Is Convergence of Physical And Logical Access Control All Talk, Or Is It The Next Big Thing?
The correct answer is…both. Sometimes you don’t know what you don’t know, and that was the case a few years ago when the physical security world declared that physical security and IT were now converged. Early on, it was more of a marketing term than reality. It sounded cool, and IT, after all, was where the money was.
To many in the physical security business, convergence meant connecting your current hardwired product to a device that converted serial communications to TCP/IP. To others, it meant using the same card to unlock a door and to log onto a computer. All too often, to the people we were converging with and for, (IT providers and users), it unfortunately meant nothing. We, as an industry, had to learn to walk before we could run, and before we could declare convergence and get proper attention to the convergence message, we had to pay our dues.
Living on the network was one thing, and was the first step towards convergence. To truly be a converged solution, however, we needed to live not just on, but “in” the network. In other words, it was data that needed to be shared, not just network plumbing.
Convergence implies true interoperability, not just simple point-to-point, custom interfacing. As the physical access control industry has learned through video integration attempts, custom interfaces tend to be costly, brittle and unsustainable. Our IT counterparts would consider these types of integrations proprietary implementations, not converged solutions. True convergence would allow for plug and play interoperability across multiple systems, sharing unstructured data through unstructured relationships.
Furthermore, the term convergence itself is a bit limiting, as it implies two things coming together. It is not just logical security with which physical security needed to interoperate, but the entire enterprise security and risk management ecosystem – identity management, personnel management, credentialing, authentication and authorization, network access, directory services, attribute management, visitor management, SIEM, SCADA, video surveillance, employee onboarding, provisioning and de-provisioning systems, etc.
Achieving this level of interoperability and convergence requires at least two things: standards, and trust. An extreme example of standards and trust at work is the internet – users running any of a number of browsers, running on a wide variety of hardware and operating system platforms, through multiple brands of switchers and routers and communications infrastructures all manage to communicate with each other.
While that kind of standards-based interoperability does not yet exist throughout the physical security industry, things are moving that way. Organizations like ONVIF, NIST, the Security Industry Association (SIA) and the Trusted Computing Group are among those developing communications standards and trust models that forward-looking physical security and IT system providers are adopting in their products and systems.
That all being said, there are many examples of real-world converged solutions that exist today. Under FIPS201 standards, the US Government has defined and implemented a model that allows government employees to carry a single government issued smart card (PIV/CAC) that is issued from a common trusted source, that can be used in different compliant access control systems around the world, and take that same card and use it to log onto a computer, with an authentication process secured by a third party PKI certificate infrastructure.
It is that type of standards-based environment that allow commercial and government users to link presence in an area (as determined by the physical access control system) to that user’s ability to access network resources, minimizing door tailgating and user password hacks.
The bottom line is, convergence exists not in the technology, but within the user experience. As we bring solutions to market that solve customer problems, customers will adopt them. If those solutions happen to be “converged,” so much the better.