By John L. Moss

The security industry can learn from IT by adopting the level of openness employed by IT manufacturers.  While IT manufacturers have for years been producing systems that can interoperate with those from other manufacturers (“Open” products), the physical security industry has historically produced products that lack that capability (“Closed” products).

However, recent momentum in the market for physical security products indicates that the security industry is moving toward the open systems of IT as a new model for growth.  And while this certainly marks a significant change in how the security industry operates, the benefits to manufacturers and end users alike have already made openness a significant business driver. 

WHAT “OPEN” MEANS TO IT

In the IT world, “Open” means “freely available” or “readily accessible” and refers to easily built solutions that utilize open technology.  For years, the IT industry has established volunteer groups that develop specific standards for the entire industry to follow.  These standards make it possible for products to interoperate regardless of who manufactures them.  And while manufacturers are not required to adhere to these standards when developing new products, most of the large manufacturers do.  Those companies that do not follow standards often miss out on important opportunities to work with the larger players and share in related revenue.

The benefits of this to smaller players are obvious.  But why would a large manufacturer agree to participate?  In the world of IT, where the market grows rapidly, and trends change quickly, manufacturers have learned that the best way to keep up is to form partnerships with other manufacturers.  By working in tandem, manufacturers are able to quickly develop new products and outmaneuver the competition to secure market share early. 

There are also huge benefits for end-users.  By being open, the IT industry is able to provide customers with solutions that incorporate “best of breed” products, where the best products regardless of manufacturer are integrated to meet specific needs.  The consumer also has the option of purchasing products that can be added on to technology they have already deployed, secure in the knowledge that products that support a standard can be used interchangeably.

THE SECURITY INDUSTRY’s APPROACH

For manufacturers in the security industry, however, the market has tended to change very slowly and has never been large enough to make this sort of openness appealing or necessary.   As a result, most manufacturers were happy to keep their product specifications to themselves, thereby preventing the integration of new features and products from other manufacturers and protecting market share.

Unfortunately, customers working with large security manufacturers with closed product strategies had to accept that purchasing a system meant that they were tied to that manufacturer and could purchase add-on products only from that manufacturer.  If a manufacturer failed to produce products that met the buyer’s needs, the buyer would have to settle for what the manufacturer had to offer or face the cost of a full system replacement.  This also limited the options of customers who need a full range solution from small sites to large campus, all managed through one overriding interface.

CHANGES IN THE SECURITY MARKET

Today’s security buyer has different expectations.  Demand within the security industry has increased greatly and growth in the market for physical security products and services is bringing a new class of buyer.  Many of these new buyers have well developed IT infrastructures and have grown accustomed to the buying practices within the IT industry and therefore expect open, “best of breed” offerings.  Additionally, many new products are so complex that it is unlikely that any manufacturer will be able to afford to build the most sophisticated solutions without going beyond its own stable of products.  This situation -- the natural state in many industries with well developed open standards and rich aftermarkets -- has pushed manufacturers toward openness, a victory for consumers who now have access to the manufacturer that is producing the best product, not just the product that “fits“.

STANDARDS, A NECESSITY?

Though there are very few standards to guide security product manufacturers in making open products, a call for openness is not a call for formal standards bodies such as those in the IT industry (though a few do exist).  Openness does not necessarily require industry-wide standards, only the willingness to share information.

The information needed to integrate products across manufacturers is usually provided as protocol documentation, or as Application Programming Interface (API) documentation.  A protocol is the language that is used to control a device from another device.  An API, more advanced than a protocol document, specifies how a programmer can write code to control a device and often come with a Software Development Kit (SDK) that includes simple examples of programming to aid developers.  (Unfortunately, some products are closed not because their manufacturers want them to be but because they lack a method of controlling them externally.  In those cases, there will not be APIs or SDKs although the manufacturer may make more advanced models of the product that do have them.)

One example of how this works is the way that manufacturers have started to use the openness of the S2 NetBox to extend their own product offerings.  Imprivata, maker of the OneSign single sign on product that controls passwords and multifactor access to applications in IT environments, used the S2 NetBox API to easily integrate its access and authentication management appliance platform with S2’s NetBox physical access security solution.  As a result of this integration, OneSign is able to prevent login at a computer in a building by a user who is not known to be physically in that building.