A critical issue for security officers today is how to make sure temporary or permanent employees are removed from the employee directory system when they are no longer working for the company. This situation arises especially in large enterprises, which may have different Physical Access Control Systems (PACS) supporting different offices or company operations. It is not uncommon for a company to make an acquisition and have two or more incompatible PACS systems. The simple way to address this is to issue a separate card to the employee to support a different PACS system. While this might be slightly inconvenient for the worker, it is often a simple solution that many companies use. Updating employee information, must be done on each system separately and often manually
There are several problems with this solution. There is no central control of identities and they can exist in multiple locations of a company. Updating employee information, for example increasing access to reflect an employee’s new responsibilities, must be done on each system separately and often manually. Unless the company has a strong procedure to support this, the records outside of the main system, may not be updated and errors can occur. This may not be a significant problem if an employee is working for the company, but, if the employee is terminated, he or she may continue to have access to company facilities and systems, potentially compromising security.
Physical Logical Access Interoperability - PLAI
The Physical Security Interoperability Alliance has addressed this with its Physical Logical Access Interoperability (PLAI) specification. PLAI allows disparate PACS systems to normalise employee identity information and relies on a single trusted source to make changes to employee access and then synchronises it across disparate PACS systems. The same holds true for a terminated employee. A central trusted source eliminates access, and this is instantaneously reflected in all PACS systems. PLAI offers a simple and cost-effective way to enhance a company’s access control system, providing a more robust security environment.
Having a commercial PLAI Agent, available to any company, is an important milestone for PLAI”
PLAI demo at ISC West 2018
A commercial version of the PLAI Agent will be demonstrated by the PSIA at ISC West 2018 on April 12 in Las Vegas. Johnson Controls (Software House), Kastle Systems, and Princeton Identity will show the interoperability and exchange of identity information between disparate systems. “Having a commercial PLAI Agent, available to any company, is an important milestone for PLAI,” said David Bunzel, Executive Director of the PSIA. “It will enable Physical Access Control System (PACS) vendors to have an effective solution for bridging otherwise incompatible systems, saving considerable time in integration, and costs to enterprise customers.”
The PLAI Agent was developed jointly by Johnson Controls and Dublin, Ireland-based Cruatech, a new member of the PSIA. It will be available to vendors from either company prior to ISC West. “As an integrator, we are often challenged with client acquisitions and the need to quickly establish a unified security ecosystem.” said Mike Mathes, Executive Vice President of Convergint Technologies and Chairman of the PSIA. “PLAI offers a means to quickly support disparate systems in a robust and reliable manner.”
The PSIA has seen growing momentum for commercial implementations of PLAI
Identity management
As identity becomes a more critical feature of security systems, finding ways to manage credentials, permissions, limit duplication of records, and eliminating “orphans” left over when an employee leaves a company is essential. PLAI is an elegant means to address many of these issues. “PLAI provides an effective option to reduce problems related to integration compatibility, upgrades, and synchronisation which plague the industry today. This is good for both the customer as well as the manufacturers,” notes Jason Ouellette, General Manager of Access Control for Johnson Controls.
“Further, PLAI reduces the impact of conflict inherent to the replication of personnel and credential data, while giving an authoritative control of records which can span PACS systems and other integrations to reduce risks in activities such as off boarding.”
The PSIA has seen growing momentum for commercial implementations of PLAI. Already the U.S. Department of Justice, The Washington Post, and Corporate Executive Board (CEB) have utilised PLAI. In addition, Microsoft is planning to incorporate PLAI into their security ecosystem. There is a growing list of other organisations which are planning PLAI implementations in the government, financial services, electronics, industrial, and bottling industries.