message for having these specialists support and manage the power grid feeding these systems too?

Something Truly SPECIAL with PoE Power Distribution

So, what else does PoE bring to the table to enhance its value? Simple, easy optimization and supervision! Sustainable building design has become the de-facto standard for best practices in the construction industry. Lowering power consumption and simplifying infrastructure are KEY tenets of this design approach. Network capable, IP Addressable power distribution devices offer simple ways to auto-negotiate voltage and power loads, enabling proper voltage distribution and limiting power use to only what is consumed at the edge during operation. A traditional 6A low-voltage power supply connects a transformer to the grid and continuously pulls at least 50W of power. The definition of inefficient power design… In addition, intelligent power distribution offers the ability to use PoE systems for life-safety applications too. I know many fire marshals are looking at this technology closely. The security industry has developed a standard for this solution: UL294b. Other building automation industries should be following suit. This is the future…

Does Your Organization Have a Technology Road Map?

Technology has an effective window, similar to the vegetables in your fridge. Not a few days, but certainly a 5-10 year time-frame. If your company is not planning for these changes now, current budgets are certainly being spent investing in technologies likely to become obsolete in the near future and preventing access to system options that will be main-stream features/functions needed in the foreseeable future.

Douglas Levin is a consultant working for ASSA ABLOY, Inc. Please reach out to him on LinkedIn, if you would like more information regarding this discussion.

Posted in Physical Security, Power Distribution, Technology | Tagged , , , , , | Leave a comment

ASU Unveils Cybersecurity Program

ASU

I spent several hours at ASU SkySong in Tempe, AZ with Jim Cook a couple of weeks ago discussing the broader road map for the data security space. Jim has an interesting job title: ASU Director of Business Development for the Office of Knowledge, Enterprise, and Economic Development. I didn’t know such an office existed at ASU… I was very impressed with his personal insight into the area of data technology and security AND with the university’s foresight to recognize the need for education in this area of specialty. The leadership demonstrated by ASU here will provide economic benefits for the entire Metropolitan Phoenix area. Here is a brief overview…

Facility under Construction

ASU has decided to start a program centered around cyber security. A building is currently under construction with classrooms, offices and a functional data center mock-up that will house the program. I was brought into discussions regarding the physical security design on this project by Jim and a colleague Laura Ploughe (Director of Business Applications and Fiscal Control). More than other types of facilities, Data Centers demand a collaboration between Logical and Physical Security professionals. CPP’s work along side CISSP’s to ensure the security of critical data storage and processing environments.

Goals

The intent of this program is to educate future network and data center managers and incubate the development of related new technologies and associated start-ups. The vision is to develop an industry leadership role at the forefront of new trends and leading-edge technologies. This is an exciting idea long over-due for an area like ours, with a strong technology footprint.

Technology

ASU has an interest in demonstrating the future direction of data technologies. Our discussion encompassed broad swathes of the I.T. / I.S. space: PON (passive optical network), POL (passive optical LAN), Wireless Data, Encryption, Identity Management, System Integration and much more. We explored physical security ideas like: convenience vs. effectiveness, complexity vs. user-friendliness, aesthetic concerns, limiting intrusion on the work environment, future-proofing technology investment, etc. The time really flew, as we got lost in our shared enthusiasm for the topic…

Business Alliances

The facility will not be ready until later next year, but ASU is interested in developing national and local business alliances and strategic partnerships now to provide a real-world understanding of industry trends, challenges, needs… These relationships will also provide a conduit for placing interns and a base of potential employers looking to hire these special ASU graduates. From my perspective, this could easily turn into the local “think tank” developing the new talent that will influence the future of the industry in our area.

If you find yourself reading this post and would like to explore what ASU has to offer your company in this regard, I would be happy to try and make the connection. This was published on my personal blog with the permission of Jim Cook.

Posted in Physical Security, Technology | Tagged , , , , , | Leave a comment

Convergence of Physical and Information Security

Convergence

As mentioned in previous posts, all data paths eventually converge via LAN/WAN… so how will physical security evolve to accommodate this reality?

Technology has one and ONLY ONE purpose in the physical security space: improving the effectiveness and/or efficiency of the response. Whether your security response plan is centered around an active, or forensic approach, the technology investment provides ROI only when it improves the delay, deterrance, or prosecutorial effectiveness of the security plan.

That is the current formal approach, but it overlooks an important vulnerability… the system integrity itself!

Devil’s Advocate

Are you aware that the transmission of user data from the card to the reader on 90+% of the non-federal card access applications today is not secure? Proximity, iClass and MiFare card formats (most common today) offer little to no data security when read by a typical wall reader. Identity information is easy to intercept and  easy to use to defeat systems. Let’s take this thinking one step further. Are you aware that Wiegand Data – the dominant card reader data protocol in the security industry today – is a completely un-encrypted format?

What is the Importance?

This requires an understanding of the paradigm-shift that is happening in the industry as we speak. When you logon to your corporate network, most likely your identity is being verified through certificate-based authentication and that communication is fully encrypted via an AES protocol. That would be the case over both wireless AND hard-wire. Now, think Physical Protection Systems… five years ago, would I have ever thought that encrypted data would be required over hard-wire? Today, we have a new C-Suite member who is responsible for this question and Data Security in general: The Chief Information Security Officer. Why another expensive position on the executive team? How many companies have had their data networks attacked recently? How many hacks have been successful? How many dollars can be saved, if advance planning can prevent just one of these attacks? Justification enough…

CISO – CIO – CSO

The CISO is defining corporate data security protocols. Who implements them? Whether I.T. is handled by a CIO, or an I.T. Director and whether physical security is handled by a CSO, or Security Director is irrelevant. Would you want to be responsible for a system that has been identified as highly vulnerable? So, where do these people go for help? Vendor partners providing data security solutions!

Data Solutions in Physical Security Systems

If you are a security consultant, or a security sales engineer… take heed, your future success will depend on familiarity with Data Solutions. Data Security is fast becoming the differentiator that is adding the value sophisticated end-users want. Most of the industry challenges come from the edge of the system. Here are a few emerging technologies that are critical to resolving vulnerabilities  in this area:

Identity Management

HID has developed a new physical security credential format, capable of managing digital identities securely – with both a physical and virtual method of delivery to the card reader. This technology has been branded: SEOS. Every security consultant and dealer needs to know this product. It is by far the best method for protecting identity data and moving it to the card reader. This technology in conjunction with BLE & NFC will change credential technology forever. This is not the best forum for a detailed discussion of the functionality. Suffice it to say, google this HID product and start learning what it can do now.

Data Encryption

There is an open format serial data protocol (OSDP) that has been around for some time, just waiting for a reason to exist. OSDP is a two-way serial protocol intended to be used between controllers and readers. This protocol requires an RS485 compliant five conductor. Besides offering an encrypted solution, it ends the one reader to one port wiring limitation of Wiegand Data. I highly suggest discussing OSDP with your security system manufacturer and planning to change to OSDP capable wall readers right now. HID offers several models. OSDP is coming soon to a theater near you!

The third technology provides a data solution for physical security that requires IP Edge Controller System Architecture. With an IP Addressable Network Appliance offering intelligence at the Edge, 128 bit AES Encryption is possible over the important IEEE 802 protocols: WiFi Wireless and PoE Hard-Wired. Of the two encrypted data options mentioned here, this is a technology that is available today. Consider the Sargent and Corbin-Russwin integrated lock products with IP Edge controllers onboard, or the Mercury and HID Edge solutions above the ceiling.

**Encrypt over hard-wire? You betcha!**

Posted in Physical Security, Technology | Tagged , , , , , , , | Leave a comment

How to be Relevant to I.T. Professionals

Tech Solutions

I.T. Expanding Influence into Related Trades

It really doesn’t matter which technology products/systems you offer today, the end-user approval process will eventually pass through the I.T./I.S. group. While the buying decision is likely to be based on the need and led by the the trade area concerned (lighting, A/V, security, fire, HVAC, etc.), the individuals most likely to bless the system choice are I.T./I.S Directors. I know many of us are more comfortable with the previous sales process that was primarily driven by the Facilities Director, but today all of these decisions are influenced by data infrastructure design and data security.

So, if all paths lead through the LAN/WAN at some point, how do we learn how to engage this new player critical to the decision making in this space? Here are a few suggestions:

– Learn the general certifications and certifying bodies in the data and information space: CISSP (ISC2-network security), RCDD (Bicsi-network design). Become familiar with what they are trained to do. There are many more, but I have found these are the two I run into most frequently. They have continuing education requirements. Try to offer education programs that can support the need.
– Get to know the new C-Suite roles that affect the buying decision for your product:

CISO – Chief Information Security Officer

Didn’t start seeing this position influencing security solutions until a few years ago. Previously, I ran into the CIO (Chief Information Officer) occasionally, but as data networks are hacked more frequently, this role will impact your system design more. Try Googling “DDoS Cyber Attack” some time. It will give you a little chit-chat to fill-in the time. Develop an overview of data encryption technologies and certificate authentication protocols (digital identities) to develop a level of comfort with this role. This role can work hand-in-hand with the CSO (Chief Security Officer) position, or be part of that responsibility. In future posts, I will cover the convergence of  physical and logical (data) security…

CTO – Chief Technology Officer

This role has the long-term budget authorization responsibility. Learn to define these terms and identify how to use them related to your products: “return on investment”, “future-proofing”, “open-architecture”, “inter-operability” and “data exchange”. Leveraging technology spend to improve efficiency and effectiveness in systems and the workforce is this role’s key focus. Although, the area of their responsibility that can affect sales in the technology space most – is systems life-cycle planning. Be prepared to engage regarding product / technology obsolescence, protecting investment and developing system road maps.

Solutions Selling

Let’s move on to the most important element of this discussion. Technology sales has changed dramatically in the last decade. The sizable cost of new technology purchases today demands that sales professionals focus on uncovering the driving need. You simply must be comfortable with the solutions sales approach. A decade ago effective account management alone could develop a significant base of business. Today, we have moved past the idea of simply adding value to the process. The “Grail” is a two-pronged approach: 1) understand the user’s pain-points well enough to match product/system benefits with meeting needs, or 2) work together to identify solutions to provide additional efficiency improvements, or cost savings.

Automation is only effective when the technology produces results. If you can become comfortable with selling solutions, you will be embraced by the I.T./I.S. space. That reputation will grow and it will bring business to your doorstep!

Posted in Physical Security, Technology | Tagged , , , , , , | Leave a comment