Ask The Expert – April 2008
Web-Based Access Control
Ask the Expert
By Larry O’Brien · April 2008
Web-based access control is a great example of the growing convergence of IT with the security industry. The technology works by enabling users to view and manage a system remotely, from any location in the world, as long as they have Internet access.
ISSUE: What kinds of Web-based access control are available?
SOLUTION: There are two types of access control systems that allow remote management: private server-based and Web-hosted. In the first scenario, a company hosts a server with software that enables applications to control access within the security system. Using this Web-based system, security managers can control and manage access cards, engage alarm systems or change the time door locks are engaged, all online, from anywhere in the world. Another possibility is using a specialized company, usually called an application service provider (ASP), to host the server and provide the necessary software.
Classic access control is an application program running on a server attached to the corporate network. As an alternative, ASPs can host this service and provide the necessary software. In either case, security directors can manage access, control doors, engage alarm systems or change door-locking schedules from anywhere in the world through an Internet connection. With the in-house server application, the IT department must provide a secure connection from the Internet to the corporate network, which is normally called a virtual private network (VPN), to allow the security director access to the application. With the online provider, the security director only needs Internet access to manage the system.
ISSUE: Are there any drawbacks to consider when selecting a Web-based access control system?
SOLUTION: The benefit of hosting your own server is that it can be relatively simple to install and use. However, products that initially seem easy to use often become more complex when implementing the software’s advanced features. Also, company-hosted servers require maintenance, upgrades and virus protection— an added cost. Potential system failure and downtime could be disastrous for a company using a security manager inexperienced in access control.
ASPs can take the burden and headache off the security manager. Also, system maintenance, server upgrades and data backup would be provided as part of the service. The downside to this solution, however, is the ongoing monthly cost associated with each ASP.
Web-based access control is a relatively new technology and, as such, has its share of problems. Scalability is a factor that may stop larger companies from adopting a security system that could “dead-end” in the future. There are some Web-based systems that can handle larger amounts of data, but all of these solutions have some sort of size limitation, meaning that in the future, the system may not be able to cope.
Other problems include the security of a Web-based system, as anything connected to the Internet leaves itself vulnerable to hackers attempting to gain access to valued security information. Using an ASP with a robust firewall may mitigate this problem. It also should be understood that by contracting with a Web-based access control provider, you are granting this ASP full access to your facility as well as possible sensitive information on your employees. Like all Internet companies, ASPs can be bought or sold overnight and sometimes go out of business without warning. Due diligence requires a through and complete investigation into the ownership of the ASP and what level of screening and background checks are required for ASP employees.
ISSUE: What types of organizations are best suited for such a system?
SOLUTION: Successful deployments of Web-based access control systems often have included buildings with multiple tenants. Each tenant can access the system with its own coded cards. Meanwhile, the building security director can monitor the activities that are going on in public areas, such as lobbies, elevators and parking garages.
Evaluate if a Web-based access control system is the right fit for your security system, and talk to an experienced security integrator about the best option.
READER QUESTION: I operate a successful restaurant/nightclub in an urban area. Each night we bring the proceeds into a counting room to tally and prepare the bank deposit. Additionally, we have dozens of credit card numbers at any given time. We have a deadbolt lock on the room, and only an assistant and I have a key. But we have had several restaurant robberies in our area recently. Can you recommend some ways to better protect ourselves?
SOLUTION: An intrusion system that is connected to a central station can offer panic buttons in the form of key fobs that each person can carry and use to initiate a panic call to the central station. Some central stations have the ability to monitor surveillance cameras, and this would allow the central station to assess the current situation during a panic event and provide valuable information to the responding authority. The central station also could be alerted when the employees are ready to leave the counting room with deposits and monitor the surveillance cameras in the parking lot to verify everyone
safely got to their cars. Again, panic alarms should have the range to reach from the parking lot.
About the author
Larry O’Brien is president and COO of Charlotte, N.C.-based Security Forces and SFI Electronics. He has more than 30 years of security industry experience, and is active in both national committees and the North Carolina state chapter of ASIS.