Октябрь 2012


Last week I discussed some of the popular questions and answers on networked access control from my perspective as an analyst at ARC Advisory Group. With open and scalable architecture being a key area of interest right now for IP-enabled systems, I will continue this discussion with a related question:

Do you think the availability of open development platforms will accelerate innovation in the networked access control space? Can you think of some examples where we might see these innovations first?

As I stated last week, end users want the freedom to choose from a large range of products offered by various suppliers. As the market embraces open standards and scalable architecture, users are gaining more flexibility. Open standards allow users to select products from several vendors instead of being locked into one supplier. They also allow users to implement customized security solutions that are tailored to their specific needs, and users often rely on suppliers to help conceptualize and design the customized solution. Since users are no longer tethered to any one supplier - and there is more focus placed on providing customized solutions - suppliers have more incentive to be innovative, because it is the only way they will remain competitive in the long term.

While most companies and institutions have security, access control, and video surveillance systems installed in their buildings, and others even have incident response systems, perimeter detection systems, and alarm monitoring systems; they are generally a collection of isolated or "siloed" systems that cannot easily share information, if at all. Natural synergies exist between these systems and integrating them effectively creates one new system in which the whole is greater than the sum of the parts. Open system design facilitates this integration, as it provides these once disparate systems with the ability to communicate with one another.

Light commercial buildings, such as small- and medium-sized retail stores, health clinics and doctors' parks, churches, K-12 schools, and small office buildings represent a significant portion of existing and new buildings in most markets, yet do not typically employ advanced security or access control systems. This is gradually changing as intelligent controllers with enhanced control functionality and advanced software capabilities - such as HID Global's latest EDGE EVO and VertX EVO platform - becomes scalable, less expensive, and easier to operate.

A modular design allows users to implement streamlined system architecture, selecting only the features they deem necessary. This helps lower the total cost of the investment. By lowering the entry price for a modern security system, more of the small- and medium-sized customers that do not have as critical a need for a fully featured security system will implement intelligent security systems. In the past, this would have locked the customer into a particular system size and level of performance. With today's advanced controllers, thin-client software, and IP connectivity, it is possible to develop a migration path for customers and leave the option open for incremental improvements over time.

Joe Gillespie
Analyst, ARC Advisory Group

ARC Advisory Group has become the leading technology research and advisory firm for industry and infrastructure. Its coverage of technology and trends extends from business systems to product and asset lifecycle management, supply chain management, operations management, energy optimization and automation systems.


As an analyst and member of the Automation Systems research team at ARC Advisory Group, I'd like to take a moment and share our viewpoint on some of today's most frequently asked questions regarding networked access control solutions.

How quickly do you believe the physical security and access control market is shifting toward IP-based solutions?
In the past, security concerns inhibited the adoption of IP-based solutions, but end users have started to have more confidence in this approach. Although the market is observing a shift from analog systems to digital systems and IP networks, non-web based systems still generate more than 75% of market revenue.

By 2016, ARC believes IP-based systems will comprise more than 35% of the market in terms of shipments, and have a CAGR more than five times larger than non-IP systems over this period. Many new buildings utilize IP-based building control systems, so market growth will be heavily influenced by the strength of new construction markets.

What is the reason for this shift?
Many organizations are interested in IP-based video surveillance solutions and access control devices because IP networks provide many benefits that cannot be achieved with proprietary networks. With IP networks, many applications can share the same network and it's also possible to integrate these applications. Additionally, IP networks enable remote communications.

With adoption of IP technology, it's possible to seamlessly integrate various security systems. IP-based systems allow end users to manage video monitoring, access control, and intrusion protection on one single network in an integrated environment. Integrating all security-related processes ensures better facility management and many organizations that previously had various security systems on isolated networks are now investing in IP networks.

How important are open and scalable development platforms for facilitating this shift?
End users want security solutions that are easy to expand, customize, and integrate with other solutions. We're seeing a strong trend by more progressive end users to integrate previously disparate systems such as video surveillance, access control, incidence response, and others. Systems that use an open and scalable platform allow information to be exchanged seamlessly between the systems, creating a more robust security and access control system.

Also, end users want the freedom to choose from a large range of products offered by various suppliers and this is possible with open standards, which allows end-users to tailor their solutions to best meet their needs. Integration firms will be able to serve end users better as they can build a solution with products from various manufacturers. ARC firmly believes the market is headed in this direction.

Be sure to check back next week for more on open and scalable platforms and what this architecture means to networked access control end users moving forward.

Joe Gillespie
Analyst, ARC Advisory Group

ARC Advisory Group has become the leading technology research and advisory firm for industry and infrastructure. Its coverage of technology and trends extends from business systems to product and asset lifecycle management, supply chain management, operations management, energy optimization and automation systems.


Enterprises and other large organizations that moved to cloud-based tools - including SaaS vendors like Salesforce.com and HR/Accounting tools like ADP, lost secure access to their data along the way.

This is a problem.

The defenses these organizations have spent, in some cases, millions of dollars setting up (including firewalls, intrusion detection, strong authentication solutions and anti-virus) are no longer protecting them and their sensitive information.

That sensitive information is now residing elsewhere: "in the cloud", and this new reality requires a new approach that takes cloud storage and SaaS into account. We see four "roads" for how data travels in the cloud. Some of them simply ignore the problem, while others are viable solutions:

Open Access: Accessible on the Internet. Username and password are managed by SaaS providers, offering the minimal amount of protection for data and no solutions for your organization to control access.

Behind the VPN: Enables remote users to first authenticate to the corporate VPN (most likely via a One Time Password [OTP] solution), then enter username and password in order to gain access to both internal networks and cloud tools.

Federated Identity Management: User authenticates to central portal through which they gain access to multiple applications. This is also known as Single Sign-on (SSO) to the cloud.

Native Strong Authentication: Strong authentication deployed separately in each, individual cloud software application.

Each of these options must be able to stand up to external threats such as Advanced Persistent Threats (APTs), ad hoc hacking and former employees, along with internal threats such as protection against fraud from internal employees. Also, the solution must not sacrifice user convenience or the ability for employees to participate in the Bring Your Own Device (BYOD) phenomenon.

So, which of the four "roads" can stand up to all potential threats without sacrificing user experience?

Open Access is the easiest to implement, since it doesn't involve doing anything, but it doesn't deliver the required security measures. Behind the VPN seems like an obvious choice, however it's inconvenient for users, who have to go through two login steps to access the application. It doesn't scale well to BYOD, since it requires VPN clients to be deployed to a wide range of different personal devices. Native Strong Authentication would work great, but is quite inconvenient, with each application requiring its own, specific security solution.

Federated Identity Management is an ideal choice. According to a recent Gartner study, Federated Identity Management is less than two years away from mainstream adoption.

There is a reason for this. It has some very strong plus points for these types of deployments, such as:

- Flexibility of different authentication methods
- No requirement to install on end user devices
- Centralized audit record of which applications were accessed by which user, and when

For organizations aiming to mitigate risk both internally and externally, without sacrificing employee convenience, federated identity management is the best way to address data moving to the cloud: not only with SaaS applications, but also with internal apps which are stored elsewhere. It gives users a single location to access the applications they require to do their jobs, and gain access to the far flung data those applications own.

What type of solution is your organization implementing to ensure data stays secure in the cloud?


In my last post about HID Global's activities at ASIS this year, I talked a little bit about our end user panel at the show. So many great insights were shared about the benefits of mobile access and the results from our recent enterprise pilots that I thought it would be interesting to provide more details here.

First, I must say that HID Global was thrilled to have representatives on our end-user panel from Netflix and Good Technology. These companies recently collaborated with us on the industry's first enterprise mobile access pilots that use NFC-enabled smartphones for opening doors with HID Global's iCLASS SE platform (which includes our new iCLASS Seos credentials for use on NFC smartphones). To provide additional valuable insights, the panel also included executives from Equifax and Microsoft, two industry leaders that have also evaluated our mobile access control technology.

A common theme during the discussion was how the pilots reinforced the notion that people treat their mobile phones almost like an extension of their identity. They take them wherever they go, which means that employees in an enterprise mobile access environment are far more likely to forget or misplace their badge or ID card than a phone that carries their ID credentials.

Another interesting theme was how easy mobile access control is to use. Pilot participants were able to get through doors with their smartphones with almost no training, and there was a lot of excitement about the pilots through the entire organizations. Even non-participants were pulling out their phones and trying to present them to the readers to see if they could open doors, too. Once they realized this would only work if they were part of the pilot, many employees asked how they could get involved!

Taking a 40,000-foot view of the future of mobile access, all of the panelists discussed the need for widely available NFC-enabled phones in the market, as well as standards-based solutions to simplify adoption. They also said there was a need for everyone in the industry to be in lockstep, contributing to a shared vision for the deployment and use of mobile credentials. They felt that network operators will also be an important part of this equation and, ultimately, the provisioning process.

All of this is just a small sampling of what was discussed during the event. Click here to watch the entire panel discussion, and you can also check out the mobile access pilot videos here.

I know I speak for all of HID Global when I say how much I appreciate the valuable contributions that Equifax, Netflix, Good Technology and Microsoft made to our end-user panel discussion at ASIS this year. I especially want to thank Good Technology, Netflix and their employees who participated in the pilots. You can be sure that HID Global will have more trials and deployments to share in future so stay tuned!