Most physical security systems comprise of the following sub-systems, which work together as a complete security solution – Electronic Access Control System, Alarm System, Sensors, Intrusion Detection, and Automated Video Surveillance.
In the field of security and surveillance, convergence has different implications and wide-ranging scopes. Today, we’re going to discuss several convergence and integration perspectives that can address the various gaps and ambiguities in your organizations’ security and help you build a refined physical security solution.
Designing an Integrated Physical Security Solution that is Convergent
There are four main stages in designing an integrated physical security solution –
The first step in designing a converged security system is looking into an enterprise’s organizational structure to sort the business entities that control the security or be controlled by the security.
Personnel or an object can be this type of entity. Other examples of business entities can be employees, vendors, company-owned vehicles, contractual laborers, contractors, company drivers, visitors, system administrators, company assets, contractual vehicles, department/function heads, etc.
These entities should be uniquely identified by the security solution to map several security processes, policies, and access rules corresponding to them. Additionally, the converged security system should be able to quickly identify, map, and represent the relationships between these entities. Examples of such relationships include –
- Employee – A manager is responsible for managing an employee’s responsibilities, assigning tasks, approving leave requests, assigning rules, assigning access rights, approving other claims, etc.
- Visitors – The system maps a visitor to the employee they need to visit.
- Drivers – The system maps the relationship between a driver and the vehicle he drives. On another note, if the car is from a different company, the system maps it to that company.
- Contractual Laborers – The system maps the relationship between a contractual laborer and his/her contractor company.
- Access Rights – An employee’s or contractor’s access rights maps to specific HR record parameters.
Credentials and User Identifiers
Each entity mentioned in the previous step might use different identification methods depending on convenience, compliance requirements, importance, urgency, security level, etc. A person in an organization may need to use biometrics to gain access to highly secures areas such as data centers. He might require smart cards for doors, signing vendor documents, a digital signature, long-range vehicle tags, a username, and a password for PC, servers, and apps. These identities can be of 3 types –
- Physical Credentials
- Biometric Credentials
- Virtual Credentials
All identification methods are different from each other, depending on their usability and demand. In the case of physical credentials, one individual does not own a smart card permanently. The employee can willfully pass it on to another person. While on the other hand, biometric solutions can identify a person for their entire lifetime but needs to be encrypted and handled confidentially. Furthermore, virtual credentials can be hacked, compromised, and even forgotten by the end-user. Moreover, if an attacker threatens the user, they might have to give up the credentials.
Therefore, when considering these credentials methods, factors about reproducibility, storage, re-issue, safety, and expiry need to be considered. And so, a converged security management system should take the individual needs of each security system into account when designing a single interface to manage threats and vulnerabilities and subsequently configure policies to counteract them. Moreover, it’s possible to implement non-proprietary interoperable credentials and managers that work seamlessly across all devices within the organization without losing compatibility through a single converged solution.
Identify Hardware and Software Requirements
Once all the business entities and relationships have been mapped to their specific use-cases, it’s time to get down and figure out the hardware and software requirements to support these use-cases. Here, the primary conditions are that all software components should be able to communicate seamlessly with each other while supporting all entities. Furthermore, the system must support all credentials methods discussed above to facilitate seamless authentication and authorization on the hardware side.
To ensure interoperability, customizability, and scalability, all hardware and software implementation will be based on an open standard and run on the latest innovations while considering environmental impacts. At the end of it all, it should be a complete future-proof security system.
Here are some possibilities a fully-integrates system will equip your organization –
- If there is a fire drill in the facility, the system will locate and identify all people in the building in real-time. The list of personnel includes vendors, staff, drivers, employees, visitors, and much more.
- The integrated visitor management solution should be able to process and identify blacklisted individuals. Subsequently, the system will raise the necessary alarms to alert security personnel.
- Suppose an employee is no longer a part of the company. In that case, all related credentials and access policies should get revoked automatically from the system once the HR management fires an acknowledgment.
- With automated video analytics, you will be able to identify the source of a fire and related information through a CCTV camera once a fire sensor triggers an alarm.
Integration with Existing IT Systems
The physical security and access control systems in your company should integrate well with the rest of your IT infrastructure. To simplify the understanding in this regards, let’s look at the three major integration points –
1. Data Input
The incoming security system should have access to all existing data and all subsequent data. Furthermore, the system should integrate through well-known data input interfaces such as MS Active Directory or LDAP. If required, the engineers can put in place a web-service based integration. However, it should be possible to import all existing data into the new enterprise security solution at the end of it all.
2. Communication Service Interface
The incoming security system should communicate over existing communication interfaces through email, SMS, custom message portals, or internet protocols.
3. Data Output
The incoming security system should be able to output information to the expected devices or personnel. Examples of required output include payroll calculation, cafeteria management, meeting room management, etc.
System architects and designers should consider all four factors when designing and incorporating a new physical security platform that adheres to standard convergence principles.