A company’s security function is much like our immune system. Both are tasked with keeping invaders outside, distinguishing between those people (or cells) who should be there and those who should not, and dealing with any incursions. Not surprisingly, then, the business of security has three main components: passive/physical security, surveillance, and the use of security guards.
One of the biggest challenges with passive security is that no matter how formidable a building’s structure is, for it to function staff need to be able to enter and exit at will, and this issue has led to a wide range of access control methods.
The humble access card has had a long history, but times are changing due to the growing use of smartphones leading to new forms of access, and this is unlocking new businesses models. While the first thing that might jump to mind is Amazon Key – a ‘secure’ way in which Amazon employees can gain access to your home to drop off parcels – which has attracted a considerable amount of scepticism, under the radar other companies are already making use of this kind of technology.
For example, Pirate Studios, a start-up company offering bands and musicians self-service studios that can be hired 24/7 through instant online booking and onsite storage for equipment, uses CL5510 SMART Locks from Codelocks to control access and KL1550 KitLock locker locks to secure music equipment. These locks allow Pirate Studios to create codes and issue them to customers via email or SMS, eliminating the need for staff to be onsite. The CL5500 range uses ‘disposable’ time-specific codes that expire after a set duration. When combined with Codelocks’ Audit Trail function, this allows Pirate Studios to track which users are going in and out of the rooms, and at what time. This can be done via the K3 app, which also allows staff to open the locks with wireless connectivity.
Martin Clayton, Codelocks’ group operations manager, says the codes aren’t sent to the locks – instead the smart locks run algorithms that recognise them without the need for wireless connectivity, in a similar manner to the way that secure key devices that lack connectivity are used for internet banking. However, the smart locks do use Bluetooth Low Energy (BLE) for management purposes. Clayton adds that Codelocks doesn’t enable BLE-mediated access by default for non-security personnel given the high level of high-density housing in the UK, BLE’s range and the resulting potential for tailgating. BLE was chosen over Wi-Fi as the latter “sucks power very quickly”. That said, Codelocks is looking to release a gateway that will allow smart locks to communicate with a Wi-Fi network.
Clayton says: “Installing the lock on the door probably [takes] half an hour or so if you follow the instructions that are included in the box. You can get the template out of the box, tape it onto the door where you want to put the lock, drill straight through it, bolt the lock on, initialise it on the portal, and five minutes later you’re up and running. The physical installation is the bit that takes the time, but any competent locksmith could install any of our products. Getting it up and running on our system is no more than a five-minute process.”
Gallagher’s Mobile Connect app works with BLE infrastructure to allow its users to open doors using their mobile phones. Steve Bell, CTO of Gallagher Security, says it has recently added some extra functionality that allows users to “turn on a piece of plant, the lights or the air-conditioning. We’ve given the site managers more ability to expose other functions to the user of the system to create more automation or give people more control over their environment.”
Bell highlights the fact that some locations, including government buildings, require perimeter readers to use two-factor authentication, and while with a traditional access control system the two factors would be a card and a PIN, with a system using mobile phones for access the first factor would be the credentials assigned to the device and the second the input from a fingerprint sensor, falling back to a PIN when needed. He says Gallagher is interested in adding communication features to the app to allow security personnel to communicate with staff and students (in the case of universities) to warn of events and send messages saying the site has been locked down.
Turning to the communication needs of security guards, Barend Gildenhuys, Simoco Wireless Solutions’ technical director, says coverage is always “right up there on their requirements list, so you are looking at a certain amount of building penetration or in-building coverage for them to have connectivity back to their control room as they roam the site on their patrols or their duties”. He adds that security firms traditionally request quite ruggedised hand portables, typically IP67-rated and therefore submersible and dust-proof, as well as radios that don’t have keypads or screens as “it’s fundamentally a basic tool for communication only”.
He adds that Simoco is seeing a slow move towards keypads and screens for the devices used by middle and top managers, “but we haven’t seen a big move towards the smartphone yet – middle management, top-level management certainly, but not on the blue-collar side”.
This observation includes dedicated PTT over Cellular (PoC) devices being used as a coverage extender by managers and off-site personnel, with the predominant uptake being companies that already have a pool of smartphones, “or sometimes you get a bring-your-own-device (BYOD) scheme where a particular user would load the application on their phone”.
Speaking of BYOD, Bell says this can be one of the biggest issues when it comes to using mobile devices for security and that “cyber protection of the security system and the networks is a big factor for acceptance by large enterprises”.
He says: “Typically a company will have mechanisms to trust phones that they’ve issued, but if you’re wanting all your staff to be able to open doors with their phones, and maybe have some [additional communications tools] in future, then they’re not always going to be company phones, and because they won’t necessarily have control over those phones, they will not want those phones to directly interact with their security server or their systems, and they’ll want to be well protected from that.”
Bell adds that Gallagher has “put a whole lot of effort” into addressing this issue – its Command Centre system provisions devices with credentials that are created by a cloud server and delivered over the air. Two-factor authentication is used, including the use of a text message, and the company uses FIDO open standards for credential creation. “We’ve used that technology to create the credentials on the phone, so anybody from the IT department can figure out what we’re doing and decide whether they’re going to trust it or not.
“We’ve made it so that once the device has been provisioned, there’s no more need to have any communication between it and the cloud for our purposes – we keep everything isolated and we have a secure solution,” Bell says.
“We do see a lot of applications being developed on the smartphone devices,” says Gildenhuys. “We expect that top-down those applications would flow down as we move to a more unified communications space, where you get more integration between your cellular commercial systems and your private radio systems, [and] we expect those applications to trickle down into the security industry as well. The security industry is notoriously cost-sensitive and at first we see bigger growth in the top-down technology than the bottom-up.”
While we’re on the subject of applications, Gallagher’s Command Centre system and mobile app allow users to manage alarms through their mobile phones, initiate a lockdown or challenge someone, read their access card (using an attached card reader) and log them on the system. Bell adds that this approach is “also great” for registering people at muster points after an evacuation, as security personnel can walk around and log everyone, removing the need to do so with pen and paper.
Returning to two-way radio handsets, Gildenhuys says Simoco always recommends “personal issue as it does create a sense of ownership and thereby careful handling of a radio, which will prolong its useful life”.
“When a radio is in a pool, no single person is responsible for taking care of it and they do often get thrown about, so we recommend opting for personal issue – it is a little bit more capital overlay in the beginning, but we see a massive increase in the radios’ useful life in the field.”
He adds there is an appetite to use two-way radios “not only for traditional voice communications” but also for automated applications, and Simoco is seeing a lot of interest in integration of radio systems with alarm panels. This is particularly valuable for security staff in the hospitality industry as it helps them verify and then possibly cancel fire alarms to prevent evacuating an entire hotel in the case of a false alarm [see James Atkinson’s article on this subject in August’s issue – Ed]. Simoco provides this functionality with its Simoco Bridge product, and Gildenhuys says the company also has the ability, based on a trigger, to communicate certain events to remote personnel, citing a blast alarm function it supplies to the mining industry as an example.
He also makes the point that in-building location services are creeping into the sector, with this being accomplished either by Bluetooth beacons or the use of RFID tags embedded in a company’s fleet of radios – combined with “RFID readers scattered across your site or perimeter where you’ve got to do your regular patrols; as you pass those points, you’ll scan your radio on those readers and those points would then report back to the control station that it has been scanned”.
Other features being used in this space include man-down and lone-worker applications, and Gildenhuys explains that Simoco’s radios have a “training period” during which they and their internal accelerometers learn the user’s normal range of movement.
So, technology is a core component of every facet of modern security operations, from ensuring the right people can enter to being able to start a lockdown at the touch of a button (without having to be in a control room). The sense is very much that the industry is at the beginning of a long transition, given budgetary constraints and a natural conservatism born of the critical nature of security functions and operations. Using the latest technology can make things easier for the end-user, but at the cost of complexity and the need for companies to fully understand their exposure from a cyber security perspective.
Unblinking eyes
Unfortunately, there was little room in this piece to go into video surveillance, but it’s clear that here much of the emphasis is on the use of sophisticated analytics to get around the human inability to effectively monitor a huge number of video feeds and the unwillingness to pay for large numbers of staff to do so. At shows like PMRExpo and BAPCO, companies such as Motorola Solutions and Hytera regularly demonstrate systems that automatically recognise people, cars and other objects, allowing users to search for objects with specific characteristics. Analytics aren’t limited to video, with some sensors being able to detect the sound of gunshots or even sounds associated with a typical brawl or riot.
