Security convergence is a relatively new and diverse field, often talked about in security circles.
Theoretically, security convergence is about uniting the multidimensional disciplines of an organisation, in a one plus one equals three equation. In other words, a converged solution should be greater than the sum of its individual parts. Such that when proficiently applied it reduces security gaps, thereby creating a more efficient use of resources, while speeding up response times and efficient management of disruptive incidents. But what does this mean in the real world?
How does this translate in the real world?
Recently, my company received an invitation to submit a proposal for a security system for a new Academy school under construction. All education establishments present specific challenges from a security perspective. During the day incidents revolve around inappropriate behaviour of pupils: bullying, petty theft, and vandalism for example. At night and during the long holidays the threats can be more serious — extending to arson, theft, and criminal damage. The fact they contain a large amount of ICT equipment makes them a natural target for thieves.
To secure the site the original security specification called for the implementation of PTZ cameras to cover car parks, playing fields, and the building perimeter, and fixed cameras to cover corridors, entrances, and circulation areas, with all cameras digitally recorded 24/7 and monitored from the IT room. An access control system was required to control entry at the main entrance to IT rooms, offices, and main circulation doors. The intruder alarm system to provide out of hours protection consisted of door contacts to all perimeter doors and PIR detectors to all ground floor areas and first floor corridors, linked to two external sounders and an alarm-receiving centre.
We could have responded with a conventional solution to meet the specification and battled it out on price to win the order. However, I believe security needs to be involved in asking what the risks are and how will this affect the organisation.
So we engaged with the project leader to convince the client we could best address the risks by using a converged solution, incorporating the use of network video, access control, and intruder detection residing on the IT infrastructure, and sharing common databases. We were able to demonstrate from previous experience and convince the client, in a highly competitive market, that a converged approach would best meet the objectives of providing a secure environment, whilst minimising manpower and maximising operator efficiency and return on investment.
The converged approach
In this project, the development of digital security products and intelligent network video coupled with the power of information technologies, and the inherent ability to share common language and infrastructure culminate in the following benefits derived from this sometime uneasy alliance:
Lower cost of ownership: Utilising the IT infrastructure provided considerable savings due to reduced installation costs in cabling, associated containment, and fewer mains power outlets, with most devices utilising PoE. The intruder alarm is a facility of the access control system, completely negating the necessity for separate intruder alarms in the various areas. Liaison with the IT department reduced commissioning time as all staff, user, and student records are imported from the school database, with the access smart cards doubling as photo ID for staff and students. The use of common user management interface reduced operator training time.
Higher security and resilience, coupled with improved user management: Close cooperation with the client’s IT department ensured the network provides a robust fully managed and monitored infrastructure and that the applicable logical security measures exist to protect both the integrity of the physical security systems and the IT infrastructure. Conversely, the physical security measures protect the IT infrastructure. The staff and students’ smart cards provide secure log on to the ITC equipment, as authorised, and provided they are logged into the school.
The access control data is always accurate, as it is aligned to the current school database. If a staff member or pupils leave, the access rights are automatically denied, as they are deleted from the school database. The tight software integration between systems reduces security gaps, speeds up response times and maximises operator efficiency by drawing attention to exceptions to the norm, sending SMS messages to alert staff. Perimeter security is enhanced as cameras are configured to respond to intruder detection devices and perimeter doors.
Improved risk management: The system forms part of the Health and Safety “permit to work” procedure and provides accountability, with all actions and incidents logged by the system, and fast retrieval of recorded images as they are tagged by events on the other systems, accessed via common user work stations. This is coupled with increased business intelligence: Attendance records and time keeping are controlled by the Access System, reducing truancy and bad time keeping. Pupil movement around the site can be tracked (i.e. time taken between classes.
Greater return on investment: This is achieved through using the IT network as the transmission route for security and video data. This makes information more easily available to relevant users such as the facilities department monitoring the environment or the school attendance register being produced by the Access Control system.
Convergence in practice
During school lock up patrols, the usual security checks are carried out: is the building empty, are doors and windows secured? But in addition they address environmental issues on behalf of facilities: are lights out, is heating off, no leaks in cloak rooms, etc.
Security patrols assist to ensure adherence to tidy desk policy and check that confidential information such as exam papers and ID cards are not left unattended.
Security also supports the schools’ health and safety management ensuring, for instance, that fire doors are not blocked.
The surveillance system is used by teaching staff to monitor pupil behaviour: running in the corridor, bullying, etc., and the access control is used as a permit to work system.
The security system plays a major role in pupil attendance and has reduced truancy; from a security viewpoint this reduces petty crime and vandalism. From a compliance aspect, the school can validate its attendance and time keeping to regulators.
When incidents do happen, security often collate evidence to either assist with or conduct investigations.
What conclusions can we draw?
Much wider stakeholder involvement and cooperation is needed, as business justification is the driver for convergence.
The security sector needs to follow IT as a qualification driven industry to add greater credibility to the role of security. Professionals need confirmed security knowledge, how things fit into the network topography, and how and where to apply them.
Experience of security requirements and ability to deploy information gathering devices such as cameras and various sensors correctly is an area where we have an advantage over IT. This provides an opportunity for security to develop alongside IT as a business enabler.
This article was first published in IFSEC Global at http://www.ifsecglobal.com/how-converged-security-is-benefitting-schools/