While half the world is busy declaring Apple’s inclusion of NFC in its new iPhone as revolutionary, those of us in the security business know it’s old hat. Like the non-iPhone market, however, the access and identity industry has been plodding on for years, barely appearing above the more exciting technologies that get all the attention, but still changing and growing to incorporate new technologies to supplement and extend the solutions millions use every day.
To kick off our Access and Identity Management Handbook for 2015, Hi-Tech Security Solutions asked a few systems integrators to joins us around the boardroom table to talk about what they see happening in the industry. We opted for integrators because these are the people who, despite what may be touted by vendors as the latest and greatest, are actually involved in installing and making solutions work in the real world, giving them a keener insight into the mind of the customer and what technologies actually work.
We were fortunate to have the following people as our guests:
* Mike Ellison from Bytes Technology Group,
* Neil Cameron from Johnson Controls,
* Freddy Niehaus from the newly merged Bidvest Protea Coin,
* Kelly McLintock from UTM Group, and
* Wayne Schneeberger from EOH Security and Building Technologies.
What is happening?
Our first question to the table was about what the attendees were seeing happening in the market? Is the access and identity business as dull and boring as it sometimes seems, or are things changing?
Cameron sees a dual trend in the market. On the one hand, basic access control solutions are becoming commoditised as more products flood the global market, and these are getting easier to install and set up. On the other hand, there is the higher end of the market where people are demanding more than simple access and require more customisation and integration work from their integrators.
With a view to better security, some companies are trying to control their people, almost like assets, says Schneeberger. This is especially visible in the services market where organisations have remote operations and they need to know when their people are on site, for example. Access technologies form a part of this trend as it allows management to know where their people are at any particular time.
McLintock agrees with both and says the result of this is a demand for more interoperability between platforms at the enterprise level. Even in remote operations, we’re seeing a standardisation of credentials that will allow people to move freely without the hassles of getting a new credential at each location. More companies are also requiring their physical access to be managed from a single point, such as Active Directory, to enforce standardisation and a central point of control.
In fact, the availability of newer technologies is what makes interoperability almost a given. A simple example would be the latest wireless biometric systems that offer more than simply the ability to unlock a door. And this is bringing in more cooperation from other parties, such as the corporate network administrator.
Niehaus says the single management perspective is crucial for many companies, not only from an access perspective, but to ensure that the same identities can more easily be integrated into different platforms and products, be it access, surveillance, asset tracking etc. This is even more important as mobility increases and people are able to avoid coming into the office, rather reporting for work on site and managing themselves, or being managed via mobile technology.
The benefit of mobile technology and a single point of management is that access control reports are not only done monthly to calculate hours, as in the past, but Ellison says it allows for real-time reports which allow for intelligent analysis in terms of efficiency and productivity.
Overall, Niehaus says customers don’t ask whether integrators can do access control anymore, it’s a given. They want to know what value you can bring to the table in addition to the ‘normal’ access solutions. Schneeberger agrees, saying it’s almost at the point where the traditional access control company is viewed more like a locksmith that knows door hardware, but enterprise users want that and more to empower them to manage their people and resources more efficiently.
One of the areas in which this added value is witnessed is that of workforce management (WFM). This is not only applicable in the enterprise space, but also smaller companies where mobile and cloud technologies allow small, dispersed groups to be more effectively managed to deliver optimal productivity.
Workforce management to the fore
Far from the traditional time and attendance (T&A) solutions that provided organisations the ability to more accurately control workers clocking in and out, Ellison says WFM has expanded T&A to include the whole facility. You are talking about tracking people on site so that you know what they are doing and where they are, making it easier and quicker to evacuate them in an emergency, for example. WFM is the total management of that workforce rather than just a single entity of making sure the right person is on site at the right time and clocking people in and out. It’s more of a global management function.
It has also expanded to include health and safety issues, according to Schneeberger, including whether people are fit for work, sober and wearing the right kit. As with traditional access, organisations want WFM to cover all aspects of workforce management from a single console, accessible from almost anywhere.
Companies today understand the importance of health and safety from a legal as well as an ethical perspective and WFM is also used to track individuals’ qualifications and certifications, warning them well in time when they are about to expire or when a regular medical checkup is required etc., says Niehaus. Even contractors are being integrated since the organisation is responsible for their wellbeing when on site, and this is integrated with the traditional T&A so that labour brokers are not able to claim hours their clients were not working – these days the customer tells the brokers how many hours exactly their people worked and WFM allows them to know much more than just the numbers.
McLintock also notes that WFM is being used in industrial applications to ensure the safety of machine operators. Integrated into the basic access management function, it will only allow people to operate machines and handle specific processes if they are properly qualified. If they are not, the machine simply won’t switch on – when the systems have been equipped with PIN pads or biometric devices to start.
Cameron says Johnson Controls takes it further in providing additional information and thereby safety to organisations and workers. One example is where a risk profile is created for each person via psychometric tests, educational courses and so forth. Based on this profile, they are then allowed into certain areas at certain times. The profile changes dynamically as the environment and the individual’s circumstances change, making it a dynamic process that is always changing and improving. Another study Johnson Controls conducted was identifying where people spent their time while in the workplace to allow the company concerned to redesign their work areas to empower people to perform better.
Convergence and integration on IP
Access control systems in the past were generally proprietary by nature, meaning you were stuck with whichever provider you decided on. Ellison says this has changed today and Bytes doesn’t sell non-IP based equipment as this makes sense from everyone’s perspective in a converged world.
Schneeberger says IP is a definite benefit to the customer because it puts them in a situation where they’re not bonded to a single service provider. It’s good risk management to ensure you don’t put your company in a situation in which it can’t back out of in the future. Even systems that run proprietary software are more capable of being easily integrated with additional hardware, allowing users to choose the hardware that suits their needs rather than being cornered into a particular brand.
This integration extends beyond hardware and software. Niehaus says integrators are today inclined to cooperate with each other when specialist skills are required. Instead of trying to be all things to all people, integrators let other service providers deliver their areas of speciality while they integrate and maintain the overall project.
Schneeberger agrees, noting that some of the revenue stream may be lost because of this tendency to outsource part of the installation to experts, but it’s made up by the services provided in the long run. Hardware and software is easy to find, but if you want to add real value you need to be a service provider that delivers and maintains total solutions to enterprise clients; that’s the only way you hang on to clients these days.
Ellison has also seen the purchasing power for these solutions moving from the traditional security manager and facility manager to the IT manager as IP became the norm because these systems are now managed by IT, which is well qualified to manage the IP system. Niehaus says that conversations today often start with the IT department and the executive who signs the cheque, noting that bringing IT in at the beginning results in a better rollout as their policies and processes are taken into account from the start, making the security/IT relationship much easier.
This doesn’t mean the end of the risk or security manager, however, both McLintock and Schneeberger note that these roles remain, but the individuals in those positions now have the facility to run their systems managed by someone else, and can concentrate on the functionality and effectiveness thereof instead of the infrastructure. In addition, with WFM becoming common, we are seeing more divisions within organisations taking an interest in the systems installed. So a successful implementation requires input from all parties and value delivered to all.
And while on the topic of IT, another trend that is taking off in the security industry generally and not only the access and identity market is that of extracting intelligence from security data. Schneeberger says we’re seeing this in various forms, from retailers taking video footage and counting people and creating heat maps among other functions, through to driver access to inner cities where drivers receive an SMS with information on parking spaces etc.
McLintock gives the example of a retail client that measured access to its store rooms, not only for security purposes, but also to more accurately measure the actual stock moved per day. This allows it to save on expensive floor space by having only the necessary stock on the floor at the right times. Niehaus comments that the intelligent use of data is only really starting at the moment and we’re going to see this become an industry in itself as customers in all industries realise the value they have hidden in their security data.
Whether it’s banking, retail or any other industry, what we’re seeing is what started out as an identity to access a building or an area within a building (or even for logical access), evolving into data that can be mined and fed back into the marketing cycle to improve services and sales.
To host or not to host
No conversation related to technology of any sort today would be complete without talking about the cloud and remote services of some sort. The access and identity industry is not immune to these modern trends and there are companies (primarily overseas) offering hosted access and identity management solutions – a software-as-a-service (SaaS) solution – as well as managed solutions. However, these are not always as successfully implemented in Africa due to the cost and reliability of bandwidth.
Cameron says that a hosted service is often popular when companies are smaller and do not have enough skills to be able to manage and control the solution. A hosted solution is normally less costly as it can be rented or leased, sometimes with the hardware costs included in the rental. He says Johnson Controls has a global remote operations centre (ROC) that offers 24-hour services to clients in the access and building management arena. Since these 24x7 services are shared, the costs to each client is lower than doing it themselves.
Niehaus confirms that it is primarily the small to medium market that opts for SaaS solutions because they don’t want the expense and hassles of managing their own servers and software, rather relying on receiving it as a service that is run by experts for a monthly fee. He does note, however, that this will more likely be a T&A environment than a full-blown WFM solution. Larger clients have the IT skills and infrastructure so they tend to want to own it and be able to own and exploit the data they have collected.
The only time larger companies may opt for a service, says McLintock, is when they run a distributed environment and have multiple remote branches with a couple of doors in each. In this scenario it becomes more cost effective to deploy a SaaS environment. It makes more sense because to have one person try to manage multiple sites across a geographical area of South African it is just physically possible.
Ellison believes that a service-oriented solution could work for larger companies if the service provider can offer a full turnkey solution, from guards to control rooms and the access and other security infrastructure. In a case like this, one company can manage the full security function and deal with all the events as they happen according to agreed-upon processes.
Educating the market is essential
One of the common complaints among installer and integrators alike is that of cost conscious buyers. This problem is exacerbated in South Africa as it seems that buyers will choose the cheapest solution and expect it to perform as well as the most expensive one. Search engines like Google are partially to blame for this because anyone can look up a product at almost any cost and they believe the marketing hype that appears along with the product.
This leads to the common experience of clients insisting on cheaper products and less experienced installers, only to have to call in someone else a few months later because their products don’t work as promised and their service provider is unable to deliver as promised – or is nowhere to be found.
On the other hand, those people who use the Internet to do their homework properly are tough clients. They know what they want and what questions to ask. If potential service providers don’t know what they’re doing, they are going to be very embarrassed.
Fortunately, while the integrators at the round table have been forced to walk away from deals because of competition that cuts its margins to the bone just to get the job, the belief is that more customers have burned their fingers going for cheap deals and today understand the value of quality products and service providers who have a track record and are going to be around for the long term. The cost squeeze is still a reality with these clients, but it is not to the extent that the business becomes worthless. Additionally, the ability to deliver value above the traditional capabilities of the technology used is a significant selling point.
To end the discussion, we asked our attendees to highlight what they saw as the biggest challenges going forward in the access market. While there were many comments made, the primary challenges can be summed up as follows.
* Technology is advancing at a remarkable speed and one of the biggest challenges is the education of customers. This applies not only from a technical perspective, but also to the potential and benefits of integrated systems, which take what once was a security system and turn it into a business system that delivers real, measurable value.
* Another challenge is economic. Taking customers from traditional access control systems to WFM solutions delivers benefits, but at a cost. Integrators need to look at innovative financial models that will allow clients to afford these solutions, as well as the measurable deliverables they offer.
* Related to the need for economic models is the requirement for a service model. This is not simply an SLA, but after-sales service that can match the best in any industry and that delivers the value all clients want to see. This is not about brand, but a necessity for client retention in an increasingly competitive market.
* Skills, as always is also a challenge. Clients want to see CSI-type services and technology on their doorstep, but they don’t want to pay a premium for it. This leaves integrators in a quandary as they need to hire skills that are expensive due to their scarcity in the market, but they need to recoup their costs as well. And whatever one may hear, the skills shortage is not going away as good skills are in demand all over the world and many young people are taking the opportunity to spread their wings.
While all the information shared in a round table can’t be completely conveyed in a short summary article, the attendees offered significant insights into the market they work in. In a society more reliant on technology to fulfil the security function, the scope for integration and interoperability among access and identity solutions as well as with other security and business system is enormous. Not only is this an opportunity, but it is a necessity as traditional access control simply fails to meet the security and business requirements of today’s organisations.
|Tel:||+27 11 543 5800|
|Fax:||+27 11 787 8052|
|Articles:||More information and articles about Technews Publishing|
© Technews Publishing (Pty) Ltd | All Rights Reserved