It’s all too easy to get caught up in energy this year. It is easy to forget that energy was only one of the reasons I was drawn to enterprise interactions for building systems. There are compelling reasons to integrate physical security systems with enterprise systems and their techniques. Physical security is typically broken up into three areas; access control, intrusion detection, and monitoring. These systems rarely interact unless installed by the same vendor, and even then, significant integration may be required.
Security is not about locking the door; security is about responding the right way at the right time. The true core of security is situation awareness.
Last week, I was awakened in hotel by a couple letting themselves into my room. It was clear that they had a pass key, and were surprised that the room was occupied. I had checked in after 10:00. There is no doubt in my mind that this was a tryst planned earlier in the evening when the hotel systems still showed the room as vacant. There were minor problems in housekeeping, unusual in a high end hotel, such as hair on the bathroom sink, that may have not been due to insufficient housekeeping. The hotel manager said he would send a security officer to read the access log on that door, an officer who never showed.
Was it a romantic tryst? Was it a side deal arranged with the one of the numerous prostitutes working the bar at this Embassy Row hotel? In either case, it is a system failure and a liability risk caused by non-communicating, siloed system.
Access control is token management, whether the token is an old brass key, or an updated computer token or biometric ID. Large institutions may have token approval driven by central databases, but these databases rarely interact well with enterprise records. Personnel records, hotel registrations, and contracting status are obvious interactions. These systems usually only simulate such interactions, perhaps through daily or weekly batch updates. Access to hotel common areas often works until your original check out date, even if you leave early. Hotel room keys often continue to work until your original check out date, even after you change rooms.
There are some simple interaction across IT and Access Control silos that I have seen, one that today require unusual integration. In a high security facility, a user’s network login is disabled if his access card has not come though the front door today. In a chemical plant, assigned laptops only get network access in certain areas if the correct person has entered the room.
Intrusion detection begins with the night watchman and is automated as vibration sensors on glass and contact closures on doors and sashes. These may be wired back to a central monitor, and they may be able to recognize unusual local conditions, such as a door propped open. It is usually difficult to find patterns of potentially harmful behavior. An alert, intelligent security officer may spot patterns, and anticipate intrusion, but these decisions must be informed by enterprise activities. For example, a catering staff may routinely prop a series of doors open an hour before a reception. This may be OK, except if the event is a presidential debate. Few systems have the situational awareness of business operations to automate the process; those that do require significant customization.
Because network and information security is potentially vulnerable from anywhere on the planet, there is a competitive market of tracking patterns of events and recognizing unusual patterns on a user by user basis. As criminal attacks recognize these, the attacks become more sophisticated, too. A couple years ago, credit card information stolen through Brazilian servers was re-appearing within 24 hours on East European markets before surfacing as fake cards in New York City. Different individuals might by a small breakfast, and lunch across town, before making a significant purchase in the afternoon. The whole scheme was predicated around gaming the fraud detection systems. The Policy Based Event Management systems are now able to catch such rote attacks, as well as many others that I will not describe here.
True security is always about situation awareness. Unless security systems are aware of wider enterprise issues, they are not aware of much. Security systems can also contribute awareness to other operations in the enterprise. Later this week, I will try to post some leading scenarios for integrating access control, with enterprise operations, emergency response, and with federated identity management.
Security is not about locking the door; security is about responding the right way at the right time. The true core of security is situation awareness.
Last week, I was awakened in hotel by a couple letting themselves into my room. It was clear that they had a pass key, and were surprised that the room was occupied. I had checked in after 10:00. There is no doubt in my mind that this was a tryst planned earlier in the evening when the hotel systems still showed the room as vacant. There were minor problems in housekeeping, unusual in a high end hotel, such as hair on the bathroom sink, that may have not been due to insufficient housekeeping. The hotel manager said he would send a security officer to read the access log on that door, an officer who never showed.
Was it a romantic tryst? Was it a side deal arranged with the one of the numerous prostitutes working the bar at this Embassy Row hotel? In either case, it is a system failure and a liability risk caused by non-communicating, siloed system.
Access control is token management, whether the token is an old brass key, or an updated computer token or biometric ID. Large institutions may have token approval driven by central databases, but these databases rarely interact well with enterprise records. Personnel records, hotel registrations, and contracting status are obvious interactions. These systems usually only simulate such interactions, perhaps through daily or weekly batch updates. Access to hotel common areas often works until your original check out date, even if you leave early. Hotel room keys often continue to work until your original check out date, even after you change rooms.
There are some simple interaction across IT and Access Control silos that I have seen, one that today require unusual integration. In a high security facility, a user’s network login is disabled if his access card has not come though the front door today. In a chemical plant, assigned laptops only get network access in certain areas if the correct person has entered the room.
Intrusion detection begins with the night watchman and is automated as vibration sensors on glass and contact closures on doors and sashes. These may be wired back to a central monitor, and they may be able to recognize unusual local conditions, such as a door propped open. It is usually difficult to find patterns of potentially harmful behavior. An alert, intelligent security officer may spot patterns, and anticipate intrusion, but these decisions must be informed by enterprise activities. For example, a catering staff may routinely prop a series of doors open an hour before a reception. This may be OK, except if the event is a presidential debate. Few systems have the situational awareness of business operations to automate the process; those that do require significant customization.
Because network and information security is potentially vulnerable from anywhere on the planet, there is a competitive market of tracking patterns of events and recognizing unusual patterns on a user by user basis. As criminal attacks recognize these, the attacks become more sophisticated, too. A couple years ago, credit card information stolen through Brazilian servers was re-appearing within 24 hours on East European markets before surfacing as fake cards in New York City. Different individuals might by a small breakfast, and lunch across town, before making a significant purchase in the afternoon. The whole scheme was predicated around gaming the fraud detection systems. The Policy Based Event Management systems are now able to catch such rote attacks, as well as many others that I will not describe here.
True security is always about situation awareness. Unless security systems are aware of wider enterprise issues, they are not aware of much. Security systems can also contribute awareness to other operations in the enterprise. Later this week, I will try to post some leading scenarios for integrating access control, with enterprise operations, emergency response, and with federated identity management.