Questions and Answers From the Top

A conversation with Ajay Jain

• By Security Products Staff
• May 30, 2007

AS the security industry continues to grow larger each year, convergence still dominates the topic of conversation. Numerous solutions are beginning to hit the mainstream market to help businesses handle the ever-changing and growing task of bringing disparate systems together. We talked to Ajay Jain, Quantum Secure founder and CEO, about his company’s definition of convergence and some of the upcoming trends companies need to address.

Q. What is Quantum Secure's definition of convergence?
A. In the realm of security, the word convergence has been used in a number of ways—mainly referring to physical security coming together with IT. For Quantum Secure, the picture is even bigger. Corporations, especially at the enterprise level, run a wide variety of diverse physical security systems, including physical access control, video surveillance, sensors related to HVAC and fire/carbon monoxide detection. Our definition of convergence is to first integrate these disparate systems so the technologies become interoperable, interdependent and controllable from a single, browser-based dashboard, with the ability to establish and implement policy-driven operations. We then enable this homogenized physical security infrastructure to integrate and interoperate seamlessly with corporate IT security. Finally, we enable the business processes of the IT and physical security domains to interconnect with each other, under a common policy paradigm, to generate a new level of operational efficiencies and holistic security.

While many businesses have been edging towards this goal, there have been obstacles. Typically, all these systems have been installed and deployed separately and do not communicate with one another. Ultimately, what is needed to facilitate communication is a software layer that covers every event, operation and transaction across all corporate locations. The goal has been elusive up until now, as no product has emerged to accomplish this on the scale necessary to make it a reality. This has been the mission of Quantum Secure—to provide an off-the-shelf solution to accomplish true convergence as we define it. Thousands of man-hours have gone into this development, and the end result is our SAFE solution.

Q. Products have changed rapidly within the last few years. What do you see as the source of this acceleration?
A. A number of serious events occurring in the last few years have had a tremendous impact on the way government and businesses view risk. The fields of risk management and corporate governance really stem from four sources—the growing importance of the Internet in commerce and communications, the attacks of Sept. 11, 2001, the Enron scandal and hurricanes Katrina and Rita. The Internet made it possible for businesses to communicate electronically within facilities and between facilities. In some ways, this made business operations much easier, but with it came the associated risk of infiltration, security breaches, information loss and theft. This was the genesis of IT security, an industry born from the need to protect sensitive information.

Hundreds of companies suffered a complete break in business operations on 9/11. From that day, there has been an understanding of the need to plan for risk management and business continuity. The physical security, video surveillance and access control industries received a wake-up call, as businesses hurried to make the premises more secure. For those who sought to capitalize, there were now opportunities for criminal behavior with crimes like identity theft and counterfeit access cards. While 9/11 was a terrorist attack, the aftermath of hurricanes Katrina and Rita in 2005 made it clear that interruptions in business operations also could come from natural disasters.

Corporate and personal liability became a front-of-mind issue after the fall of Enron and other corporations due to fraud. Sarbanes-Oxley, HIPAA and a fleet of other regulatory laws were passed by the government, and businesses were compelled to stay clean, keep business practices transparent and maintain compliance and best practices under penalty of severe liability.

Q. What specific pain points do you feel it is most important to address?
A. We see the pain points of corporations defined as four specific needs. First, corporations need to standardize rules and policies within and across the physical security environment. Most corporations have very location-specific physical security applications and tools. Active access cards may not be usable across worldwide locations while terminated employees' cards may still be usable remotely. Physical security events and emergencies do not trigger global policy changes such as restricted access, camera response or alarm activation.

Next is the need to automate processes across the enterprise. With most business operations handled manually due to non-interoperating technologies and vendors, there is tremendous opportunity for human error, in addition to higher operation and maintenance costs. Corporate management needs to be able to review and oversee what is actually happening across all of its locations from one console so any needed rule or policy changes can be made.

Third is the need to integrate disparate systems using a single protocol that crosses multiple platforms. We see this as the ultimate definition of convergence. There should be one single GUI designed to be intuitive, easy to use and allows the user to monitor systems and set policies in real time.

:Finally, there is a need to comply with corporate governance standards. Corporate heads are well aware of strict new regulations requiring disclosure and transparency to prevent fraud. Systems integrators and installers must follow specific methodology in the design and deployment of new physical security infrastructure. Audits can be called at any time, and sophisticated data forensics can mine every transaction and occurrence within a system. Without complete control at the top, it is exceptionally difficult for a business to stay fully compliant with Sarbanes-Oxley and other regulations. \

Q. Are corporations able to respond to these critical problems?
A. Most businesses have responded by deploying physical security solutions incorporating myriad systems, including multi-brand, multi-vendor building lighting, HVAC, fire/physical access control and video surveillance systems. Disaster event management and business continuity plans have been written and put into place with new personnel brought on board to facilitate and monitor systems.

Still, these actions do not provide a complete solution. Most systems are fragmented across and within locations and do not interoperate. Adverse events are not communicated automatically to all locations in real time, so remote locations have no knowledge of a breach or other situation that might require a response, unless it is reported manually. The lack of centralized control, organization and management of disparate systems results in tremendous exposure to risk and liability.

The enlistment of IT into physical security operations has been the primary route corporations have taken to achieve interoperability. This seems to make sense, as the IT backbone runs across all facilities and operations at an enterprise level. IT also has gained involvement in many business units, including human resources, communications and document management. Manufacturers and vendors in the security space have responded with a flood of IP-based products to replace legacy systems. Yet, these products generally are not capable of communicating with one another due to multiple protocols and platforms. It is far beyond the scope or capabilities of a typical IT department to create the software needed to implement this solution. As a result, the risk of an event negatively impacting a corporation and putting business continuity into peril grows exponentially every time a new system is put into place.

Q. What, in your opinion, is the big-picture solution to this issue?
A. Many companies in the physical security arena are beginning to talk about convergence on a smaller scale. But the ultimate solution will be big-picture convergence, accomplished by creating a software layer that wraps around and unites myriad diverse systems across all locations of a corporation. This was the impetus driving the development of Quantum Secure's SAFE, a robust and fully functional software product addressing the four pain points.

We have already put this solution into place in some of the largest enterprise-level corporations in the IT world, with highly-sensitive and diverse portfolios of physical and electronic products, along with sophisticated and multi-layered security systems. This issue will only grow in importance as time passes, and the cost of doing business without centralized operational control become more evident. Businesses incorporating a full convergence solution will see an immediate ROI to go along with vastly increased peace of mind, as risk management will be both simplified and optimized.

This article originally appeared in the issue of .