Convergence means more business opportunities
Edward Y. Ching, senior technology analyst at Rodman & Renshaw, LLC, said in an interview with SecurityStockWatch.com, "I believe that government and corporate enterprises are planning a return to network expansion projects that were put on hold due to the downturn in IT spending from 2001 to 2003. I think that wireless networks, enterprise security and data storage solutions should be high on enterprise IT budget lists." This would provide increased opportunities for upgrades and expansions of physical security networks and systems, too, many as part of corporate IT projects.
Gemplus's US Corporate Security Systems Study, carried out by Frost & Sullivan in December of 2003, showed that 30% of Fortune 500 companies surveyed are currently using or testing smartcards within their security systems and 39% of the companies surveyed plan to use smartcards within their corporate security systems within the next three years.
The question remains as to who will see the bulk of the security projects, traditional security system integrators or their IT competition? Security system manufacturers, integrators and security consultants need to give serious consideration to the trends being examined in this article.
Manufacturers
To maintain viability for their companies, many manufacturers need to establish viable positions for their products in building controls and IT, to the extent that their products will be installed, integrated and used by or for IT departments or building controls companies. This includes educating their specifying consultants and system integrators. What will happen when IT systems integrators come knocking? The response certainly should be based upon a corporate strategy developed with an awareness of the trends identified in this article. For most security companies, such strategies will involve decision-making factors that did not exist when the current corporate strategy was formed.
Integrators
Physical security system integrators need to become IT savvy in a hurry. Partnering (with an IT systems integrator or network consultant) is not a replacement for getting educated. On one recent physical security system project, which utilised the customer's network backbone, the security systems integrator relied completely upon a network consultant to provide the specification for the system's network components. The network portion of the specification omitted some key equipment. The integrator had to absorb the cost of the network equipment including installation and setup. This cost exceeded the network consultant's fee, who did not specify the equipment because the security systems integrator did not provide the information that would have indicated its need. Mistakes like these by security integrators encourage end users to take a closer look at what IT systems integrators have to offer.
Security consultants
Security consultants also need to be more IT savvy regarding the kinds of system integrations the products they specify will be involved in. In most cases the software (middleware) that 'glues' the various applications together will be provided by IT either as an in-house or contracted effort. The requirements and design for the middleware will include the security system integration. Not only must the security consultant be able to discuss the security system's role in the overall integration, he must specify a system that is up to the task.
The biggest danger: ignoring the customer
The previous article in this series (Hi-Tech Security Solutions March 2006, 'Broad Convergence - IT, Security & Building Controls') discussed the need for interoperability between systems, and pointed to the building controls industry as an example of customers driving change. In retrospect, it can be seen both customers and companies would have benefited from a more timely industry response. The article suggested that the security industry take a lesson from the building controls industry, and actively pursue interoperability without having to be dragged into it by the customer base.
There is danger in looking to the history of building controls industry for guidance.
The danger is this: unlike the HVAC and lighting control portions of the building controls industry, the security industry can not safely drag its feet for years. The building controls industry did not have outsiders waiting in the wings that could simply come in and take the business away from it integrators. The security industry does. The IT industry has the technology, the people, and the money to pull it off.
Encroachments have already taken place, for example, with IP-based video systems, web-based visitor management, and identity management Systems. ID management used to be the province of the security industry. IT companies came along and produced enterprise systems that securely manage identities and coordinate user details across an organisation's many identity data sources. That is a much greater capability than what is offered by traditional security ID badging systems. Some security industry companies responded by adopting the related IT standards and interfacing with the IT systems. Most did not respond at all.
Microsoft
Implementing an identity management system is no small task. So, to help make the introduction, Microsoft offers a 6-month evaluation version of Microsoft Identity Integration Server 2003, which is downloadable from the Microsoft website. Microsoft Server 2003 includes a free implementation of a public key infrastructure (PKI) system, suitable for small businesses. PKI is a component required for smartcard-based access control to information systems. Both Windows 2000 Server and Windows Server 2003 support smartcards for Windows logon.
Why stop there? What if Microsoft took a liking to networked video? Would we see Microsoft Video Management Server 2005, with a 6-month trial version downloadable from the Microsoft website? If that happened, you could expect to see the Microsoft development website offer a video server development kit, so that anyone could interface to the software. Networked video management software would be a conservative move compared to what Microsoft is doing in the automotive world.
This past July Microsoft and Fiat announced that they will design onboard information and communications systems - incorporating voice-recognition and global-positioning technology - to let people make hands-free phone calls and access online driving directions, among other features. They will also be able to listen to music stored in players via a USB connection in the dashboard. Fiat plans to integrate Microsoft's Windows Automotive technology across all Fiat, Lancia and Alfa Romeo models.
The planned Fiat/Microsoft system is still being designed, but it is expected to be less expensive than many other systems in part because it will be standardised across the car maker's lines, rather than customised for individual models. The deal is non-exclusive, which will allow other automakers to follow suit using standardised systems.
Open standards and interoperability require culture change
IT has thrived on open standards and interoperability. Security industry manufacturers fear open standards and interoperability. They would much prefer things to remain unchanged. But the IT door has already been opened, and it cannot be closed.
Cisco reports that the chief lessons learned from the transition to digital CCTV pertain to making the best use of Cisco IT resources. "Physical security and IT security are converging," says Chatterton, "and the two groups need to work more closely than before. When we managed the servers ourselves, a hardware or software problem was a serious issue for the department. Now we just generate a case and IT uses their technical resources and expertise to resolve the issue. We had to shift our culture to let IT do the work and run through its own processes." The Cisco case study document states, "All parties agree that the culture change required to partner with IT yielded dividends."
Like Cisco, many end-users are experiencing corporate culture change due to convergence. Unless there is a corresponding culture change within security industry companies, the end-user change will amount to a shift away from traditional security companies to IT services companies.
Commoditisation
Manufacturers, and to some extent integrators, fear the commoditisation that open standards and interoperability will bring. Most do not stop to think that their current success is due in large part to the commoditisation that has already occurred in IT. If the network cards of the early 1990s had remained proprietary and kept their $500 price tag, we would not have IP-based video or IP-based anything. Now gigabit Ethernet adapters are less than $100, and high-speed networks are commonplace. Today's security systems require a commoditised IT world.
Hal R. Varian, professor of business, economics and information management at the University of California, says in a New York Times article of 6 May, 2004, "Standardisation and commoditisation of a technology do not always mean that innovation stops. Once products become commodities, they can serve as components for further innovation."
"In the 19th century, American manufacturers created standardised designs for wheels, gears, pulleys, shafts and screws. As such, standardised parts became widely available and could be purchased 'off the shelf,' there was an outpouring of invention," explains Varian.
Commoditisation is what has made the IT explosion possible. Millions of people could take advantage of and build with what only hundreds or thousands could before. IT service providers no longer make money selling network cards. They sell information systems. And neither the customers nor the service providers would ever desire to turn back the clock.
Why would commoditisation in the security industry not result in a security explosion? History says that it would. History also tells us that commoditisation, based upon open standards and interoperability, is the inevitable next step for the security industry.
Customer demand for interoperability between brands will keep building. If it is not satisfied from within the traditional security industry as we know it, it would only be a small step for a few companies outside the industry - or for the single largest security customer, the government - to work to produce open standards. It has already happened with smartcards.
Smartcard interoperability
A major impediment to the widespread use of smartcards in both the private and government sectors has been interoperability. The majority of smartcards from different vendors are not interoperable. They must use software and smartcard readers specific to the type of card. Since private industry had not stepped forward to establish interoperability standards, the Information Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST) of the US Department of Commerce began working with industry and other government agencies to provide interoperability specifications and guidelines to give organisations an open and standard method for using smartcards. On 16 July, 2003 version 2.1 of the Government Smart Card Interoperability Specification was released.
The Digital Security Initiative work group of the Smart Card Alliance said, "The release ...is a significant event in the smartcard world as it is the first comprehensive effort to address the interoperability requirements of the enterprise market. It will become as important as Europay/Mastercard/Visa (EMV) specification is to the Payment market and Global System Mobile (GSM) specification is to the mobile telephony market."
What if a company was able to contract with the federal government to (a) develop interoperability standards and then (b) provide systems based upon those standards? Is such a company liable to take the market by storm, leaving other companies to do their best to catch up?
According to the USBX Quarterly Security Report of May 2004, "The majority of the large security budgets allocated to government agencies will be used to integrate disparate security devices instead of purchasing new systems. Most government agencies have standalone systems at multiple sites that make integration a greater challenge. The government will look to invest in technologies that provide complete solutions with integrated functions such as time and attendance and building control, and make them more robust."
Integrators have mixed reactions to reports like this, because what they can actually accomplish is limited by the capabilities of today's systems. The security industry will not be able to continue frustrating customers for much longer, without forcing outside action.
Shaping the security industry
It is inevitable that the security industry will evolve and expand. Will the shape of that expansion come from within the security industry as we know it, or from without? If the changes are likely to have any impact on you, give some serious thought to your part in it. Whether by casting a vote, raising a voice, or leading an initiative - do something.
From Security Technology & Design Magazine, September, 2004.
Copyright(c) 2004 by Ray Bernard.
Ray Bernard is board-certified as a physical security professional (PSP) by ASIS International. Ray is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides high-security consulting services for public and private facilities. This article is based upon material in his upcoming book, Shifting Sands: The Convergence of Physical Security and IT. For more information about Ray Bernard and RBCS go to www.go-rbcs.com
IT and security convergence: the SA perspective
By Ettiene Swanepoel, technical director at Reditron
Over the past months we have examined myriad issues surrounding IT and security convergence, and it has become clear that trends and challenges facing South African companies - in particular, their security and IT personnel or contractors - are not at all different from any other business environment in the world.
Globally, when it comes to the implementation of any IP security solution, the biggest stumbling block encountered is employee or contracting staff's unwillingness to accept that convergence of the two functions (IT and security systems) is inevitable.
The lack of understanding of IT and security technology and of the different business processes, as well as the promotion of their own business partners, are often additional hurdles to be cleared in order for IT and security systems to coexist and operate on a shared Ethernet platform.
Even though IT and security convergence has not yet been accepted as a standard by the general IT or security sectors, we have seen a massive growth in this area. I have no doubt that IT and security departments will continue sharing resources as IP video technology becomes the excepted standard in the security industry.
Paradoxically, end-user security solution expectations and requirements are often higher in South Africa than in more developed countries. This is because leading-edge video IP technology and the prerequisite technical skills to design and commission an IP solution that complies with any customer's requirements is readily available locally through distributors.
As more and more end-users and systems integrators are made aware of some of the advantages of IP video solutions, we expect the convergence of IT and security to continue its rapid growth for years to come.
It is important, however, to give consideration to the following points when deciding to implement an IP video system.
* Clearly define the functional specification of the system.
* Ensure involvement from both IT and security departments and clearly define each department's role.
* Identify the technology that will provide the best long-term solution with the required backup and support.
* Decide on one or more qualified systems integrators that have experience and knowledge of IP systems.
* Enter into a Service Level Agreement with selected partner to ensure ongoing service, updates and future upgrades.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version