Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analysis: Physical/Logical Security Convergence: Page 10 of 30

Moreover, IT lives in an online and interconnected world. Ethernet drops, fiber-optic runs, WAN links and wireless networks keep everything talking to everything else, providing transparent accessibility. To us, a model where both physical and logical access-control points are online and making real-time authentication requests to upstream authentication servers makes sense--that's how IT's been doing it for years. But total connectivity is not feasible for physical security teams that must maintain access-control locks in remote or isolated locations, such as perimeter gates or cargo containers.

Finally, many convergence initiatives call for the reuse of existing user directories or databases with the aim of a unified user store. Seems like a simple enough goal, but it's fraught with implementation problems. Proposed solutions typically have existing HR employee databases, for instance, or IT user directories (such as Microsoft Active Directory) as the target user store. However, PACS regularly deals with individuals who don't need a full HR database profile or network access, such as visitors, contractors and support staff, including cleaning and repair crews. Thus the physical-security group is likely to want its own "superset" database that contains all internal employee records plus additional nonemployee records it deems essential.

And not all opposition is sourced from the physical-security camp. IT groups may be hesitant about changing existing directories, say, extending their Active Directory schemas to accommodate the storage of proprietary PACS data. If you share facilities with other organizations, the choice to upgrade or modify the buildingwide physical-security system affects other tenants.

Organizations with significant investments in OTP authentication tokens may be unwilling to scrap them for a new authentication token system. And the upfront costs of retrofitting all desktops and supplying all employees with new, enrolled access tokens are considerable; these include not only the actual badge, but the costs of vetting the individual and issuing the badge, and installing appropriate badge readers in all PCs.

And don't expect to build a TCO analysis easily. None of the vendors we spoke with for "PACS: Don't Try This at Home" would venture a per-desktop cost estimate, despite much prodding. This is partly because no vendor provides all pieces of the puzzle, and partly because convergence requires a high level of customization.