Burns & McDonnell - Experts & Thought Leaders

The PSA track at ISC West will cover best practices in systems integration, risk management, video analytics trends PSA Security Network®, the world’s largest electronic security cooperative, recently announced it will host an education track at ISC West 2016 and cybersecurity sessions at the Connected Security Expo @ ISC West in Las Vegas, NV. The PSA track at ISC West will feature a full day of training sessions on April 5, 2016 covering best practices in systems integration, risk management, video analytics trends, and the skills needed to migrate the convergence of IT in the physical security industry. The sessions being offered will include: Taking the Edge Off of Systems Integration April 5, 2016 | 8:30 a.m. - 10 a.m. Presenters: Paul Boucherle, Principal, Matterhorn Consulting; Nigel Waterton, Sr. Vice President of Corporate Strategy & Development, Aronson Security Group; Chad Parris, President, Security Risk Management Consultants, LLC; Wayne Smith, President, Tech Systems Are We Secure? Business Know-How for the Risk Discussion April 5, 2016 | 8:30 a.m. - 10 a.m. Presenter: Paul Cronin, Senior Vice President, Partner, Atrion; David Willson, President/Chief Executive Officer, Titan Info Security Group; Fred Terry, System Integration Section Manager and Cyber Security Lead, Burns & McDonnell Engineering  Video Analytics: The Real Past and the Imagined Future April 5, 2016 | 10:15 a.m. - 11:15 a.m. Presenters: Bill Bozeman, President/Chief Executive Officer, PSA Security Network; Matthew Kushner, President and CEO, 3xLOGIC; AJ Frazier, Vice President, Sales for the Americas, Agent Vi; Mahesh Saptharishi, PhD, Chief Technology Officer, Senior Vice President, Avigilon The Hottest IT Skills in the Physical Security Space April 5, 2016 | 11:30 a.m. - 12:30 p.m. Presenters: Eric Yunag, President and CEO, Dakota Security Systems Inc.; Randy Gross, Chief Information Officer, CompTIA; Jerry Bowman, InfraGard National Board of Directors; David Sime, VP of Engineering and Delivery, Contava In addition, PSA Security Network will host four education sessions at the Connected Security Expo which will be co-located with ISC West. The Connected Security Expo @ ISC West is a conference led event where industry professionals will experience physical security from an IT security lens. IT security professionals will join physical security leaders from a wide range of industries to explore how physical security can help mitigate cyber threats and bridge the gap between security and IoT. The following sessions will be offered on April 6-7, 2016: Mitigating Cybersecurity Attacks on Physical Security Systems April 6, 2016 | 10:45 a.m. - 11:30 a.m. Presenter: Darnell Washington, President / Chief Executive Officer, SecureXperts Engaging the Board in Cyber Security April 6, 2016 | 3:30 p.m. – 4:15 p.m. Presenters: Bill Bozeman, President and CEO, PSA Security Network; Andrew Lanning, Co-Founder, Integrated Security Technologies; Wayne Smith, President, Tech Systems Inc.; Paul Cronin, Senior Vice President, Partner, Atrion How Effective is Your Incident Response Plan? April 7, 2016 | 2:30 p.m. – 3:15 p.m. Presenter: David Willson, Attorney/Cyber Consultant, Titan Info Security Group Cybersecurity: Three Steps to Counter External Attacks on Physical Security Systems April 7, 2016 | 3:30 p.m. – 4:15 p.m. Presenter: Rodney Thayer, Smithee, Spelvin, Agnew & Plinge, Inc.

Manufacturers depend on consultants to get their technologies specified in customer projects. Consultants often depend on manufacturers to provide them current information about the technologies that are the building blocks of their projects. It’s a symbiotic relationship, but not always a perfect one. We recently gathered three consultants to discuss what they want from manufacturers, and a representative of HID Global to add a manufacturer’s perspective. Manufacturers also look to consultants to provide insights into trends they see among clients, and our consultant forum was outspoken on those points, too. Participating were Chris Grniet of Guidepost Solutions, Brandon Frazier of Elert & Associates, Terry Harless of Burns & McDonnell, and Harm Radstaak, HID Global’s Vice President and Managing Director, Physical Access Control. SourceSecurity.com: What do you look for in a relationship with a vendor/manufacturer? What kind of support do you look for from partners/vendors? Product education and communication Terry Harless: As a consultant, we are vendor agnostic. We have to specify several different vendors, different brands, manufacturers. When we do come upon a client that wants a certain manufacturer specified, we typically like a manufacturer to have customer service that we can reach out to and get an answer back in a relatively quick amount of time, for the simple fact that our designs are fast-track and we need to get them done. And not to tout HID, but they are typically very quick in responding to issues we have had in the past. We like it when they can educate us – come into our office or invite us to a consultant event and train us, instead of giving their sales pitch. There are several manufacturers who provide good education, and there are those that will just bring you in to give you a sales pitch, and you don’t really learn anything. "We typically like a manufacturer to have customer service that we can reach out to and get an answer back in a relatively quick amount of time" Chris Grniet: As consultants, we are constantly trying to learn as much as we can about every product out there. We try to be as agnostic as possible. We need to be apprised of what the latest and greatest is, how it’s functioning. And we need to access that information in a very simple way. Sometimes I’m on the fly. I haven’t sat down in my office more than three days in the last two and a half months. But I know I can pick up the phone or shoot a quick email [to Dean Forchas, HID Global’s Consultant Relations Manager in North America], and he will get back to me. He tells me what I need to know and when I need to know it to support my clients. We also need truth in advertising, the most critical component. There are things you can’t prove to me. You are going to give me the documentation and I will pass it along to the IT guys. I want to get the information they need to make an informed decision. It needs to be quick, and it needs to painless. I also want the truth about the release of products. I want to commit to things like frictionless access, and mobile credentialing for visitors, and the cost models. Please just tell me the truth. Too many times I hear “The release is Q3,” and in Q2 of the following year, the client is going “What are we going to do?” I also want clear and concise communication between my manufacturers for that fully integrated and unified platform. Brandon Frazier: The most important thing for me is education. Education about products, and future product roadmaps, and about concepts. Help me understand what we can do with this new product or this product that is coming. Don’t educate me because you think there is a project coming down the pike. Just educate me and support me. And just trust that if you educate me enough, and if I understand enough about your products, they will end up in the specifications. If you educate me enough, and if I understand enough about your products, they will end up in the specifications Understanding the market competition Grniet: I just want to add to be honest enough to know when your product is not right for an application or a client. Tell us “I don’t think that’s where we need to go.” And be educated about your competitors’ products. We’re just looking for help, and in a lot of cases we’re just looking for information, we’re constantly on the go, and we earn our living on a billable hour. My company wants me to have a lot of them. It has to be an honest relationship—and let me know if it’s not the right application. Harless: I would say be educated on your own product, too. A lot of vendors have no clue what their product does. Harm Radstaak: If you as a vendor say something wrong, you have to back-pedal and you lose trust. That is critical. We need to be understanding of that as a vendor and be responsible. Most professional vendors support consultants in their area. At HID, we also have an extra level in the community of consultant support around the world, in the UK, in India, in China. There is a lot of development going on all over the world. We have a role to bring all of that into the bigger mix. You are a consultant, and we consult with you in certain areas, but vice versa, too. You are the voice of the customer to us. We need for you to bring back to us what you see, which we can translate to product development. Grniet: We can’t expect the product to progress unless we bring to you our learning experiences. We get that. For years, I wrote product specifications to push the envelope of what products are capable of doing. To an earlier point about the future of products: As these get more powerful, we will expect more and more, and communicate to you when we need it. SourceSecurity.com: What are your priorities in terms of adding value to end-users in the realm of physical access? What trends have you been seeing among end-users when it comes to physical access control? What is at the top of your criteria list for either buying discussions or spec’ing out projects? Priority considerations Frazier: I have seen a lot of desire to get to a more actively managed security system. A lot of these systems are at the 15- or 20-year mark, they have been passed on through many generations, they were never tied through active directory or auto services. They have an absolute mess of a system. So a huge trend is how do we actively manage it? We have to replace it. Looking at some cybersecurity, is the hardware going to be capable of being secured, or is it too old to handle some of the encryption that’s required? That’s driving system replacements. When you look at system replacements, you start talking about: How can we manage cards, visitors, user logins, access levels? How can we take that card and push it to other databases and non-security systems and get to that one-card solution? In other IT industries, there are maybe four, five or seven ways of identifying a person, none of them individually that secure, but the combination of all these elements will give you a very high security rate Radstaak: When you think about smart phones and iPads, we didn’t have these products nine or 10 years ago. So if we think through, our access control market is very heavily focused on card and reader and interface and software. If you talk with large corporates, they say: Explain to me how that infrastructure built up, because I am used to different network equipment, etc. They expect us to be more seamlessly integrated into their IT. From a security perspective, what will the topology and the infrastructure look like five to seven years out. I think it’s fair to say for all of us, we don’t know yet. Will there still be a lot of what we know today because we as an industry are not fast to adopt new technology? It’s fair to say that’s true. But if we were to sit down today and specify what an access control system would look like, I think we would come up with a different structure than we face today. Then there is the element of the cloud, which is going to increase as we have said. Also, most of our biometrics solutions are currently based on fingerprint or facial recognition. I think the evolution of camera technology will have an impact on security, and biometrics will have a different definition. In other IT industries, there are maybe four, five or seven ways of identifying a person, none of them individually that secure, but the combination of all these elements will give you a very high security rate, and also seamless and fast. "I think the evolution of camera technology will have an impact on security, and biometrics will have a different definition" Harless: My struggle is getting a lot of our current clients updated to more secure readers. We have tons of them still on prox cards and prox readers. When we’re upgrading facilities, it’s like pulling teeth to get them to use multiCLASS readers just to try to step them up to at least get them to a more secure platform in the near future. Another thing the industry is going towards is integrating all these systems together in some sort of GUI or interface, including access control, video surveillance, intrusion and then also maybe rolling in some building management systems, all of that, and what platform will you use to bring all that together? Some access control systems have that ability. Grniet: The primary factors of selection for clients are availability and support. There’s a lot of cross functionality out there, but I need local support. I need to make sure it will work for them, and continue to work for them with the support they need. The other factors, after I have narrowed the field, I look for systems that will give us the full interoperability, full unification, and seamless integration across multiple platforms of their environment. Whether it’s active directory management, identity management or human capital management, how do I do more with less because security is getting squeezed every day? In certain industries, there are still these kingdoms or fiefdoms of security organisations. And there may have to be from a safety or protection standpoint, but in most commercial applications in big cities, whether it’s a multi-tenant building or a financial organisation, whatever it happens to be, they are looking to do more with less. Bringing in those other support organisations – HR and IT – lets us use the assets they already have and bring all of that to bear as a single process so I don’t have to hire another head to do system administration. That’s what’s important to these clients: How much can I save them on the opex (operating expense)? And they’re certainly concerned about the capex (capital expense). If I can integrate with other systems, I can also find ways to push costs out to other departments, like IT. “Yes, I need switches,” and then I just have to pay for cameras. “Yes, go run the Cat-5 cable.” My readers are going to do more for you, my mobile readers are going to do more for you than provide access to the door. We’re going to do multi-factor authentication to applications on your network. It’s a critical component of it. Once we can prove it to them, the integration goes much more smoothly. Read our Consultants' Forum series here

Mobile access is probably the largest emerging trend in the security marketplace, but it is only one of several that are changing the face of the access control market. Another factor showing potential to change the market is the emergence of location systems and positioning systems, as reflected by HID Global’s recent acquisition of Bluvision, a provider of real-time location tracking system for assets and employees, and building information modeling (BIM) is impacting how consultants do their jobs. We gathered together several consultants, and a representative of HID Global, to discuss these topics. Participants were Chris Grniet of Guidepost Solutions, Brandon Frazier of Elert & Associates, Terry Harless of Burns & McDonnell, and Harm Radstaak, HID Global’s Vice President and Managing Director, Physical Access Control. Future of mobile access technology SourceSecurity.com: How is mobility affecting end-user implementations and the way you consult? How has Mobile Access technology affected the way you approach projects?  Chris Grniet: I don’t think I am designing a single project now where we are not using a mobile credential. But the industry has been transitioning slowly to frictionless access. We looked at it 20 to 30 years ago, when we started looking at asset tracking with RFID and antennas around doors, and all of that. We are starting to see new products emerge from HID and others for personnel tracking. I think our society has progressed, and we understand that the electronic component of our lives is attached to us – not embedded yet, but attached. Everybody has that electronic device, and it’s making it a lot easier. We have implemented products for mobile credentialing for large corporations. We are really looking forward to the visitor management component of that. It will make visitor management so much easier. We need to keep it affordable. But it’s going to be there. I am designing projects now with 20 to 30 turnstile entrances to a headquarters building. We are putting in visitor management kiosks. I don’t want a single visitor to have to use those at the end of the day. I want to push the credentials out. Unless they weren’t registered, they should be able to walk through the door because they are a trusted individual. We’re moving toward frictionless access, and that’s a big component of it.   White Paper: Three reasons to upgrade your access control technology Terry Harless: Personally, I haven’t had any projects that use any mobile applications as of yet. I have tried to design them on a couple of projects as an alternate, mainly at tech-heavy firms where they understand technology. For the most part, it has always been value-engineered out because of the price, and also because some of these are smaller companies. Some of the mobile applications have larger licence packs, for a hundred or more licences. That’s my experience. "I think we have yet to see the advantages; people are still imagining what the full potential is of location services" Brandon Frazier: One of my biggest verticals is higher education. I really see mobile credentials being big in that space. I see students, and they have their phones and a little holder in the back for credit cards, and that’s it. That’s all they have. I think the idea of carrying another student ID won’t fit in the phone. I really see very specific verticals having great benefits from mobile. In terms of master planning, I have seen the cost of entry as being very expensive: the cost of replacing readers, the cost of replacing downstream devices. But if I’m doing large projects, I am always spec’ing in at least the mobile infrastructure, so they can add the credentials later.  Harm Radstaak: It’s fair to say we have learned a lot as HID in the mobile access space. As a supplier, our operational model behind the scenes has completely shifted from producing a card, encoding a card, shipping a card. Now we are issuing over the air, revoking over the air. Our IT infrastructure and the way we serve end users though our IT infrastructure has had substantial investments. Moving into the mobile access space, the requirements are higher. Is it residing in the cloud? How are we going about compliancy, privacy, security? More important, if it’s residing on your phone, questions are being asked by end users. How trusted is this? All these areas are important for HID. That’s on the operational model. The other challenge we have is the variety of phones across the world. There are development challenges to support a substantial portion of the phones worldwide, and all the diverse operating systems. Challenges and benefits of location services SourceSecurity.com: What are your thoughts on location services / indoor positioning services? Grniet: Indoor positioning services should be integrated into a security platform that is pre-existing in an environment or will be deployed in an environment. There are plenty of location type services out there, whether in hospitals or factories. The signals have to be right, what we’re using as a tracking device has to be right, etc. I see some of the legacy systems laying to waste because it’s an extra set of management tools. So you need integration into the pre-existing or future systems to be deployed. We need to get everything fully integrated in a unified fashion, so we are operating on a single platform without an extraneous management platform. I think we have yet to see the advantages; people are still imagining what the full potential is of location services. It’s going to play into facility usage, area usage, safety, security, mustering; all of those things are going to be very important. Frazier: I see a lot of potential in specific verticals and employee groups. Let’s use guards as an example: The real-time ability to locate a guard, associate that with nearby assets, using analytics, tying data together, aggregating it, putting that to a body and being able to provide a faster response time. I see that coming, but I think the cost of entry will be too high. I used to do a lot of work in healthcare as well, and the cost of entry is extremely high in tracking services. So we need to find a better way to do it. GPS is great; I don’t know if you can get that in buildings. Adding sensors every 20 feet, triangulation, it’s just not the best solution. Grniet: With GPS we still have the height issue, especially in tall commercial buildings. So I can tell where you are on the X and Y coordinates, but not on the Z axis. That’s a big challenge. So having that built into a facility, then we can talk about asset security and asset tracking. That will be the fundamental component of how we sell it to the security side of the business. Radstaak: I think it’s fair to say HID is very excited about location services. It’s one reason we went out to acquire a company like Bluvision. It’s not GPS, but Bluetooth Low Energy (BLE)-enabled location services. This ties into a couple of things we discussed before. You can look at it from a space utilisation perspective or workplace optimisation, or sustainability, for cost savings in a large corporation. We have had discussions in the pre-acquisition phase about how it would fit with our portfolio and our offerings. HID can provide additional physical and security services. For us, it’s a natural extension. Harless: My experience is in the correctional field, where we have been using [indoor positioning] for 10 to 15 years, either for officer safety or tracking inmates. It hasn’t necessarily been very accurate. You know when a guy walks into a room because you have a detector above the door. The more expensive ones were triangulated, but they were very pricey and unaffordable unless you had some sort of funding. It has been around, and I am glad they are working it into some of the commercial spaces now. It could be very useful. Indoor positioning services should be integrated into a security platform that is pre-existing in an environment or will be deployed in an environment BIM applications and trends SourceSecurity.com: What are your thoughts on building information modeling (BIM) processes and how important are they for consultants? Radstaak: As a supplier, we see it as an increasing request and requirement in the consultant space – some regions lead more than others. In the United Kingdom, all critical mass infrastructure projects have to be specified based on the BIM model. So HID and Assa Abloy have invested quite substantially over the last few years in making our products compatible with BIM modeling. We support it with tools such as Assa Abloy Openings Studio. As a supplier, we see it as an important trend and a way we can support the consultant market.  Harless: For a consultant, it helps tremendously in a couple of ways. First of all, we can pull our building materials straight out of the model. Another thing is, a lot of architects and owners like to walk through buildings and look what’s on the ceilings, on the walls. When you are showing them where the cameras and card readers are going to be (in a BIM model), it’ll give the architects a good idea of what they are going to see when the building actually gets built. They can tell us where to move stuff.  Grniet: To that end, the inception of BIM wasn’t about 3D modelling in CAD, it was about tracking of assets, and understanding everything that was on the ground. It has taken us into: Where are the intersections on construction, so we don’t have pipes running where ducts should be, and is my security equipment going where glass is? If you couldn’t read the plans, we have a BIM model to show you. You talk about seeing what a building will be like, but clients have a hard time envisioning that, seeing beyond the paper, because they are focused on another business – that’s not what they do. So we are utilising some of the tools being provided out there by firms like HID to put the toolkit for BIM modeling in there. We’re also using it for camera focusing. It helps me get a better idea of what I’m going to see in my final product and then show the client. This is why we are focusing a camera in this area. It goes back to sustainability, asset tracking, maintenance, all those things we have talked about under other product categories.  "The future will be security of your software, security of your credentials and your card readers" Frazier:  When BIM is properly implemented, it has made our workflow very efficient. We have found it has been very helpful in our personal design, as Chris said. When we are trying to model a camera, we can see the space. But as a project team architect, if it is not properly implemented or misunderstood, it has created a lot of extraneous tasks for us. And has made us very inefficient. Some people are very good at it, and the process goes really well. Other times we find people concentrate too much on collisions and it doesn’t end up like that in the field, or we design it one way and it ends up another way. It’s very helpful to us in our personal design, but as a project team, it can cause difficulties.   Grniet: Just to add on to that point: We are still having trouble making the companies that manufacture BIM systems understand security’s role in the overall process. It’s easy for an architect to say I have strikes and hardware sets in my BIM model, but it’s under the architectural model. Security lies in this middle ground. We’re electronics, we’re low-voltage. The intersections, the toolkits, everybody’s got a great Revit model of their product, but it’s not in any of the toolkits. We have to build our own. The industry as a whole has a challenge to find the right place to be. Some people are using the MEP (mechanical, engineering and plumbing) model for Revit, some people are using the architectural model. But we have to build our own toolkits, so it’s still a challenge.  Harless: At Burns and McDonnell we have it a little easier because we work with our internal architects. So we do have those tools actually built in-house. When we go to an outside or a third-party architect, to MEP firms, we have the same issues. Sometimes they will delete ceilings or walls instead of moving them, and then we have stuff all over the place. Future trends for physical access and identity technology SourceSecurity.com: What do you think the identity technology industry as a whole should pay attention to over the next one to three years?  What is your vision for the future in physical access or the office space of the future? Grniet: It’s about convergence of multiple areas of business, security of that convergence, the identification and the operability, and unified platforms to allow single vision, reduced resources and fully effective control and management of security, life safety, building management, you name it. Frazier: To sum it up: Cybersecurity and unification will drive migration basically. We need a more cybersecure solution, which will drive migration to other solutions, and that’s when conversations about global, logical security, what else can I do with this? Single sign-on. The big picture will drive a lot of this. Radstaak: The consolidation of technology from different industries will be substantial. It could come from the IT infrastructure, it might come from identity providers who are not currently operating in the security space. I think we currently don’t see yet the substance and the impact of the data analytics and how we can use that in security and broader applications. The services component will be substantial. Harless: The future will be security of your software, security of your credentials and your card readers. And integration, integration, integration. Grniet: And let’s not forget frictionless access. Read part 3 of our Consultants' Forum series here

Security consultants are on the front lines of trends such as “smart buildings” and the increasing demand for green technologies. We recently gathered together several consultants to reflect on what’s new in these areas, joined by a representative of HID Global. Participants were Chris Grniet of Guidepost Solutions, Brandon Frazier of Elert & Associates, Terry Harless of Burns & McDonnell, and Harm Radstaak, HID Global’s Vice President and Managing Director, Physical Access Control. SourceSecurity.com: What are your thoughts on the emergence of “smart buildings”? How do you see the concept expanding? How does making a building “smart” add value to it as an asset? Brandon Frazier: The term smart building has been a moving target beginning in the late 1800s with the electric thermostat. As I see things now becoming networked, becoming smarter, I think we’ll be able to aggregate a lot of data, and probably use that data. I think there will be new ways to use data for the average customer. Chris Grniet: Smart buildings have been a long time coming. It’s about green, sustainability, the ability to control your environment, and making sure you get the most efficiency out of an asset. To understand how an asset is being used is very important. A lot of clients these days are looking for occupancy calculations: Are my facilities being used to their utmost capabilities? What are my populations, and how do I control the environments? And is the real estate really worth keeping because so many people are working remotely? Harm Radstaak: I believe that smart buildings will bring our traditional security industry potentially into a new space, with data analytics and servicing end users, and channeling data to be used for green buildings, sustainability, space utilisation. It’s important for our industry to know how we will make sure that data is secure and trusted for end users and to provide the correct technology, services and solutions. Terry Harless: Another thing is that smart buildings can be used for maintenance. In the security world, you can keep a log of how many people have gone through a door, or use it for maintaining batteries if you’re using wireless devices, or maybe maintain your locks when they have been cycled so many times. {##Poll1697625082 - How do you make your security systems more green?##} SourceSecurity.com: How important is being “green” related to design decisions and product selection? How do you use green products? Frazier: The world of selecting electronics based on green criteria has always been very tricky. A lot of manufacturers have come out with “green products.” I’ve seen more power-efficient products, and we are seeing certifications on them. But it is very difficult, I think, to truly design a green technology-based system end-to-end. Not just single components but an entirely efficient system. Radstaak: I see it as absolutely a trend for end users to specify new buildings according to sustainability and green specifications. For HID Global and ASSA ABLOY, we see it as one of the megatrends worldwide. Green and sustainability are critical as we define our products and solution set and bring that back to the table in design engineering and product marketing. Harless: I’m on board and think green is good. But as far as helping with accumulating points for the LEED [Leadership in Energy and Environmental Design] certification, I have talked with several architects and engineers in the past who are LEED certified and discussed with them some of the green security products out there. For the most part, they say the products are not providing any points for them. They typically don’t want to waste the time of adding security into their evaluation. SourceSecurity.com: So the “green” that we have achieved in the security market is not translating into enough quantitative scoring to make a difference in the LEED certification. Frazier: I think our power usage is so miniscule compared to the big building systems that the savings we offer are just not worth their time (to document). Grniet: I have had some opposite experiences where we are able to contribute if we don’t call it a security category, but we put it in with the low voltage category, so now we have greener power consumption on my switches, my computing systems, people are putting OTNs (optical transport networks) in, and not utilising as much power on a floor-by-floor basis. Now I have smart power supplies, smart locks, green locks. Where the industry has always lacked is the sustainability piece. We talk about zero landfill projects. We talk about rare earth metals involved in these processes, and other materials; this industry continues to source from remote regions. Everybody is pitching “built in America,” but we all have to source something from abroad, and those are real challenges for the security industry. Not to mention the fact that, unfortunately, we ship everything in small packages – it’s all unitised. So we create massive landfills by doing that. There are some companies that have gone out and started packaging in mass relative to orders and said: “This is how we are going to ship, not on an individual piece-by-piece basis.” That has to speak to the entire supply chain relative to sustainability. Read part 2 of our Consultants' Forum series here