Thursday, June 27, 2013

Access Control Standards Revolution Now In Progress

We wanted to share our perspective on access control standards adoption after reading a recent news release from IMS Research. This release indicated that “open standards for access control could bring a dramatic change for vendors and alter the face of the access control industry as it is known today.” We agree. Our perception, in fact, is that the industry is much further along toward embracing open access control standards than the release authors appreciate.

First, we see firm support among access control vendors for building open specifications from the PSIA into their product roadmaps. Leading access control companies, including Assa Abloy, HID, Honeywell, Kastle Systems, Stanley, Tyco/Proximex) ,UTC/Lenel and Verint sit on our board of directors and have participated with time, money and talent in our various working groups. They helped develop the PSIA’s Area Control Specification, which includes access control and intrusion detection. (The IEC, an international standards body, and the PSIA are in discussions about a global access control standard, in part because of the robust features of our Area Control Specification.)

All our members also understand standards do not prevent them from being innovative or addressing specific customer needs but rather make it easier for their systems to communicate unique data and intelligence to other systems and devices. Today’s most influential technology developments, including mobility, Big Data analytics, consumerism, the Internet of Things, all call for more interconnected devices and users. Security industry systems and tools must be ready to easily integrate with growing networks of sensors, apps, smart mobile devices and digital tools from other industries. Standards will help the industry accomplish this.

From an economics perspective, widespread use of the PSIA’s Area Control Specification will make it easier for users to get residual value from their closed, proprietary systems. Because all PSIA-compliant tools share the same common event vocabulary, only one “translation” is necessary to connect a closed system to a comprehensive set of security tools. Contrast that to writing (and maintaining) dozens of unique interfaces to link a closed system to modern tools.

Finally, at the spring IFSEC security show in Birmingham, UK, we spoke with many VMS manufacturers who told us they need to build richer access control functionality into their systems and want to investigate the PSIA’s Area Control specification. They underscored the message that integrators, consultants and end users want the ability to share intelligence across and beyond the security ecosystem, such as to building automation and enterprise systems.

IMS Research says open standards will reshape access control; we at the PSIA already see that evolution under way.

Thursday, June 20, 2013

Emerging Issues in Access Control

We had some thoughts about a recent post by Kim Kornmaier on the Honeywell Security Channel blog.
One way security integrators and consultants can address the access control issues laid out above is by using products and systems that comply with the Area Control Specification and/or the Access Control Profile ( from the Physical Security Interoperability Alliance (PSIA).  

PSIA-compliant products all share the same event vocabulary. With the Area Control specification, systems and components from different manufacturers can quickly share data about terminated employees or unauthorized access. Security professionals need only enter the revocation command once; it will then propagate automatically to the other systems. Access privileges across a corporate or campus network are cancelled within minutes, with minimal effort, greatly improving security.

A clear common vocabulary across compliant components also makes it easier to integrate IT security and physical security systems to address potential blended threats. In addition, that commonality means consultants and integrators can add vital new components into legacy security solutions more quickly. That’s because they only need to map the legacy systems’ communication to one PSIA-compliant vocabulary, not many different interfaces.

Finally, because the PSIA specifications are created by leading industry vendors, the specifications reflect industry demand, including support for cloud, wireless and mobile security solutions.

Vendors like HID, Ingersoll Rand (Schlage), Kastle Systems, Honeywell, Mercury, Proximex, and ASSA ABLOY are all actively implementing these specs into products. Inovonics has already introduced a PSIA-compliant access control wireless gateway, and we expect to see more commercially available solutions soon. So the industry is well at work on meeting these emerging issues for end users.