Thursday, April 3, 2014

The PSIA Shows Off Physical-Logical Access Interoperability Draft Spec at ISC West

Here's a copy of the news release the PSIA sent out at the conclusion of a very successful Physical-Logical Identity Access Interoperability (PLAI) Working Group session today at ISC West. You'll be hearing more about the PLAI specification soon!


The PSIA Releases Draft Proposal of Physical-Logical Access Interoperability Specification
PSIA demonstrates specification's capabilities at ISC West 2014


(APRIL 3, 2014 –LAS VEGAS) Cost effective, automated synchronization of physical and logical identities, privileges and credentials took a major step toward becoming an industry standard today, with the Physical Security Interoperability Association (PSIA) releasing a draft proposal of its Physical-Logical Access Interoperability (PLAI) specification.

    “We’re excited about the potential the PLAI specification has for reshaping physical and logical identity access for the security industry,” said David Bunzel, executive director, the PSIA. “With the PLAI specification, we’re making it possible to achieve access, privilege and credentials management across physical and logical identities on a plug-and-play basis. This is a game changer.”

      The PSIA released the PLAI draft during a special session of the PLAI Working Group at ISC West in Las Vegas today.

      “Today we were pleased to demonstrate multiple disparate systems working seamlessly through the PLAI draft specification,” said Mohammad Soleimani, chair of the PLAI Working Group and executive vice president and CTO, Kastle Systems. “That demonstration showed how the PLAI specification fundamentally changes the way the security industry approaches identity, privilege and access management. We are opening a door to enable broad, holistic solutions that span the physical and logical realms of identity.”

    During the ISC West demonstration, the PLAI specification enabled an identity to be entered into Microsoft’s widely used and LDAP-compliant Active Directory, and then to automatically propagate all of that identity’s associated privileges and credentials to physical access control systems (PACS). Similarly, when an identity was removed from Active Directory, the PLAI specification automatically propagated the revocation of privileges and credentials in the physical access control systems.

      “Being able to automate temporary and permanent privilege management through the PLAI specification will significantly reduce administrative time and cost burden,” said Mike Faddis, Director at Microsoft Global Security. “The PLAI specification streamlines and standardizes the management of physical and logical identities, helping chief security officers effectively support Enterprise Security Risk Management.”

      The PLAI specification ensures the logical and physical access privileges associated with an employee’s role are always synchronized. That enables a company to ensure a person is physically present before permitting access to databases or applications.
     
      Further, the PSIA’s PLAI specification will enable automated inter-PACS interoperability in the market for the first time.  Users can reduce multiple access cards because the inter-PACS interoperability automates the process of enabling an access card associated in one vendor’s PACS to be used at entry points associated with a different PACS system as long as the card readers are the same.

    “With the PLAI specification, the industry is getting functionality we’ve always wanted without spending significant time and money to build custom interfaces among dozens of systems,” said Joshua Jackson, director, global product integration, Stanley Security.  “This specification opens the door for manufacturers and integrators to add a great deal of value to security solutions while minimizing cost and implementation time.”

      The PLAI specification builds on standards already used in the logical identity and access management world, including Role-Based Access Control (RBAC-RPE) and Lightweight Directory Access Protocol (LDAP). These will enable vendors and users to more easily map logical identities and their role-based privileges to physical identities.
     
      The specification is being developed by the PSIA’s Physical-Logical Access Interoperability (PLAI) Working Group, which includes Allegion (previously Ingersoll Rand), Brivo Systems, HID Global, Inovonics, Kastle, Z9 Security, Mercury Systems, Microsoft Global Security, Stanley Security, Tyco Security and UTC.
     
      # # #

Monday, March 17, 2014

PSIA-Compliant Access Control Solution to Debut at ISC West

By David Bunzel
Executive Director, the PSIA

PSIA members Inovonics and Mercury Security will literally demonstrate the business value of a standards-based approach to security solutions at ISC West this year.

The companies recently jointly announced that in compliance with the PSIA’s Area Control specification, Mercury will integrate Inovonics' EN6080 Area Control Gateway (ACG) with  Authentic Mercury™ branded hardware to offer the industry's first integrated access control platform with Enterprise Mobile Duress (EMD) capabilities.


A complete demo of the solution showcasing integrated access control with Enterprise Mobile Duress will be on display at ISC West at the Inovonics booth at ISC West (#16109). The demo will provide a great way to learn more about how Mercury and Inovonics are using the PSIA specifications to quickly bring a powerful integrated solution to market. It will also demonstrate why the industry will benefit from standards-based solutions and how the PSIA can help members deliver them.
 

“It is gratifying to partner with an industry leader like Mercury Security that shares our same passion – taking an open standards-based approach to delivering integrated, best-of-breed solutions," said Michael Slack, vice president of technology and business development at Inovonics, in the companies’ joint news release.

"Together, we have a solution that is the first of its kind, merging access control with Enterprise Mobile Duress – made possible by utilizing open standards and leveraging existing security infrastructures. The end result is a seamlessly integrated, intelligent security system that yields reduced installation time while minimizing incremental costs. Our partners have requested this capability and now, together with Mercury Security, we can deliver it," Slack said.


The new integrated Mercury access control platform with Inovonics' Area Control Gateway (ACG) and duress pendant system allows partners and resellers to leverage their customers' existing security infrastructures while adding the tremendous value of EMD at a minimal incremental cost. Using panic buttons as a "credential," security personnel can track the identities and locations of the persons assigned to each pendant as they enter and move throughout buildings and secure areas. Combining access control together with Inovonics' EN6080 ACG location capabilities in this way ensures greater response time when safety issues arise.


Inovonics (www.inovonics.com) is a leading provider of enterprise life safety and specialized commercial wireless systems, and Mercury Security (www.mercury-security.com) is a global leader in the supply of OEM access control hardware.


# # #

Tuesday, March 11, 2014

Physical-Logical Access Interoperability (PLAI) Specification Update


By Mohammad Soleimani

Chairman, PLAI Working Group, the PSIA

CTO, Kastle Systems


A standardized means of synchronizing physical and logical identities, privileges and even credentials is close to reality. The PSIA’s Physical-Logical Access Interoperability (PLAI) Working Group, which includes Allegion, Inovonics, Kastle, Mercury Systems, Microsoft Global Security, Stanley Security and UTC, is very close to releasing a draft proposal for the PLAI specification.

    The PLAI specification ensures the logical and physical access privileges associated with an employee’s role are always synchronized. Further, the PSIA’s PLAI will enable automated inter-PACS interoperability in the market for the first time. End users and integrators have been requesting all of this functionality but until we developed the PLAI specification, the only “solutions” have been highly manual; error-prone; time consuming to implement; and expensive.

     The PLAI specification builds on standards already used in the logical identity and access management world, including Role-Based Access Control (RBAC-RPE) and Lightweight Directory Access Protocol (LDAP). These will enable vendors and users to more easily map logical identities and their role-based privileges to physical identities. In turn, that enables enterprises to cost effectively: 
 

  • Ensure persons are physically present before allowing them to log into applications and databases to shore up cyber-security defense.
  • Streamline privilege management and reduce security administrative costs.
  • Reduce multiple access cards because PLAI’s inter-PACS interoperability automates the process of enabling an access card associated in one vendor’s PACS to be used at entry points associated with a different PACS system as long as the card readers are the same. 
     These capabilities and more could change how the industry manages physical and logical identities. We’re very excited about our work on the PLAI specification and look forward to sharing more about it soon.
    
       ###

Thursday, February 13, 2014

Catching Up with the PSIA

from David Bunzel, Executive Director, the PSIA
 
Even as we count down Punxsutawney Phil's six more weeks of winter, the PSIA is gearing up for the spring ISC West show and building on our many accomplishments last year. 

Here are just a few items on our to-do list: 

  • ISC West planning is under way. Watch for developments with the new Physical-Logical Access Interoperability (PLAI) specification and other exciting announcements. 
  • The PLAI Working Group is making great progress. If you haven't, do check out the white paper explaining more about this specification-in-progress.
  • Our Recording and Content Management (RaCM) specification is being enhanced with the addition of a software profile. RaCM-compliant systems can easily integrate digital video data into their functions.  
  • We'll also be communicating more frequently through this blog and Twitter, so please follow us at @PSIAlliance.org and use our hashtag #PSIASpecs when tweeting about security specifications and standards.
Our members’ continued support will help us surpass our 2013 achievements, which included well attended events at ISC and ASIS, the launch of the PLAI Working Group and the release of Area Control 2.0. PSIA specifications deliver superior security solutions that cost less to implement, manage and maintain. That's what users want, and the ability to deliver them adds up to a competitive advantage for security vendors compliant with PSIA specifications. That's an excellent reason to put complying with PSIA specs on your roadmap this year.

Friday, August 9, 2013

Big Data Gives Standards-Based Security Big Opportunities



by Larry Lien, chairman, the PSIA; vice president, product management, Proximex

“Big Data,” which is a hot business topic, is made up of vast quantities of “little” data from an amazing array of sources. In the security realm, video images, people counts, door events, sensor readings, card swipes, biometric readings, RFID tags, alarms and alerts—taken together, these and more comprise the Big Data our industry generates.

Sophisticated data analytics can parse physical security data combined with other data to reveal valuable patterns and correlations. A city’s tourism bureau might combine historic weather data, video images and crowd counts from various venues on specific dates to understand tourist behavior patterns better and how to tailor discount offers to send to smart phones. Meanwhile, a security director might use the same data to scale resources more efficiently across different venues based on predictive analytics forecasts of trouble spots.

In short, security systems gather unique data that can be used to generate additional business value beyond securing the enterprise. PSIA members building our specifications into their tools and systems will be well positioned to be part of the data revolution. Standards-based systems integrate faster with enterprise IT infrastructure and its tools; share data and intelligence more easily across many platforms; and eliminate the need for expensive and difficult-to-maintain custom interfaces.

During the upcoming ASIS annual show, the PSIA will again be demonstrating how our Working Groups are anticipating and acting on security, IT and business trends. Members adopting our specifications are positioned to deliver business value alongside better security solutions. You don’t need Big Data analytics to know that’s a winning proposition in today’s markets.

(Please join us at the PSIA's Enterprise User Interoperability Showcase at ASIS on September 23. Register here to reserve space for you and your colleagues.)

Thursday, June 27, 2013

Access Control Standards Revolution Now In Progress

We wanted to share our perspective on access control standards adoption after reading a recent news release from IMS Research. This release indicated that “open standards for access control could bring a dramatic change for vendors and alter the face of the access control industry as it is known today.” We agree. Our perception, in fact, is that the industry is much further along toward embracing open access control standards than the release authors appreciate.

First, we see firm support among access control vendors for building open specifications from the PSIA into their product roadmaps. Leading access control companies, including Assa Abloy, HID, Honeywell, Kastle Systems, Stanley, Tyco/Proximex) ,UTC/Lenel and Verint sit on our board of directors and have participated with time, money and talent in our various working groups. They helped develop the PSIA’s Area Control Specification, which includes access control and intrusion detection. (The IEC, an international standards body, and the PSIA are in discussions about a global access control standard, in part because of the robust features of our Area Control Specification.)

All our members also understand standards do not prevent them from being innovative or addressing specific customer needs but rather make it easier for their systems to communicate unique data and intelligence to other systems and devices. Today’s most influential technology developments, including mobility, Big Data analytics, consumerism, the Internet of Things, all call for more interconnected devices and users. Security industry systems and tools must be ready to easily integrate with growing networks of sensors, apps, smart mobile devices and digital tools from other industries. Standards will help the industry accomplish this.

From an economics perspective, widespread use of the PSIA’s Area Control Specification will make it easier for users to get residual value from their closed, proprietary systems. Because all PSIA-compliant tools share the same common event vocabulary, only one “translation” is necessary to connect a closed system to a comprehensive set of security tools. Contrast that to writing (and maintaining) dozens of unique interfaces to link a closed system to modern tools.

Finally, at the spring IFSEC security show in Birmingham, UK, we spoke with many VMS manufacturers who told us they need to build richer access control functionality into their systems and want to investigate the PSIA’s Area Control specification. They underscored the message that integrators, consultants and end users want the ability to share intelligence across and beyond the security ecosystem, such as to building automation and enterprise systems.

IMS Research says open standards will reshape access control; we at the PSIA already see that evolution under way.

Thursday, June 20, 2013

Emerging Issues in Access Control

We had some thoughts about a recent post by Kim Kornmaier on the Honeywell Security Channel blog.
One way security integrators and consultants can address the access control issues laid out above is by using products and systems that comply with the Area Control Specification and/or the Access Control Profile (http://psialliance.org/AreaControlOverview.html) from the Physical Security Interoperability Alliance (PSIA).  

PSIA-compliant products all share the same event vocabulary. With the Area Control specification, systems and components from different manufacturers can quickly share data about terminated employees or unauthorized access. Security professionals need only enter the revocation command once; it will then propagate automatically to the other systems. Access privileges across a corporate or campus network are cancelled within minutes, with minimal effort, greatly improving security.

A clear common vocabulary across compliant components also makes it easier to integrate IT security and physical security systems to address potential blended threats. In addition, that commonality means consultants and integrators can add vital new components into legacy security solutions more quickly. That’s because they only need to map the legacy systems’ communication to one PSIA-compliant vocabulary, not many different interfaces.

Finally, because the PSIA specifications are created by leading industry vendors, the specifications reflect industry demand, including support for cloud, wireless and mobile security solutions.

Vendors like HID, Ingersoll Rand (Schlage), Kastle Systems, Honeywell, Mercury, Proximex, and ASSA ABLOY are all actively implementing these specs into products. Inovonics has already introduced a PSIA-compliant access control wireless gateway, and we expect to see more commercially available solutions soon. So the industry is well at work on meeting these emerging issues for end users.