In the past, enterprise-level access control meant extremely large-scale systems applied on a geographically wide basis for Fortune 100 sized companies. With the advent of greater IP-based options, convergence of physical and IT security and increasingly tech-savvy integrators, however, more possibilities are opening up for almost any facility that wants to make security an everyday part of their “enterprise.”

“There used to be small, medium and large scales applied to most systems,” says Rick Foster, director, marketing and sales for Quintron Systems Inc., Santa Maria, Calif. “Enterprise systems were large. The term often measured the number of doors or card holders and people would assume that was the measure that made something ‘enterprise.’ Now it’s a matter of whether the system is part of the fabric of the way the organization operates day-in and day-out.

“The fact is that security in general – both physical and logical – has become critical to any enterprise of any scale today. An enterprise might consist of a giant campus of a really big organization, or it could be a lot of locations with two doors each that are spread all over the place.”

Security is simply more often an enterprise-wide issue for more facilities.

Defining Terms

When asked to define “enterprise,” many manufacturers and integrators have slightly different interpretations. But there are common threads.

While most agree that enterprise systems tend to be large, multi-facility integrated systems, that doesn’t mean all those factors must be present to be considered an enterprise system.

“It’s a term that has been used loosely in our industry,” says Gary Staley, founding partner and national sales director, RS2 Technologies, Munster, Ind. “As it applies to our thinking, it is a corporate-wide application where you are taking multiple facilities under one control.”

For Richard Goldsobel, vice president for Continental Access Division, Napco Security Group, Amityville, N.Y., the keys to the term “enterprise” are two-fold: scale and connectivity. “Most people think of the scale of the system as being significant,” he says. “It is usually larger, controlling into the hundreds of people on the human resource side, whether that is through two doors or hundreds of doors and other locations.

Steve Holmes, director, enterprise solutions for Niscayah (formerly Securitas Systems), Norcross, Ga., puts it succinctly: “Enterprise is one single system, across an organization’s geography.

“Enterprise typically means an organization,” he explains. “Not all enterprises engage in enterprise solutions. When we say ‘enterprise,’ we mean ‘entire organization.’ It can be further segmented from there into whatever divisions they may need.”

Yet another interpretation stems from Peter Boriskin, vice president of access control for Tyco, Boca Raton, Fla.: “An enterprise access control system is one in which you are either spanning multiple geographic locations, or multiple business units or functional units within a single location. You don’t have to have a worldwide deployment to be enterprise access. An enterprise system is one that allows for different levels of implementation within the same system.”

Such scalability is the cornerstone of just about any enterprise-level system, Goldsobel adds. “Systems are highly scalable from one door to hundreds, to thousands, to tens of thousands, including hundreds of thousands of relay drivers and inputs to link things like mechanical drivers and gate systems. All of that is very common in the enterprise world, whether you are tying in HVAC or a variety of other devices.”

An enterprise access control system can tie together multiple geographic locations.

Common Configurations

The three key areas that outline how an enterprise system is configured are communication, operation and function.

The most common way that enterprise systems communications are set up is through an IP/IT network.

“In our world, which is access control, typically access panels are deployed over the network – IP based,” Staley says. “When we install our enterprise-class application, it is actually living on the corporate network in an enterprise environment.”

Goldsobel adds that even providing security within a single site tends to use Internet- and Ethernet-based communications. “The control of data tends to be very IT-centric,” he says.

Holmes gives an example: “Typically they would have intelligent control panels in each of their locations that would report through their internal network to their head end, which could be located anywhere on the network. An additional feature with an enterprise system is it can be monitored or administered anywhere on the network. It depends on the permissions they allow per user. By using the IT network, that basically allows the client to have an enterprise system.”

Operationally, there are different ways to configure an enterprise system, largely depending on the individual customer’s needs.

“One type is database partitioning, where there is a server in Chicago, Houston and New York, for example,” Staley explains. “Those servers would run their respective locations, but they wouldn’t have to be talking to the main server in Chicago all the time. There is data replication happening between the servers.”

Other examples include large pharmaceutical companies and manufacturing facilities with sites all over the globe, says Steve Bowcut, business development manager for PCSC, Torrance, Calif. “They need to control access control from a central location. If that goes down, they have backup locations. Another type is large financial institutions, which usually have just small access control systems in each branch bank, but need to control those from one or more central locations.

“A true enterprise access system will give them the control of all of their outlying doors and smaller subsystems from one or more central locations. Secondly, it gives them redundant control centers. If there is a catastrophic event at one of the control centers, all of the control switches over to a secondary site.”

Functionally, enterprise systems tend to be high-tech, Bowcut says. “Scope and complexity of the system are what primarily make them unique. Typically another facet of these systems is that they will use cutting-edge technology. Enterprise class is usually the first consumer of the newer technologies.”

Another hallmark of an enterprise-class access control system is its readiness to integrate other systems. “The big hype today in enterprise access control is what you can integrate, or, functionally, whether you are providing those third-party pieces such as badging, video DVR, interfaces to IT structures and systems, or interfacing to other security systems like intrusion,” Goldsobel explains.

Boriskin agrees. “When you get to the enterprise level, the customers start to look at ‘how can I solve my business challenges using security infrastructure?’ That opens up a whole new aspect of how the enterprise security management system is used. You start to see people use the enterprise access control system to help them meet their compliance requirements. One of the earmarks of enterprise access is that it becomes more a part of the business workflow.”

Many enterprise systems integrate control of access with video surveillance and HVAC.

Emerging Trends

Since enterprise-class systems tend to gravitate to newer technologies, there are new trends on the horizon that may affect the way these systems will look in the future.

However they define it, open architecture, or the ability to work with multiple hardware or software setups is the key trend going forward.

“We use open architecture and non-proprietary approaches to what we do,” Staley says. “Our software and hardware will handle multiple formats.”

Holmes says: “The most significant thing in the enterprise marketplace today is the advent of third-party software that allows – to some extent – integration between different manufacturers.”

Goldsobel points to convergence. “It tends to be APIs (application programming interfaces) that you can integrate easily with other pieces of software.”

Driving the desire to integrate and collect more information from a single access control solution is the need of end users to demonstrate a substantial return on their investment.

“People are starting to push, ‘what else can I do with this system? What else can I tie in or automate? What other data can I glean from my security management system that would give me more of a return on investment?’” Boriskin claims. “Development in the Web services area is helping to accelerate this integration. Web systems extract away the requirement for the same operating system. Truly you can have different operating systems, different coding environments all talking to one another. What you get at the end of the day is the ability to talk to systems and not have to worry as much about the uniqueness of those systems. As more systems are using Web services, we are seeing less and less customization required to be able to integrate these systems. Not only is it more transparent, but transparency is exactly what makes it easier to do. You can have more kinds of integration, more quickly, going forward. And it’s more robust because you don’t need customized interfaces,” he explains.

One consequence of this emerging trend is the rise of the IT department in the decision-making process, Foster says. “The IT department today has evolved from an interested party to a specification-driving, decision-making part of what security system you are going to buy and install in your enterprise. Since so much is Web based, I would guess a large proportion of those are operating on something other than Windows. Larger enterprises often host their own Web sites.

“I really think that platform-independence is an emerging trend critical to the future of broader acceptance of security in the enterprise and the integration of physical security into identity management systems,” Foster predicts.

Sidebar: The Big Picture

What is the effect of IP-based access control technology on integrators?

“More and more we are finding that dealers and integrators need the ability to truly integrate various systems,” says Steve Bowcut, business development manager for PCSC, Torrance, Calif. “They need to understand networks and programming so they can do that level of integration.”

An integration company’s technical capabilities will differentiate it from its competitors, because end-user organizations expect their security contractors to excel at integrating security into a network framework.

“One of the critical things for the integrator is to have the technical ability to work with the client to effectively allow them to use the features of an enterprise system to the best advantage of their organization,” admits Steve Holmes, director, enterprise solutions for Niscayah (formerly Securitas Systems), Norcross, Ga. “The ability to consolidate and disseminate information among the organization requires some pretty high-tech people. They need to know the system, but also networking and the ability to work with the IT infrastructure and personnel.”

Rick Foster, director of marketing and sales for Quintron Systems Inc., Santa Maria, Calif., agrees. “Every serious integrator needs to have a high degree of IT and network expertise on staff. There was a time when you could successfully team up with a subcontractor. But now, in order to properly address the expectations of the enterprise-level customer, you need to be fluent in network terminology, issues and structure.

“I’m not saying we are to the point where a physical security integrator needs to be an IT security expert. But they sure need to be a network expert. The common ground is the physical network: the switchers, routers, speed, and backup power. I think it would be really easy in 2008 for a physical security integrator to get into trouble and have an unsuccessful project if they didn’t understand network technology in depth,” Foster adds.

Tony DeStefano, director of integrated security systems for TAC Systems Integration East, Secaucus, N.J., has found that to be true first-hand. “Typically when we are making presentations, the lead person in the decision-making process is an IT person. They are not going to allow us to ride on their network unless we have the ability to do that and are familiar with their network capabilities.”

Ultimately, says Matt Donnell, vice president of sales and design for Total Protection Systems Inc., Corpus Christi, Texas, the relationship between integrator and end user should be a partnership.

“The integrator needs to keep the bigger picture in mind,” he says. “Traditionally when someone needed access control, a dealer would sell them a card access system. Now that customers are dealing with integrators more frequently, that integrator not only addresses that access system, but also any other facets of integration that either are or may become necessary to tie them together. The integrator keeps the bigger picture in mind by knowing what is here and what is coming. End users rely on us for technology and how to implement and manipulate it.”