Access and ID Management Systems are continually evolving, with increasingly advanced functionality built into the software adding immense value to organisations. And because some of these systems are now modular and built on open systems, they enable organisations with non-integrated, limited functionality access and identity management systems to migrate to more sophisticated solutions at their own pace – as risk demands and budgets allow.
The key issues confronting businesses are asset protection, protection of data and intellectual property, and the safety and well-being of staff and customers. However, access and ID management systems, if integrated to HR, building management and other enterprise systems, can add significant value. The question is when, how and how fast to migrate to fully integrated solutions.
Format, software & hardware choices
For users, access and ID management systems are primarily distinguished one from another by the types of access devices used – a smartcard, proximity reader, biometrics or keyless cards. These ID format types can mostly be retained by organisations with updates to software, enabling enhanced functionality.
A consideration in the selection of software, which continues to rapidly advance, is to ensure that it interfaces to leading systems like SAP and Oracle whose HR suites are widely adopted. A quick solution to this is to look at which security solutions SAP, for example, interfaces to, and select from these ranges.
Primarily, organisations need to be able to add more sophisticated options for high risk areas – e.g., have a standard format type (say a smartcard) for everyday personnel but added security in the form of biometrics for access to a data centre or an area where important or high value assets are kept.
The software is generally acquired in a standard version and configured to the needs of the organisation. And since most ID and access systems are modular, offering CCTV, guard tours and HR system integration as add-ons to the standard system, for instance, organisations can integrate these features easily.
The hardware that makes up these systems (the readers, controllers and locks), on the other hand, comprises possibly the most expensive part of any security solution. It thus makes sense to re-use as much of the infrastructure – down to the wiring – as possible when upgrading. Happily, some ID and access systems are today built on open systems using standard protocols like BACnet, OPC, XML and MIS that offer new and more efficient ways of communicating data and can even be interfaced to Web services. Organisations can thus re-use much of their existing hardware.
In South Africa, and globally, ID and access management solutions vary broadly with myriad proprietary, off the shelf (local and international) solutions being implemented. How these solutions are configured and integrated into the enterprise solutions of the company depends entirely on the profile of the organisation.
In a mine, where high value assets are taken out of the ground and the operating environment is hazardous, security systems are integral to the operation of facilities. They can also play an important role in ensuring health and safety regulations are met if they are linked to HR systems. For instance, staff access to specific areas may be denied if they have not attended a mandated training course or have worked a maximum number of hours.
Where ID and access management is critical, organisations often develop proprietary systems. One company that made such an investment is platinum producer Lonmin. When it recently decided to update and upgrade its security, extending its investment by retaining its proprietary readers and identifiers, which did not use standard protocols or ID solutions, was a major consideration. Johnson Controls won the contract due to its ability to embed the drivers for this system in its hardware and incorporate it into its standard rules-based technologies.
Other organisations, like Rhodes University, need to ensure fast and complex registration of individuals whose status will change throughout the academic year. Johnson Controls assisted here too. Approximately 7 500 new students are registered annually using an online solution. It takes a mere 20 seconds to issue students with smartcards that allow them to access university faculties, residences and services (e.g., library and canteen). And these cards are dynamically updated so if there is an incident or the status of the individual changes, access is immediately removed or adjusted.
Yet other global organisations, are driven by the need to standardise systems and policies in order to enable consistent responses across all their branches or facilities.
The returns provided by an investment in security can today be measured not only in terms of mitigation of the company’s risk – integration and the use of specialised functionality can add significant value.
For example, in a commercial building linking a basic access control system to utility controls via the building management system can provide energy management capabilities that can cut costs for the organisation as well as enhance its eco-sustainability.
Other solutions like RFID will assist in tracking expensive equipment. And interfacing to HR systems can enable automatic updating of timesheets. There are also advantages to be had from integration of access control with Health and Safety rules. And, of course, limitations can be placed on access to IT systems or information depending on the role or status of individuals.
However, whatever the needs of the organisation, a key factor to ensure the longevity of an ID and access management solution is the incorporation of best practices and standards – in the solution itself and in any development or integration work required.