By Rob Martens, Futurist and Director of Connectivity Platforms at Allegion
For several years now, security professionals have been on the front lines of a remarkable convergence of two worlds – physical and digital. Security system integrators are shifting from being strictly focused on hardware and electronics to more services, software and networks; security purchases are increasingly being rolled up into IT because the hardware solutions need to access the network. The resulting turf battles have been as predictable as they are heated, with facility managers and CIOs each struggling to do what they think will be best for the facility and its occupants.
But while those battles are still being fought, there is another, even bigger shift that is just beginning to ripple through not just the industry, but the world as we know it. The Internet of Things, or IoT, is not just a new trend, it is the next evolution in the revolution that began with the invention of the internet. It represents a fundamental change to the access control industry that not only impacts the kinds of tools we use and how we use them, but who makes the decisions on the customer side of the table. Most importantly, it is disruptive, in the best and worst possible ways, and we have only just begun to see its potential to impact our lives. Security dealers and integrators have a major role to play here as industry knowledge is critical to preventing consumer exposure to unforeseen difficulties and dangers.
What is the IoT?
The phrase “Internet of Things” was coined by British tech pioneer, Kevin Ashton in 1999. The simplest definition and vision of the IoT is that billions of sensors and smart devices will connect and share information with each other to enhance the collective experience of the end user. This is done by collecting, cleaning and analyzing the data provided. This then allows for predictive and real-time actions to take place on behalf of the user and the associated community.
It helps to think of the IoT as the Internet itself, evolved for a third time. In the first two evolutions (or waves) of the Internet, we were either connecting via desktop computer or on a mobile device- like a smartphone or a tablet. In the third evolution, smart devices communicate and deliver information to the Internet without human intervention at a scale that we’ve never seen before. By the years 2020-2025, it is projected that there will be as many as 50 billion connected devices operating on the planet, generating data in volumes previously unseen.
Irrational Exuberance and (not so) Irrational Fears
As with any new technology, the IoT has given rise to both. The IoT has become a mega-trend, and investors are willing to place significant bets to satisfy perceived desires in the marketplace.
Being able to connect your product to the Internet is no longer sufficient and the ability to make a security device doesn’t mean that you understand how to effectively apply this new technology. A good example of this is the focus by some providers on the convenience of proximity-based auto-unlocking. In some cases the wow factor has overshadowed the potential of dangerous exposure by opening the door without a clear intent of some kind from the user. The approach to these types of solutions differentiates the thought process of a security and safety provider from others who see an opportunity, but may not have the experience to see the potential life safety implications.
At the other end of the spectrum are those who recognize that by exponentially increasing the number of connected devices, you are simultaneously increasing the number potential access points for hackers to exploit. According to industry analyst Gartner, the black market for fake sensors and video data that would allow data to be compromised or manipulated will be worth upwards of $5 billion by 2020.
And hackers aren’t the only ones consumers will need to worry about spying on them. In February of this year, the U.S. Director of National Intelligence James Clapper told a Senate panel, “In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
When added to the almost daily media announcement of the latest firm whose data has been hacked, from Target and Neiman Marcus to the U.S. government’s own Office of Personnel Management, it creates the not unreasonable impression that digital security solutions are less secure than mechanical ones. It is this public perception of the vulnerability of connected security systems that can create an even greater risk – inaction.
All or Nothing
It’s easy to understand why many would feel as though there clearly isn’t a connected system out there that is “fully secure”, so why spend the money on any of them? Consumers are well aware of the risks associated with being an early adopter of any technology or product. No sooner do they invest their money in one item then a competitor will introduce a much better one that, of course, is not compatible with their system.
But doing nothing is not a plan for anything except failure. Instead, you must plan for everything to be hacked from the beginning of your selection process. For example, picking a lock is a hack, and so is stealing and using a master key. What matters most is how quickly and effectively you are able to respond to the attack. In many cases, digital solutions can facilitate a faster and more robust response to those situations than a traditional mechanical lock or solution. If the master key is stolen, is it easier to physically rekey each lock, or is it faster and more efficient to change the firmware remotely impacting all of the locks at once with minimal touring? All of these things must be considered when selecting a solution.
Getting past the inertia of indecision can often be managed through detailed communication and concrete information about how the building’s systems can live side-by-side and how integration can benefit the customer in the long run.
The front lines of IoT in this industry can be seen in building automation. Security integrators are realizing there is a business opportunity in every building and access control is just one piece of that potential business. This new technology is enabling the deployment of electronics within a building’s ecosystem of services, from physical access control and logical access, to lighting and HVAC systems.
Consider a building where employees scan a badge or present a smartphone-based credential for access. When access is granted the building’s other systems are triggered to turn on the lights, adjust the temperature and alert security that someone has accessed the building. During the day the network monitors water use, sending an alert to facilities if a restroom faucet is left running or if a normally locked door is left ajar. At the end of the day, the access credential is used to exit the building, triggering the reverse actions of the morning – lights are dimmed, temperatures are lowered and doors are locked. While access control may be the “trigger” for all of these functions, the entire system is based on a sophisticated network.
Every aspect of a building’s operation ties into a network, from lighting to intercoms, access control, video, fire safety and climate controls. This is further driving the interoperability of these previously disparate systems to enable services such as location-based decision making that will provide a new level of value to channel partners and end users.
Creating ROI for end users
In order to effectively sell a multi-part integrated network, it’s critical to be able to pinpoint the end user’s possible return on investment. This can be achieved by a detailed cost analysis that compares current use and expenses to the results that can be achieved through upgrading equipment and integrating technology. And the results aren’t limited strictly to energy savings:
· Upgrading to stand-alone intelligent controllers can reduce lighting expenses by as much as 40 percent.
· Buildings with strong southern light exposure can adjust HVAC and lighting based on actual conditions, rather than a fixed schedule, taking advantage of natural heat and light to reduce energy use.
· Buildings with door and window sensors can detect when doors and windows are open, signaling the system to automatically turn off the HVAC system while also alerting security personnel to a possible unauthorized entry.
These examples of ROI are significant whether your customers occupy large commercial office buildings, healthcare clinics, restaurants and hotels or even manufacturing facilities. Buildings waste a lot of energy. Just by propping a door open can cause the HVAC system to go into overdrive, pumping out air and creating significant energy waste. The ROI on building automation can sometimes free up money for other projects, while enhancing technology, comfort and security. This can be a game changer for customers in the education, healthcare, and government markets.
When groupings of these smart devices work in unison they can reveal previously unseen patterns and opportunities. These results generate huge opportunities and, in the case of our industry, a much more personalized experience for the building/facility user and greater efficiencies for the owner.
Even as this technology is fundamentally changing the traditional boundaries of security, so too is it causing a shift in the decision making authority from facility managers to the IT leadership. This is a trend that began as more companies migrated to IP-based video surveillance and access control systems, and IT managers became increasingly involved in physical security decisions. However, in many companies, there still remains a clear division between physical access control and IT security departments with little interaction between the two.
Facility managers are frustrated that they are expected to adopt the new IoT technology without much experience. They are also worried about the implications of this change as they will ultimately be held responsible for them. The CIO is largely unfamiliar with the physical security implications and has serious concerns about the impact this technology will have on the network. Both parties are concerned that when a building is fully automated and networked, a failure in one area can cause failure in others.
Security dealers, consultants and integrators have a critical role to play in this situation. Helping to create a working relationship between the CIO and the facility manager is crucial to the successful adoption of the IoT in access control moving forward. Educating the CIO in understanding physical security, and bridging the knowledge gaps for the facility manager with smart device technologies will be a key differentiator for successful dealers and integrators as the industry inevitably moves to a more IoT centric mindset.
Providers and integrators are essentially the glue for the coming wave of IoT enabled facilities. This core group should present themselves as a coordination point for the IoT where they act as a mediator between the CIO and the facilities manager – a knowledgeable, trusted voice. You are the junction box through which they will communicate and IoT will move at the speed of that relationship.
Communication is Key
So how do you foster communication between the two worlds of digital/connected and physical security?
1. Start early. Make sure the leaders of both areas are involved right from the beginning. This will set the tone for working together to jointly develop a solution.
2. Make sure both sides have the opportunity to voice their concerns. This will give security the opportunity to understand IT infrastructure and how the addition of locks or cameras can impact the network. It will also give IT a better appreciation of the liability and reputation risks of not having a proper security solution in place.
3. Speak both languages. Stay current on the latest fire, life safety and building codes and understand their implications on the products you specify or sell. At the same time, you must be able to demonstrate to IT that you can speak their language and understand how the system is being utilized. This is the best way to reassure both sides that you’re there to help them avoid problems, not create new ones.
4. Clearly identify their capabilities. You’ll need to ask several questions, such as:
· What IT security policies and standards are in place?
· Can the system support security beyond PCs?
· How is cabling installed?
· Is the server environment virtual?
· Do you maintain backups or do you want the integrator to do that?
· How do you onboard a new application?
· How do you want to handle maintenance of the security solution?
5. Think long-term. It’s important to view the partnership beyond the basics of
installation, implementation and maintenance. Consider how you can partner
throughout the life cycle of the security solution for three, five and even ten years down
the road. This will allow them to continue to leverage the network as security
needs — and technology — continue to evolve.
Building Successful Partnerships
Security projects are becoming increasingly complex, often requiring the expertise of several professionals, which could include architects, IT and even the manufacturer. The challenge is bringing together all the consultants and working collectively and collaboratively toward a common goal. Because technology, security hardware products and building codes change regularly — or have nuances to them — it’s important that a large security project is approached from several angles. One individual or company doesn’t typically possess all the knowledge that any security project requires, but by garnering the collective brainpower—the expertise and experience of each advisor — the consultancy team can identify and develop the best solution for a facility today as well as in the future.
As with any group project, communication is key to ensuring there are no misunderstandings about who is responsible for what. Once the entire team is assembled, it’s helpful to formalize the working relationship by developing an official statement of work that clearly outlines deliverables and expectations for each consultant on the team. This is also a good time to:
· Clearly outline the project scope
· Identify the expected deliverables
· Prioritize the key elements
· Develop a preliminary timeline
· Estimate a budget range
· Create a list of internal stakeholders
However, one of the most important decisions will be the selection of the right manufacturer. As security providers, one of the biggest challenges you will face is evaluating all of the people who will be coming to you with their solutions. Some will have incredible funding behind them, but the inherent knowledge is crucial as there can be real danger associated with some of these products. Understand what your exposure is and look for companies that have experience partnering with other consultants and stakeholders — architects, integrators, IT, one card providers, building owners, facility managers, etc. — to develop comprehensive solutions.
Many IT departments are struggling to cope with the convergence of so many new technologies on their network infrastructure. In addition to traditional network security threats, they must now also monitor devices such as HVAC systems, Smart Grid power monitoring, control devices, as well as IP-based access control systems and networked surveillance cameras to the prevent exploitation of these potentially vulnerable network nodes.
But connected security is also heavily dependent on physical security. An attacker gaining physical access to a terminal where a memory device can be plugged in is all that would be necessary to create a tool to be used in an attack. The lack of integration between physical and connected security creates a number of challenges that can be exploited.
As Scott Borg, Director and Chief Economist of the U.S. Cyber Consequences Unit recently commented, “As long as organizations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organizational level.”
Ultimately, protecting the most important asset of any company - its people - requires a combination of physical and cyber security. Integrating the two will allow companies to more effectively maximize the strengths and minimize the weaknesses of both while creating a safe secure, efficient, interconnected and fully automated environment.
As stewards of the security industry, we must be diligent in understanding what is happening in our space. Some of these technological changes will occur rapidly, while others may take years to appear and be fully implemented. If the speed of adoption of connected electronics and the IoT is to increase, it is vital that people who understand the core elements of physical access control lead the application of these new tools wisely. With the proper focus, this technology can be adopted safely and will generate great benefits for the owners.
About the Author
Rob Martens is the Futurist and Director of Connectivity Platforms at Allegion. As technology strategist and futurist with a special focus on the IoT, Rob is responsible for identifying and incorporating trends, opportunities and partnerships in the electronic product space. Respected for his unique industry perspective, Rob has been featured as an expert panelist at International CES, the Golden Seeds Annual Summit, the IoT Global Innovation Forum, Internet of Things World and CE Week, among others. A former corporate CIO, his professional background includes CPG, industrial manufacturing, distribution, financial services, consulting, education and automotive businesses. Rob is a graduate of the University of North Carolina at Chapel Hill.