Ask the Expert
- By Larry O'Brien
- Apr 21, 2008
Web-based access control is a
great example of the growing
convergence of IT with the
security industry. The technology works by
enabling users to view and manage a system
remotely, from any location in the
world, as long as they have Internet access.
ISSUE: What kinds of Web-based
access control are available?
SOLUTION: There are two types of
access control systems that allow remote
management: private server-based and
Web-hosted. In the first scenario, a company
hosts a server with software that
enables applications to control access
within the security system. Using this
Web-based system, security managers
can control and manage access cards,
engage alarm systems or change the time
door locks are engaged, all online, from
anywhere in the world. Another possibility
is using a specialized company, usually
called an application service provider
(ASP), to host the server and provide the
necessary software.
Classic access control is an application
program running on a server attached to
the corporate network. As an alternative,
ASPs can host this service and provide the
necessary software. In either case, security
directors can manage access, control
doors, engage alarm systems or change
door-locking schedules from anywhere in
the world through an Internet connection.
With the in-house server application, the
IT department must provide a secure connection
from the Internet to the corporate
network, which is normally called a virtual
private network (VPN), to allow the
security director access to the application.
With the online provider, the security
director only needs Internet access to manage
the system.
ISSUE: Are there any drawbacks to
consider when selecting a Web-based
access control system?
SOLUTION: The benefit of hosting
your own server is that it can be relatively
simple to install and use. However,
products that initially seem easy to use
often become more complex when implementing
the software’s advanced features.
Also, company-hosted servers require
maintenance, upgrades and virus protection—
an added cost. Potential system
failure and downtime could be disastrous
for a company using a security manager
inexperienced in access control.
ASPs can take the burden and
headache off the security manager. Also,
system maintenance, server upgrades and
data backup would be provided as part of
the service. The downside to this solution,
however, is the ongoing monthly
cost associated with each ASP.
Web-based access control is a relatively
new technology and, as such, has its
share of problems. Scalability is a factor
that may stop larger companies from
adopting a security system that could
“dead-end” in the future. There are some
Web-based systems that can handle larger
amounts of data, but all of these solutions
have some sort of size limitation,
meaning that in the future, the system
may not be able to cope.
Other problems include the security of
a Web-based system, as anything connected
to the Internet leaves itself vulnerable
to hackers attempting to gain access
to valued security information. Using an
ASP with a robust firewall may mitigate
this problem. It also should be understood
that by contracting with a Web-based
access control provider, you are granting
this ASP full access to your facility as
well as possible sensitive information on
your employees. Like all Internet companies,
ASPs can be bought or sold
overnight and sometimes go out of business
without warning. Due diligence
requires a through and complete investigation
into the ownership of the ASP and
what level of screening and background
checks are required for ASP employees.
ISSUE: What types of organizations
are best suited for such a system?
SOLUTION: Successful deployments of
Web-based access control systems often
have included buildings with multiple
tenants. Each tenant can access the system
with its own coded cards.
Meanwhile, the building security director
can monitor the activities that are going
on in public areas, such as lobbies, elevators
and parking garages.
Evaluate if a Web-based access control
system is the right fit for your security
system, and talk to an experienced
security integrator about the best option.
READER QUESTION: I operate a successful
restaurant/nightclub in an urban
area. Each night we bring the proceeds
into a counting room to tally and prepare
the bank deposit. Additionally,
we have dozens of credit card numbers
at any given time. We have a deadbolt
lock on the room, and only an assistant
and I have a key. But we have had several
restaurant robberies in our area
recently. Can you recommend some
ways to better protect ourselves?
SOLUTION:An intrusion system that is
connected to a central station can offer
panic buttons in the form of key fobs that
each person can carry and use to initiate
a panic call to the central station. Some
central stations have the ability to monitor
surveillance cameras, and this would
allow the central station to assess the current
situation during a panic event and
provide valuable information to the
responding authority. The central station
also could be alerted when the employees
are ready to leave the counting room with
deposits and monitor the surveillance
cameras in the parking lot to verify everyone
safely got to their cars. Again, panic
alarms should have the range to reach
from the parking lot.