Published in the March 2007 issue of Today’s Facility Manager
The security field, much like the rest of society, has caught the technology bug. Everything from access controls systems to fire safety panels is integrating more complex electronic features and capabilities, and it is a driving force in the security market today. Such technological advances have inspired concepts like convergence and interoperability to be adopted by the security market.
The complexity in the latest security products and systems (combined with making security assessments and developing subsequent policies), can make facility managers’ jobs even more challenging. However, just like the addition of other responsibilities being brought under the facility management umbrella, facility professionals are responding to the challenge.
And although the technological changes in products and systems are significant, traditional physical security measures, such as mechanical locks, guards, turnstiles, and bollards continue to play a major role in protection. With so much variability from company to company, no single security solution works for everyone.
For those tasked with security, here are some assessment strategies, ongoing trends, and product developments.
Assessment: Putting The Puzzle Together
Facility managers may find it prudent to assess what is needed first before making any purchasing decisions. Here are some things to consider during an assessment:
Questions. Security assessments require questions. “What are the assets that you are trying to protect?” asks Mark Allen, manager of product development/marketing, Kaba Access Control of Winston Salem, NC. Depending on the company, it can be people, data, or valuables.
Intra-company dialogue between facility managers and other personnel is essential. “[The facility manager has] got to be in communication with the various managers in the facility to see what type of priority they put on the materials or things they are trying to protect,” says Bill Walsh, national sales manager for Wheeling, IL-based CCL Security Products.
Economics. Facility managers need to look at the short- and long-term costs. If a mechanical lock is used, keys have to be issued. And in a case where the door has to be rekeyed, keys have to be reissued.
For proximity or smart cards, one consideration is what extras are put on a card. Things like printing and laminating are small costs for individual applications, but they can add up if done on a regular basis.
Zoning. Shane Cunningham, inside sales and marketing manager for North America for Greer, SC-based Digital Identification Solutions, says facility managers may want to use different types of identification cards for accessing different departments. In a facility where there is a laboratory with valuable intellectual property, a smart card may be warranted to get in; in common office areas, a proximity card may all that is needed.
Consulting. Although Robert Wetherell, CPP, facility manager, Pearson Education has an extensive security background himself, he decided to bring in a security consultant to conduct an assessment of the company’s security practices and make recommendations for his Cedar Rapids, IA building. “It is always good to get the opinion of an industry expert on the outside who can come in and take an unbiased look at your operations.”
Training. This should not only be considered for equipment installation purposes, but also for learning how to use products that provide data analysis. “Whoever is going to be part of the day-to-day group that is looking at this data is going to need to be trained on the technology,” states Tom Giannini, director of security marketing for Westminster, MA-based Simplex Grinnell.
Additional Resources. Wetherell stresses the importance of tapping outside resources like ASIS International.
After facility managers get a handle on their security needs, it is good to know what types of trends can have a significant impact their facilities. “One of the big trends we’re seeing from facility managers right now is IT convergence,” explains John Smith, senior marketing manager of Morristown, NJ-based Honeywell. Companies are seeking a seamless, comprehensive security system that interlinks physical and logical access control and connects them to the company’s network. As a result of this demand for convergence, facility management and IT teams are now working together.
“We have had a very good relationship with our IT and physical security [teams] for several years, and it’s probably what is making the process a little easier for us right now,” explains Wetherell, who has an in-house IT department and an outsourced security staff.
One interesting variation on the convergence concept is a visitor management control software system that can track visitors’ whereabouts in a building more easily. Needham, MA-based EasyLobby is a company that produces a system that allows companies to scan a visitor’s information (a driver’s license, for example) and print up a badge for visitors to use during their time inside a facility.
This type of electronic solution can streamline the check-in process in a multi tenant building, where visitors gain access through a turnstile or approach security personnel, according to Howard Marson, CEO, EasyLobby. This system verifies visitors’ identification and eliminates paperwork.
In companies with multiple buildings, facility managers may need assistance in keeping systems running smoothly. Fortunately, integration is helping facility managers rely on electronic features in security systems to carry out functions independently and remotely.
“At a very basic level, integration means that an event on one system can cause an action on another system,” explains Tom Mechler, product marketing manager, intrusion controls, communication products, and wireless of Broadview, IL-based Bosch. For example, if an alarm were to go off in an area where a digital video recorder (DVR) was present, a control panel could direct the DVR to make a change in the way it is recording.
With integrated security systems, administrative tasks—like something as simple as removing a former employee from the system by way of a computer across multiple facilities—are possible, says Mechler.
An organization that may help facility managers with their security needs is the recently formed Building Security Council (BSC). In November 2005, the BSC was established by professionals in this arena to address certain issues and enhance public safety by promoting building security. The lack of national security standards motivated Stan Caldwell and others in the field to create a security ratings system for commercial buildings.
For facility managers interested in getting their buildings rated, the process includes classifying the building into one of four categories depending on its potential target level. Then it is determined what type of security policy plans are in place for the building.
There are a number of security requirements and then several voluntary initiatives that a company can do to earn points. If a building achieves a 60%, it gets rated. If a company wants to go for one of the “precious medal” levels, it has to obtain a 90% rating first to qualify. From there, the type of medal depends on how many points are earned. The medal levels are bronze, silver, gold, and platinum, similar to those developed by the United States Green Building Council (USGBC) LEED ratings.
Jon Schmidt, chair, BSC, and one of the organization’s founders, says this rating system looks to provide a better solution to developing protection from outside threats to the building. “It [the rating system] would help systemize the process and allow owners and managers to make rational decisions about security,” explains Schmidt.
To develop the rating system, information was collected from a variety of sources, according to Schmidt, including publications from the Federal Emergency Management Agency (FEMA’s) risk management series.
BSC is also establishing a Building Security Certified Professional (BSCP) credential. Security professionals can apply for the credential; certification designates that these professionals have a significant knowledge and understanding of the multidisciplinary security considerations related to the planning, design, construction, operation, and evaluation of buildings as identified by the BSC Building Security Rating System. Interested parties can visit www.buildingsecuritycouncil.org for more information on this organization and the progress of its activities.
A number of vertical market sectors’ security needs and buying trends are influencing the market as well. Here are a few examples of security initiatives that specific markets are employing.
The Federal Government. Most security experts agree the U.S. government is the single biggest influencer of the security boom. Reacting to 9/11, the government began its initiatives to secure the country from further terrorist attacks, thus creating an era of heightened security. This era continues today, as the government has redesigned policies and increased security measures. The federal government’s ongoing need for new products and systems has also contributed to a trickle-down effect for U.S. customers in the business/private sector.
“As soon as something becomes commonplace in the federal government, it’s bound to become commonplace in [the rest of] society,” explains Cunningham.
One potential example in the making is smart cards. The government’s Federal Information Processing Standard (FIPS) 201 requires that all federal agency workers and contractors use personal identification verification (PIV) cards.
These PIV cards are designed with smart card technology and are to be used to gain physical access to federal buildings, as well as logical access to data. While federal buildings are still being upgraded for this capability, Mark Visbal, director of research and technology, Security Industry Association (SIA), believes smart card technology will eventually have a larger acceptance in the private sector due to the government’s influence.
Schools. Traditionally, schools have been open places with limited security measures, but after several nationally publicized tragedies, greater attention to security is being paid. John Hunepohl, director of integrated solutions for New Haven, CT-based ASSA ABLOY Door Security Solutions, says more doors are being electrified, which can be fitted so that a facility manager can lock several doors from one location. While this is being done across vertical markets, Hunepohl gives the example of schools having this capability to use in a lockdown situation to protect against an intruder entering classrooms.
Financial. Smart cards are becoming more popular in this particular sector as companies try to protect internal data with logical access control. As Internet shopping grows in popularity, there is talk that in the near future, banks and credit card companies may ask customers to use biometric debit or credit cards to protect against identity theft.
Finding the right products and security solutions requires research and knowledge of the latest market offerings. Here is snapshot of some of the product segments.
Video Surveillance. “One of the technologies that is gaining traction is video,” says Giannini. He sees a greater demand for it, in part because it is everywhere people look. This ubiquitous security medium has made it more acceptable for companies to have them as part of their arsenals.
The two major applications for video surveillance are monitoring and forensics. Steve Surfaro, group manager/strategic technical liaison, of Secaucus, NJ-based Panasonic System Solutions Company, explains that monitoring is when companies use it in real time to observe and react, and forensics is using the video system for review after an event happens. In order to monitor properly, companies have to employ full time staff to watch the video continuously.
Surfaro says he sees a lot of interest in perimeter access control from companies, as well as access control linked to video surveillance.
Analog cameras are the original CCTV cameras that are hooked into the wall. The newer network cameras, on the other hand, can be set up almost anywhere in a building; because of wireless capabilities, they are connected to the company’s network server, and video is streamed.
Safety Alarms. Alarm systems with individualized messaging capabilities are another example of where technology is advancing. “In an emergency, we can prioritize what message you want,” says Mario Bulhoes, director of support and solutions for Long Branch, NJ-based Cooper Wheelock. Not only can a fire alert be sent, but other predetermined messages such as one announcing a terrorist attack or a chemical release can inform employees as to what is going on during an emergency.
When deciding on a safety alarm system, Bulhoes recommends getting the local fire department involved early in order to make sure the facility will be up to code and that the fire department will be able to familiarize itself with the company’s fire safety system and evacuation procedures.
Mechanical Locks. Of course, there will always be a need for traditional locks and keys to protect low-level items, asserts Walsh. “There are certain doors where you only need a basic lock,” states Walsh. “It still provides enough security to keep the honest guy honest.”
He uses the example of a big university and the numerous classrooms and dormitories, or an office setting where someone may want to lock up his or her files in desks to deter outsourced services from looking at private information.
The data transfer key is an example of a more contemporary key that still mechanically unlocks a cylinder, but the key’s electronic circuit talks to the lock and records the employee’s identification number. The information captured in the lock can be downloaded to the key itself, or a handheld device can be used to retrieve the information from the lock and take it back to a computer. A log of insertions for that particular lock can be developed, and this offers yet another layer of accountability, explains Walsh.
Vendors say there are other reasons for the mechanical lock’s continuing popularity. According to Allen, mechanical push button locks may outsell electronic products, because some customers still prefer the simplicity and benefits of mechanical keyless entry without the expense and hassle of keeping up with cards, software, computers, wiring, labor, contractors, and the other items associated with electronic systems.
ID Cards. Proximity cards and devices continue to remain the most popular form of identification. Their convenience makes them widely used across vertical markets. Smart cards, on the other hand, are the newer identification technology that someday may be more widely used if things like biometrics are adopted.
“Proximity technology is very user friendly and cost effective,” explains Tom Heiser, vice president, networked access solutions for Irvine, CA-based HID Global Corporation. “While smart cards have many benefits over proximity cards, especially when it comes to using a single credential for multiple applications, not all end users require these additional security features, so proximity, which is a long established technology, is a perfectly suitable solution.”
Smart cards can store digital certificates, encryption algorithms, biometric information, and qualification information. And they maintain a contact or contactless interface, which is used to gain entry into access points.
“What you have there is essentially a small computer on a chip,” explains SIA’s Visbal. He says authentication is now more than the traditional, “what you know,” such as a pass code and includes, “something you possess” like fingerprints, which is where biometrics comes in.
Fingerprints and iris recognition readers are the most popular types of biometrics employed. And they do not take long to issue, maybe only a few extra minutes, according to Cunningham.
Still, issues remain with smart card technology. Questions about privacy and access times remain challenges to widespread usage.
“It’s getting better, but it is nowhere near where it has to be for large scale applications,” says Hunepohl. For example, a large facility with several thousand workers cannot quickly expedite employee authentication using a biometric reader, explains Hunepohl. It is too time consuming when taking into account the amount of time it takes for one person to get in and multiplying that by several thousand more times.
Still, government workers, first responders, and transportation workers are all beginning to use smart cards, and eventually, the issues will be resolved, leading to greater adoption.
Interoperability And The Endgame Goal
Although the term has been around for a number of years, interoperability is really beginning to pick up steam in the security field. While Wetherell does not have it at his present company, he has seen it work and likes the concept. “It’s here, it’s good, it has its applications just like anything else; overall, it is positive.”
With interoperability, some say the real goal will be achieved: revenue generation and cost savings.
“Interoperability is a means to the end,” asserts Rob Zivney, vice president of marketing for Santa Ana, CA-based Hirsch Electronics. In a traditional company setting, you have what Zivney calls “silos of information,” with each department concerned about its particular responsibility but not realizing it maintains proprietary information that could be used to help the bottom line.
“Unless you are above IT and security, you don’t see how issues come together,” states Zivney. “For instance, let’s say I want to generate [cost savings] from people using the parking lot or people using the building after hours. I can track who is coming in and out of the building after hours, but if I am security, I’m not thinking about revenue or allocating cost to the tenants.” With this information, Zivney explains, a database can be created and used by the company to activate building components—like the HVAC and lighting—in those areas of the facility where occupants remain after hours.
Although the possibilities are exciting, there are challenges to overcome. “You have to have technology shared, standards defined, and a lot of things have to talk to each other,” states Smith.
With disparate systems between vendors and customers, interoperability is not yet entirely possible. But, completed national standards are on the horizon and may help alleviate issues. The ASHRAE building automation and control networks (BACnet) committee has developed a set of protocols that add physical access control capability to existing standards for building automation control.
SIA’s Open System Integration and Performance Standards (OSIPS) Program is another example. The OSIPS are a family of open, public, consensus-based standards developed according to American National Standards (ANS) protocols. Five OSIPS standards will be released later this year, and Visbal believes they will help influence the proliferation of interoperability.
“Once we start to see the adoption of [these standards], you will start to see the ability to implement security solutions using shared infrastructure, then you start to see a lot of possibilities,” explains Visbal.
While each company has different and distinct security needs, the emergence of sophisticated security systems that “talk to one another and communicate with different building systems” is bound to spark significant changes in how many companies think about their overall security policies. These integrated security systems will also require facility managers to seek more support from their IT departments as they implement more complex security strategies.