As a Security Director, I spent a lot of time seeking a single solution that would fulfill all my physical security operational needs — like bending an access control system (ACS) a bit to perform functions outside of its scope and attempting to build custom integrations for video management systems (VMS) – all to create some additional efficiencies.
Ultimately, what I discovered was that the development, upkeep, and maintenance of these were 100x more costly than the benefits received; the ROI simply was not there.
For example, I experimented with using my ACS as our organization’s GSOC operations platform. Our operators could monitor access control general alarm activity within the ACS, and we purchased integrations with our VMS to enable video feeds. The concept was solid, and it was a good first step in the right direction. However, we consistently battled with the right filters and configurations to ensure critical event information was presented to the operators while system noise was not.
In this scenario, we also discovered that it was costly to expand this across the enterprise – both for the integration licenses and the need to transition to a standard ACS platform. s long as the ACS was securing the door and managing physical credentials, we struggled to justify that investment.
Access control itself wasn’t enough to bring insights to security leadership in the way that we needed it to in an effort to prove ROI. And for many businesses, the struggle is still prevalent today.
What is traditional access control?
The basics of traditional ACS are consistent: electrified locking hardware is controlled by a centralized database that provides identification and authentication management. When the hardware is presented with a credential, the information is compared to the database, and the decision to open the door (or not) is made.
Whether it is a badge, a key fob, or your face, the general process flow is the same. The ACS product is purpose-built for this functionality, and it performs it very well. It is when we want to expand the use of the ACS beyond its designed functionality that we run into challenges. Traditional ACS have not changed in decades, and there is no compelling reason for them to change.
Challenges of traditional access control
While ACS is necessary for protecting physical assets, there are a number of limitations of traditional versions that require a new way of thinking, including:
- Traditional access control systems often operate in isolation, limiting the overall visibility of security operations
- Integrations force information to process through the context of how an access control system operates
- The above creates limitations to how events and critical information can be viewed
- Expanding or upgrading a traditional ACS can be complex and costly
- Connecting disparate access control systems is extremely difficult and will almost always require additional integrations, software, and licensing from both systems to function
- Traditional access control systems release new functionality every 12 to 18 months, lagging the release cadence expected by software offerings
- Traditional systems primarily offer a reactive approach to security incidents, with limited real-time monitoring and response capabilities
- It is highly manual for the operator and requires reviewing information in multiple systems to acquire all the necessary context
"Creating an ecosystem and combining physical security tools seamlessly can help businesses tackle higher-level problems across the organization."
How access control is improved with a physical security ecosystem
Modern security leaders struggle to shove new functionality into old tools, which no longer serves the security industry. As we look around us in other business functions, there exists significant collaboration and integrations between different tools that are extremely well-suited for their purpose. This is where a physical security ecosystem comes into play.
An ecosystem is defined as a community of interconnected organisms. In the context of physical security, the view is that an ecosystem is made up of various technologies brought together to serve their designed purpose while creating increased value through their connection.
The vision is more of a “the whole is greater than the sum of their parts” scenario. Creating an ecosystem and combining physical security tools seamlessly can help businesses tackle higher-level problems across the organization. Doing so can mean the following:
- Integration and interoperability
- Connectivity with various security systems, including access control, video surveillance, intrusion detection, and any other peripheral data source that is capable of providing beneficial information
- Increased value for the security operation by delivering real-time data sharing and integration
- Real-time monitoring and alerts
- Improved real-time monitoring, proactive alerts, and analytics
- Increased ability to identify and respond to security incidents as they happen
- The transition from volume metrics (how much/how many) to performance metrics (how are we doing)
- Scalability and future-proofing
- The physical security ecosystem can readily adapt to evolving security needs and growth without substantial costs
- Scalability and future-proofing in modern security solutions.
Building a physical security ecosystem is a lot more about ensuring customers are at the forefront of innovation and thinking more deeply about what will move the needle for them as they continually aim to prove ROI for security investments. Without the ability to do so, security programs suffer and leaders will struggle to protect people, assets, and the brand from continually evolving threats.
Recently, I was named Head of Ecosystem Partnerships, where I have the privilege of working with companies that “get it” and put customer experience and functionality first.