February 2008

February 2008 Supplement to Security Products

Clear Vision

20

IP = INTEROPERABILITY(AND OTHER MYTHS)WATCH OUT FOR ASSUMPTIONSABOUT NETWORK VIDEO

Clear Vision

26

A PLACE IN THE NEW RESALE MACHINEWHAT'S NEXT FOR CHANNEL PARTNERSHIPS?

RFID emerges as a powerful security tool

14RFID emerges as a powerful security tool

14

ContentWhere Physical Security & IT Worlds Converge

© Copyright 2008, all rights reserved. Network-Centric Security is a supple-ment to Security Products an 1105media, Inc. publication, and is published 6 times a year: February, April, June, August, October and December.

The information in this magazine has not undergone any formal testing by1105 Media, Inc. and is distributed without any warranty expressed or implied.Implementation or use of any information contained herein is the reader’s soleresponsibility. While the information has been reviewed for accuracy, there is no guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/ornew developments in the industry.

FEBRUARY 2008 VOLUME 2 NO. 1

Network-Centric Security welcomes vendor information and briefings. To arrange a briefing, pleasecontact our editor, Steven Titch, via email at titch@experteditorial.net. Our agreement to acceptor review product material or backgrounders is not a guarantee of publication.

6EnterRFID presents an opportunity for CSOsto lead the adoption of a practical, affordable means of increasing corpo-rate security thatleverages corporateIT strategy.

8InnovateCongress enters 2008 poised to pick up the pace on legislation that will affect corporate security and policyprotocols regardingelectronically storedinformation.

30LaunchNew applications,strategies andsolutions.

32ExitIn an excerpt from itsnew report, the Secu-rity Executive Councilprovides a glimpse ofits extensive hotlinebenchmarking data.

CLEAR VISIONBy Sharon J. WatsonFrom monitoring facilities to locatingpersonnel in an emergency to deter-ring fraud and theft, vendors, analystsand a growing body of users say RFIDis a potentially powerful security tool.

A PLACE IN THE NEW RESALE MACHINEBy Frank BarbettaSecurity companies see their market-place in the next two years characterizedby an accelerated pace of IT networkssupplanting traditional analog systemsand physical solutions business. Thiswill disrupt what until now has been alinear and straightforward supply chain.

FEBRUARY 2008 | SECURITY PRODUCTS

EDITORIAL

EditorSteven Titch281-571-4322

titch@experteditorial.net

Art DirectorDale Chinn

PublisherRussell Lindsay

rlindsay@1105media.com

Associate Publisher/Editor-in-ChiefSecurity ProductsRalph C. Jensen

rjensen@1105media.com

SALES

District Sales ManagerAK, AZ, HI, ID, MT, NV, NM, OR, UT, WA, WY

Barbara Blake972-887-6718

bblake@1105media.com

District Sales ManagerMA, CT, NJ

Frank D’Isidoro908-252-6346

disidoro@comcast.net

District Sales ManagerMidwest, Southeast, North TX

Brian Rendine972-687-6761

brendine@1105media.com

District Sales ManagerNortheast, AR, CO, LA, MO, OK, Canada

Randy Easton678-401-5543

reaston@1105media.com

District Sales ManagerCalifornia

Ben Skidmore972-587-9064

bskidmore@1105media.com

District Sales ManagerEurope

Sam Baird+44 1883 715 697

sam@whitehillmedia.com

District Sales ManagerChina

Jane Dai. New Buddy Limited86-755-82925229

1105 Media5151 Beltline Road, 10th Floor

Dallas, TX 75254

Editorial services provided byExpert Editorial Inc.

www.experteditorial.net

features

departments

1414

2020

IP = INTEROPERABILITY(AND OTHER MYTHS)By John W. VerityAssumptions, hype and pitfalls to watch out for in the transition to digital network video.

2626

S6

Radio frequency identification (RFID) may not be thefirst technology associated with the job of CSO. In fact,throw out “RFID” to a technology analyst in a word association test and the likely comeback would be“Wal-Mart.”

True, Wal-Mart has probably the highest profile among RFID users. The big-box retailer has been

using RFID chips embedded on shipping pallets and bulk packaging for more than a year to track

products from assembly line to store shelf, successfully reducing inventory, transportation and distri-

bution costs. Its methods have been adopted by many others.

As Sharon J. Watson writes in “Clear Vision” beginning on page 24, some savvy companies see

enormous security benefits from RFID, precisely because of its networkability.

For starters, at least in a virtual way, RFID increases visibility.The most seasoned CSO will tell you

there are places cameras can’t go or are not effective. An RFID chip embedded in an employee or

visitor badge can alert a security officer if an individual ventures into an unauthorized area. Since

RFID can fit into a network-centric scheme, a signal can not only trigger an instant message, a page

or other wireless alert, but activate video surveillance, if available, and move the image to a larger

display screen in a control room, and document the incident in a compliant way.

For assets and property, embedded RFID is a way of battling theft, not only from inventory, but of

office property. Again, through networking, RFID can stop someone walking off with a laptop by

triggering an alarm at the door, and, again as part of assuring documentation,

photographing the attempted theft.

What’s surprising, however, is how few organizations outside of retail-

ing and logistics have jumped on RFID’s potential in security.To be sure,

there are privacy issues, but those tend to be associated with more

invasive measures, such as subdermal placement of RFID chips. As

a technology, RFID presents an opportunity for CSOs to lead the

adoption of a practical, affordable means of increasing corporate

security that leverages corporate IT strategy. Moreover CSOs have the

expertise required to successfully deploy RFID for security.

At this point, RFID system vendors, such as Axcess International,

Reva Systems and ThingMagic are looking for avenues into corporate

organizations. RFID is one way CSOs can seize the day.

The RFID Opportunityby Steven Titch, Editor

FEBRUARY 2008 | SECURITY PRODUCTSS8

Congress enters 2008 poised to pick up the pace on leg-islation that stands to affect corporate security andpolicy protocols regarding electronically stored infor-mation (ESI). Meanwhile, in the courts, new proceduresregarding the discovery, submission and authenticationof ESI are expected to see their first real-world tests.

The U.S. Senate strengthened identity theft and identity fraud laws in a unanimous voice vote inmid-November. The bill, the Identity Theft Enforcement and Restitution Act of 2007, among otherprovisions, imposes requirements for privacy and security on enterprises that maintain personallyidentifiable information in electronic or digital form on 10,000 or more U.S. citizens (see box). Thatbill now moves to the House of Representatives for consideration.

The House also passed the Internet Spyware and Protection (I-SPY) Act, which strengthenspenalties against phishing and planting spyware for malicious purposes. The Senate is expected totake up the legislation this year.

For the most part, however, bills that got attention in 2007 represented low-hanging fruit that ad-dressed voter concerns over identity theft and protection of personal data. “Threatening to damagecomputers; threatening to obtain information to use for extortion—there’s no constituency to protestthat,” says Stephen Wu, a partner in the law firm of Cooke Kobrick and Wu LLP, which specializesin legal matters pertaining to information security.

The coming year may see Congress tackle more controversial legislation, including the PersonalData Privacy and Security Act of 2007, which would create civil and criminal liability for companiesthat do not adequately protect personal information on employees and customers.Among other pro-visions, the act would require enterprises to conduct risk assessments of potential security breaches,adopt risk management and control policies and procedures, ensure employee training and supervi-sion for implementation of data security programs.

Specific parameters, however, are still up for debate.These include the question of how large a breachtriggers a notification requirement, and what responsibilities the organization that suffered the breachwould have toward consumers and partners, Wu says. For example, if a company loses credit card data—even if the cause is theft, not negligence—it still might have to bear the banks’ cost of replacingthe credit cards of consumers at risk.

“All this might mean more costs,” Wu says.IT data privacy act also calls for companies to notify any U.S. resident of a breach where it is “rea-

sonably believed” that personal information was accessed or acquired. The “reasonable belief” phrase,observers say, will be a significant part of the debate about the bill’s language. From the perspective of

Congress and Courts Confront ESI by Steven Titch

FEBRUARY 2008 | SECURITY PRODUCTSS10

S. 495 PERSONAL DATA PRIVACY AND SECURITY ACT OF 2007Sponsor: Sen. Patrick Leahy (D-VT)Status: Senate Judiciary Committee has recommendedplacement on Senate calendar

4Imposes a fine and/or prison term of up to five yearsfor intentionally and willfully concealing a security breachinvolving sensitive personally identifiable information thatcauses economic damage to one or more persons.

4Defines “sensitive personally identifiable informa-tion” to include an individual’s name in combination withhis or her social security number, home address, date ofbirth, biometrics data or financial account information.

4Imposes requirements for a personal data privacy andsecurity program on business entities that maintain sensi-tive personally identifiable information in electronic or dig-ital form on 10,000 or more U.S. persons.

4Requires a business entity that is subject to data pri-vacy and security requirements to: (1) implement a com-prehensive personal data privacy and security program toensure the privacy, security and confidentiality of sensitivepersonally identifying information and to protect againstbreaches of and unauthorized access to such information;(2) conduct risk assessments of potential security breaches;(3) adopt risk management and control policies and proce-dures; (4) ensure employee training and supervision forimplementation of data security programs; and (5) under-take vulnerability testing and monitoring of personal dataprivacy and security programs.

4Requires any agency or business entity with sensitivepersonally identifiable information to notify without unrea-sonable delay any U.S. resident of a security breach inwhich such resident’s information has been, or is reason-ably believed to have been, accessed or acquired.

4Requires any business entity or agency that is requiredto provide notification to more than 5,000 individuals of asecurity breach to notify all consumer reporting agencies.

S. 2168 IDENTITY THEFT ENFORCEMENT AND RESTITUTION ACT OF 2007Sponsor: Sen. Patrick Leahy (D-VT)Status: Passed Senate by voice vote Nov. 15, 2007; awaitsaction in the House.

4Authorizes criminal restitution orders in identity theftcases to compensate victims for the time spent to remedi-ate the intended or actual harm incurred;

4Expands identity theft and aggravated identity theftcrimes to include offenses against organizations (currently,only individuals are protected); include conspiracy to com-mit a felony with the definition of “felony violation” forpurposes of aggravated identity theft crimes;

4Eliminates the requirement that damage to a victim’scomputer aggregate at least $5,000 before a prosecutioncan be brought for unauthorized access to a computer;

4Makes it a felony, during any one-year period, to damage 10 or more protected computers used by or forthe federal government or a financial institution;

4Expands the definition of “cyber-extortion” to includea demand for money in relation to damage to a protectedcomputer, where such damage was caused to facilitate theextortion.

H.R. 1525 INTERNET SPYWARE AND PROTECTION ACT OF 2007 (I-SPY) Sponsor: Rep. Zoe Lofgren (D-CA)Status: Passed House by voice vote May 22, 2007. Awaitsaction in Senate

4Amends the federal criminal code to impose a fineand/or prison term of up to five years for intentionally ac-cessing a protected computer without authorization to in-stall a program and intentionally use that program in fur-therance of another federal criminal offense.

4Imposes a fine and/or prison term of up to two yearsif such unauthorized access of a protected computer is forthe purpose of obtaining or transmitting personal informa-tion with intent to defraud or injure a person or cause dam-age to a protected computer; or intentionally impairing thesecurity protection of a protected computer with the intentto defraud or injure a person or damage such computer.

HR. 2290 CYBER-SECURITY ENHANCEMENT ACT OF 2007Sponsor: Rep. Adam Schiff (D-CA)Status: Referred to House Judiciary Committee

4Amends the federal criminal code to: prohibit accessinga protected computer to obtain a unique identification num-ber, address or routing code, or access device; revise the de-finition of “protected computer” to include computers af-fecting interstate or foreign commerce or communication.

4Expands the definition of “racketeering” to include com-puter fraud; redefine the crime of computer-related extortionto include threats to access without authorization (or to ex-ceed authorized access of) a protected computer; imposecriminal penalties for conspiracy to commit computer fraud.

4Imposes criminal penalties for damaging 10 or moreprotected computers during any one-year period.

S. 2213 CYBER CRIME ACT OF 2007Sponsor: Sen. Orrin Hatch (R-UT)Status: Referred to Senate Judiciary Committee

Amends a loophole in current law to make conspiracy tocommit extortion through a threat of damage or impair-ment of a computer a crime.

Pending Congressional Legislation

the security process, it is likely to creategreater demand for standards on internalcorporate data classification as enterprisesdeal with identifying which information as-sets are stored where.

Two technology trends, however, raisecompliance concerns over the way informa-tion can be catalogued and how access to itcan be controlled. The first trend, virtualiza-tion, has led to IT environments where infor-mation is housed across multiple storage

hardware, which appear to the user to be onelarge repository.The second is the decreasingsize and cost of high-capacity storage devices,such as flash drives, which can be used to ille-gally copy data or simply be stolen outright.

Meanwhile, several versions of identitytheft, cybersecurity and anti-spyware legisla-tion are moving through the Senate and theHouse and could possibly be combined atsome point. In general, the bills, which con-tain a number of overlapping provisions,

make it a felony to conspire to attack a com-puter network, or hack one with the purposeof stealing information.

E-DISCOVERYIn the courts, the new year likely will seewider application of new federal rules thathave standardized e-discovery procedures instate courts. These new rules became effec-tive December 1, 2006, but given that it takesan average of 18 months for most civil actionsto reach trial, Wu reckons 2008 will be a wa-tershed year as attorneys and judges gainfirst-hand experience with the new rules.

The rules establish a chain of methodsthat attorneys can use to get ESI from anorganization. Many are basic. For example,they allow litigants to request data in spe-cific formats, such as TIFF, JPEG and PDF.Overall, Wu says, the rules have both bene-fits and drawbacks. On the upside, they cre-ate higher standards for the authenticationand validation of the data than an affidavitor testimony from a CSO or CISO; they callon courts to push plaintiffs and defendantsto demonstrate objectively that the infor-mation represents what they claim it does.

The downside, however, is that e-discov-ery could be used as a tactic to overburdenopposing litigants—or worse, win sanctionsagainst them—by forcing them to slogthrough voluminous records, Wu says.

Either way, the procedures mark the be-ginnings of a “sea-change in the way litiga-tion is conducted,” Wu says. Discovery datawill increase geometrically.“Vast quantitiesof information will overwhelm the paper-based paradigm. All courts will have tocome to grips with ESI.”

FEBRUARY 2008 | SECURITY PRODUCTSS12

Since 2001 Brussels Airport

has relied on IndigoVision’s IP

Video for CCTV Surveillance

7 Years - Field Proven

700+ Cameras

40 Workstations

1 Integrated Solution

IP Video and Alarm Managementwww.indigovision.com

Circle 406 on card.

Stephen Wu

FEBRUARY 2008 | SECURITY PRODUCTSS14

Clear Vision

To accomplish this, the firm placed radiofrequency identification (RFID) tags onall the assets passing through the facility.The tags use WiFi-based Active RFIDtechnology from AeroScout Inc., in Red-wood City, Calif.

RF “exciters” placed at strategic door-ways throughout the facility signal anytags entering their coverage area. The tagsrespond immediately, enabling the net-work to precisely locate the tag. Once lo-cated, a local video camera begins record-ing in the tag’s area, so that cameras nowrecord only when and where an asset isphysically present.

“Whenever a tag is on an asset, you havecomplete visibility of it,” says Amir Ben-Assa, industry solutions marketing direc-tor for AeroScout.

Visibility—of something or someoneand whether they are or are not wherethey are supposed to be in space ortime—is RFID’s key attribute for securi-ty. The technology uses tags—a microchipcombined with a tiny antenna—and read-ers to enable companies to track the location of products, tools, personnel and activities.

Tom Schuster, CEO of Reva Systems,based in Chelmsford, Mass., says the tech-nology gives security personnel a multi-faceted, comprehensive view of the criticalassets they must monitor. “RFID enablesyou to see individual items alone, as theycome together with other items, and asthey change,” he says.

From monitoring facilities to locatingpersonnel in an emergency to deterringfraud and theft, vendors, analysts and agrowing body of users say RFID is a po-tentially powerful security tool.

KEEPING PERSONNEL VISIBLEPlacing RFID tags on employee, guest orcontractor ID badges enables companies todefine and enforce restricted areas andequipment and control access to them.

Occidental Petroleum Corp. uses AxcessInternational’s Active Tag RFID solutionfor hands-free access control at the compa-ny’s Elk Hills Reserve field in California.Occidental has used more than 14,000 tagsto monitor employees and on-site contrac-tors since December 2005. The system alsogives the company time and attendancerecords required for safety reporting aswell as a reliable locator system in case ofemergency.

“The badge looks a lot like a proximitycard but has a long range,” says AllanGriebenow, president and CEO of Axcess,based in Carrollton, Texas.

The Port of Barbados also uses an Ax-cess personnel monitoring solution that isexception-based. If a person’s RFID tagregisters them as being out of place, anemail, page or wireless alert is automatical-ly sent. “That increases the productivity ofsecurity personnel,” Griebenow says.

CHAIN OF CUSTODY RFID tags also can associate specified usersto specific pieces of RFID-tagged equip-ment, such as keyboards, factory or medicaltools, vehicles, even filing cabinets and thedocuments within them.The tags can offer arecord of who touched what when.

University Medical Center in Tucson,Ariz., uses AeroScout’s WiFi-enabled ac-tive RFID tags with its Philips Asset Track-ing Solution to monitor the location ofthousands of medical devices. The tracking,with Web-based location tools, enables the

WWW.SECPRODONLINE.COM S15

A large German manufacturer wanted to reduceits operating and data storage costs while in-creasing the security efficiencies of the severalhundred video surveillance cameras it uses tomonitor a huge production facility.

RFID EMERGES AS A POWERFUL SECURITY TOOL

BByy SShhaarroonn JJ.. WWaattssoonn

FEBRUARY 2008 | SECURITY PRODUCTSS16

hospital to quickly locate critical equip-ment across nine floors comprising aboutone million square feet. Faster locationmeans better patient care. It also tells ad-ministrators who the last user was, in casethe device is damaged or lost. That means

units can be held accountable for damages.To verify its shipments of consumer

electronics products, Sony Logistics Eu-rope is using an RFID deployment fromReva Systems.

In a large distribution warehouse in Hol-land, Sony labels individual goods withRFID tags. An automated MPEG4 videosurveillance system records the tag readsduring item picking, packing, pallet wrap-ping and truck loading. Further, the tag datais burned into the video stream at each

point. If a delivery customer says an item ismissing, the specific item can be traced backto individual cameras at each step so thatSony can verify whether it shipped.

“This was a project that had to stand onits own legs as an RFID application and

bring security results,” says Schuster atReva Systems.

“Loss prevention is key throughout thesupply chain and retail,” says DimitriDesmons, director of RFID marketing forImpinj, Inc. in Seattle, Wash. A luxurygoods manufacturer is using Impinj chipsto deter counterfeiting. By incorporatingan RFID tag into its product packaging,would-be counterfeiters would have to du-plicate the tag to get away with duplicatingthe product.

CUSTOM IS COMMONWhile RFID’s security applications are eas-ily categorized into tracking personnel andassets, companies are unlikely to find pre-packaged RFID solutions from vendors.

“There is no off-the-shelf RFID,” saysRavi Pappu, co-founder and head of theadvanced development group for Thing-Magic in Cambridge, Mass. Further, henotes that even the widespread standard-ization of RFID components doesn’t guar-antee plug-and-play applications. “There’ssome black magic that goes on to make anRFID system work,” he says.

Some vendors offer RFID solutions forspecific industries they claim can be de-ployed relatively quickly for applicationswith well-defined limits, such as complyingwith a larger trading partner’s RFID tagrequirements. T3Ci and BEA Systemsoffer a solution combining RFID tags,readers and analytics.

Impinj and a group of allied vendors

Just three or four years ago, most RFID applications werestand-alone implementations based on proprietary tagsand readers. Their goal was to comply with mandates fromWal-Mart or the Department of Defense that required theirsuppliers to tag pallets.

In a short time, the industry has come a long way from“slap and ship” RFID to embracing standards that help en-sure interoperability among RFID components within en-terprise network applications. The maturing of RFID makesit even more effective as a security and business tool.

“It’s actionable data from RFID readers that gives thetechnology greater value in an enterprise,” says TomSchuster, CEO of Reva Systems in Chelmsford, Mass.

STANDARDS FOR SHARINGMost compliance-driven RFID applications aren’t designedto share data. That’s changing, as new generations of RFIDsupport networking protocols such as Transmission Con-trol Protocol/Internet Protocol (TCP/IP) and 802.11 WiFistandards.

That makes it possible to effectively use WiFi networkaccess points to read tag data. AeroScout Inc., RedwoodCity, Calif., makes WiFi-enabled RFID tags that communi-cate with access points from major vendors like Cisco Sys-tems, Aruba, Trapeze and others.

Using WiFi access points allows RFID to be deployedwithout RFID readers, though most vendors say they expectto see a mix of increasingly intelligent network-based read-

ers as well as access points used for gathering RFID data.In addition, leading vendors comply with standards

from EPCglobal, an international RFID standards body. Keystandards are the Generation 2 UHF protocol for transmit-ting data, the Electronic Product Code (EPC) standard andEPC Information System (EPCIS) standard, designed to letdisparate business applications share EPC data gleaned byRFID readers.

INTERPRETING THE DATA Even standards-based data from readers must be aggre-gated and filtered for use in Enterprise Resource Planning(ERP) or other enterprise applications. This data massag-ing is typically done today in a layer of middleware. Mid-dleware also enables users to set rules for alerts triggeredby tag movements or additional data from sensors em-bedded in RFID tags.

Reva System’s Tag Acquisition Processor (TAP), afirmware device that collects and interprets standard datastreams from RFID readers, can give users multiple per-spectives on the same tag reads. A logistics expert mightdissect the efficiency of the product’s manufacturing flow,while a security expert examines how often the productpasses doors and windows that should be secured.

RFID is most successful when it’s implemented to solvemore than one problem, say vendors and analysts.

“Get a partner who understands the business problemyou’re trying to solve,” says Schuster.

RFID: Ready for the Corporate Network

A growing body of users says RFID is a potentially powerful security tool.

FEBRUARY 2008 | SECURITY PRODUCTSS18

are offering semi-packaged “function-ality” for pharmaceutical, media/enter-tainment, apparel, food safety and othervertical market applications. The support-ing companies include epcSolutions,GlobeRanger, InSync Software, OATSys-tems, Omnitrol Networks, Scout Software,Systech International, Tacit Solutions, VueTechnology and Reva Systems.

Packaging vendors could offer addition-al near-ready-made RFID applications. Pli-ant Corp., a Schaumburg, Ill.-based stretchfilm manufacturer, has partnered with Pow-erID in Petah Tikva, Israel, to create tam-perproof stretch film. The solution in-volves electrically connecting a PowerIDbattery-assisted RFID tag to a wirewrapped with the stretch film around ashipping pallet. Cutting the film ensures thewire is cut too, thereby breaking the circuitand making the tag unreadable.

“This is a solution for valuable or sen-sitive shipments,” says Jeff Middlesworth,

principal development engineer at Pliant,noting that customers must be willing tobalance the added security with the costof the tag.

SECURING BUSINESS BENEFITSRFID applications easily cross security andbusiness lines, with applications designedfor process improvement leading to moresecurity and vice versa.

Schuster cites a Reva Systems client thatuses RFID tags to automate inventorycounts when loading and wrapping palletsto improve security. Automating the readsmeant the company could stack the goodshigher on pallets because personnel nolonger had to physically reach items tocount them. In turn, the higher pallet stacksled to less handling, more efficientlypacked trucks and fewer truck runs.

Capitalizing on the fact that RFID usedfor security can solve business issues toocan help make the business case for RFID

security applications.“For high value items with a street value,

[real-time location systems] or tamper-re-sistant asset tagging can provide a real ROI[return on investment] if losses are signifi-cant,” according to Daniel P. Mullen, presi-dent, AIM Global, an RFID industrygroup. In a written reply to queries, Mullenalso noted that security might be the onlybusiness case for protecting data on laptopsand removable media.

“Considering the potential embarrass-ment and legal/financial penalties for dataloss these days, the ROI is fairly easy to calculate,” he wrote.

SShhaarroonn JJ.. WWaattssoonn is a journalist based inSugar Land, Texas. She can be reached atsjwatson@experteditorial.net.

Tags—microchips and antennas—are the heart of RFID, containing dataabout an object or person being monitored. The tags come in three varieties:passive, semi-passive and active.

Passive tags are the least expensive, because they have no power sourceof their own. To transmit, these tags must reflect power from a reader. Thedrawback is that readers must be very close to the tag. By contrast, semi-passive RFID tags have a small power source, like a battery, to boost theirsignal to a reader.

Active RFID tags, the most expensive option, have an embedded powersource so they can transmit signals independent of readers. This transmis-sion capability makes Active RFID tags ideal for real-time location systems(RTLS) and for use with sensors. The tags can answer queries or send analert when a sensor threshold is reached.

“Powered RFID changes the spectrum of security,” says Allan Griebenow,CEO of Axcess International, in Carrollton, Texas. Griebenow says activeRFID provides greater flexibility and accuracy for security and business re-quirements. “You can rely on the tag read,” he says.

Stimulating an active RFID tag to reveal its data or location is a key function.Axcess’s technology “wakes up” a tag with hidden antennas. AeroScout’s “ex-citer” tools accomplish a similar function over a WiFi network.

Almost anything can be tagged via RFID. In November, Axcess introducedDOT, a battery-powered wireless computer as small as a grain of rice. Its firstuser will deploy it with personnel, assets and vehicles.

RFID tags also can be combined with sensors that can measure tempera-ture changes, motion, humidity, chemicals, even the presence of com-bustible gases. Active RFID and sensors could provide another array of pow-erful security tools.

Those Terrific Tags

A potential drawback to using RFIDto monitor personnel is runningafoul of current or proposed priva-cy laws. However, RFID propo-nents point out the safety benefitsof RFID-based badges are an excel-lent counter to privacy issues, atleast in an emergency.

“Knowing who exactly was inthe facility, where they were, andwhether they exited can be the dif-ference between life and death,”says Daniel P. Mullen, president ofAIM Global, in written commentsto Network-Centric Security.

ThingMagic, which makes chipsand software for RFID tags, learnedthis firsthand when its personnelevacuated their building in Decem-ber 2006 because of a fire. In thechaos, it wasn’t clear if everyonehad gotten out. The company’sprogrammers rigged a simple sys-tem using a Google Maps API andtag reads to locate employees.

“In those kinds of situations,people really want to be found,”says Ravi Pappu, co-founder andhead of the advanced developmentgroup for ThingMagic. “The notionof privacy invasion went away.”

Privacy andPersonnel Matters

FEBRUARY 2008 | SECURITY PRODUCTSS20

IP-based cameras, networks and othergear promise not only to drive down hard-ware, installation, operations and mainte-nance costs—they also will greatly improvevideo imagery, make possible innovativenew surveillance techniques and facilitatevideo’s integration with other security sys-tems and with IT in general.

IP brings video into the informationtechnology mainstream, enabling camerasand other hardware to take advantage ofthe mass-market’s economies of scale. WithIP, standard Ethernet-based networks treatvideo imagery as just another type ofdata—albeit a rich and somewhat bulkyone—that can be recorded, analyzed and

viewed anywhere on the Internet withsomething as compact as a handheld phoneor PDA—a big help for first responders.

For all its promise, however, IP isn’tmagic. Just because two products employIP and its fellow traveler, Ethernet, it doesnot mean that they will immediately beable to work together in any useful way.Yet, many customers expect that kind ofplug-and-play facility. They equate “IP”with “open architecture” and assume it willenable them to mix and match hardwaredevices and software regardless of brand.In fact, while adopting IP certainly is a bigstep towards creating an open architecturefor all kinds of security systems, including

video, it doesn’t solve all problems of inter-operability. For now, some open architec-tures are more open than others.

NO SHAME IN CONFUSION Actually, customers can be excused forbeing confused right now. The video sur-veillance market is growing fast, and thechange from analog to digital is nothingshort of radical. Moore’s Law, which statesthat computer processing power doublesevery 18 months, enables digital productsto evolve extremely rapidly.That puts somemajor market positions at stake.

So, while smaller manufacturers are opento accusations of overselling IP video’s ad-

Who’d of thought something as humble as the Internet Protocol (IP)could roil the video surveillance market so?

IP=Interoperability(and Other Myths)WATCH OUT FOR ASSUMPTIONS ABOUT NETWORK VIDEO By John W. Verity

WWW.SECPRODONLINE.COM S21

vantages, the larger, analog-centric makersare not above pooh-poohing the new tech-nology as overly complex, relatively expen-sive and less than rock-solid. Typical of thedoubts they’ve been heard to raise: Wouldyou trust something as critical as physicalsecurity to a PC-based server that mighthave viruses or need rebooting once a day?

“IP networking has excellent poten-tial,” states Steve Surfaro, group managerand strategic technical liaison at Panason-ic, a leading maker of analog gear. “Is itunstoppable? Absolutely. But there will bea gradual progression. Analog will alwaysbe there, even if gets relegated to entry-level products.”

So far, digital technology has had itsbiggest impact at the head-end, in theequipment that records and displays videosignals. The shift to digital recording hasshifted innovation almost entirely to soft-ware, which has not always been thestrongest suit for the established providers.GE, Bosch, Panasonic, Honeywell andPelco, among others, have responded main-ly in two ways: moving to acquire makers ofdigital gear and software, and striving to in-novate more in the area of cameras. In-creasingly, intelligence is being built intocameras themselves, a move that is directlyfacilitated by IP.

SMART CAMERASWhile continuing to sell a full line of analogcameras and digital encoding/decodingequipment, Bosch Security Systems isgrowing its line of intelligent IP-based cam-eras. They can perform the kinds of analyt-ics that have usually run in centralizedservers: analyzing traffic patterns, detectingloiterers, and noticing objects that get leftbehind as someone leaves a scene. “Thebeauty of this is that the camera decides byitself to report what it sees,” says BobBanerjee, product marketing manager forIP video products at Bosch. “The distribu-tion of intelligence means a fundamentallydifferent total cost of ownership. You canhave a camera in Outer Mongolia. This is aworld where not everyone has high band-

width networks.”Bosch, Banerjee states, is determined to

drive down the price of its intelligent cam-eras to the range of $200 to $300 per unitand “bring analytics to the masses.”

PRICING AND QUALITYPanasonic is actively innovating in IP cam-eras, too. It is fleshing out a line of Ether-

net-ready cameras while adding IP encod-ing to certain analog models. The latter,says Surfaro, still have some advantages inlow-light surveillance, for instance, thoughdigital technology is fast-improving there,too. Certain situations, he says, are stilltackled best with a combination of analogand digital cameras.

Panasonic is putting special emphasis on

• Smart Solutions: NVR, IP software, hybrid systems• Powerful monitoring features included

• Megapixel IP cameras and analog cameras• Open integration with other systems

• Simple, cost-efficient IP camera licensing• One easy to use, powerful interface

www.exacq.com • 317.845.5710

Project12 1/10/08 2:44 PM Page 1

Circle 410 on card.

FEBRUARY 2008 | SECURITY PRODUCTSS22

improving image quality because it seesthat as a key differentiator versus the manyconsumer-class IP cameras now floodingthe surveillance market. High-resolutionimages from cameras that have multi-megapixel sensors will be a big help withthe coming wave of new image-processingand analytic techniques. “Pricing is a seri-ous problem as the industry moves to IP,”Surfaro says. “Other makers are not invest-ing in image quality as much as adding IPtransport.” By tapping its heritage inbroadcast video, Panasonic hopes to distin-guish itself from the pack.

Panasonic is also readying a line of sur-veillance monitors that use the same HighDefinition Multimedia Interface (HDMI)used in home television setups. This willhelp the company to ride the consumermarket cost curve.

Another company with a strong analoglegacy is Pelco. “We continue to sell a lot ofanalog products,” says Rob Morello, productmarketing manager for digital systems. “En-terprise customers are all looking for IP. Buta lot of these customers don’t want to doforklift upgrades, and their analog equip-ment is not fully depreciated.” Pelco’s an-swer has been to bring out a matrix digitaldecoder that enables IP cameras to operateas an extension to analog networks. It’s sell-ing this directly to customers and also plansto sign up other manufacturers to resell it.

FEW OTHER CCTV STANDARDSMorello says that as a whole, the IP surveil-lance market is still short on industry stan-dards. Unfortunately, Pelco is not a bigenough business to dictate standards, espe-cially in the face of the much larger con-sumer and PC markets.That provides an op-portunity for Pelco and other companies toselect a few standards—for digital videocompression, for instance—and throw theirweight behind them as a way to help securi-

ty systems integrators. “We will provide freeAPIs to others,” says Morello.

Among those oth-ers are Milestone Sys-tems and OnSSI,which make PC-based video manage-ment software. By ne-cessity, each has hadto work hard in edu-

cating the marketplace about the benefits ofIP networking and digital video. “We be-lieve we are making the video server indus-try more horizontal,” says Milestone’s EricFullerton, chief sales and marketing officer.Old-line analog venders, he says, have tradi-tionally been vertically integrated, makingeverything from cameras to storage systems.“IP is enabling the decoupling of hardwarefrom software.”

Milestone, he says, has designed its soft-ware to be open to many different suppliers’gear, including more than 35 brands of cam-era.“We aim to provide more choice in best-of-breed hardware, applications, and stor-age.” Certain competitors, he says, have triedto “create vertically-integrated stacks oftechnology” that often include proprietarycameras. “We want to help people bust outof proprietary jail.”

Gadi Piran, president of OnSSI, offers asimilar story about open architecture, claim-

ing his company’s NVR software works withsome 300 IP cameras, across a broad rangeof quality, features, and pricing. He notesthat for each type of camera, OnSSI mayhave to develop specialized software to han-dle control functions such as pan, tilt, andzoom, but the actual video images it recordsarrive in one of only a few fairly well-accept-ed standards.

CISCO LENDS ITS WEIGHTIf there’s any company whose name is synonymous with IP, it’s Cisco Systems,the leader in IP-based networking gear.And Cisco has made it very clear that ithas serious plans in the area of IP-basedvideo and in all forms of physical security.If nothing else, IP-based video will helpdrive demand for Cisco’s network routersand switches, which are and will be thecore of its business.

Cisco’s vision of video surveillance net-works is modeled on what it has accom-plished in IP telephony: The IP network isnot simply plumbing, a means merely ofmoving bits from here to there; it also pro-vides a range of technical services and serves,in essence, as a platform on which other com-panies and customers themselves can buildapplications. Unplug a Cisco IP telephone inyour company’s office in California and re-connect it in the Paris branch office, for in-stance, and the company network will auto-matically detect the change and act accord-ingly. Your calls will be forwarded to Parisand all of your directory services and otherinformation will be available exactly as if youwere in the home office. Equally important,since the network recognizes the device as a

Just because two products employ IP and Ethernet,

it does not mean that they will immediately be

able to work together in any useful way.

API (Application Program Interface): a set of routines, protocols and toolsfor building software applications. (Webopedia)

HDMI (High-Definition Multimedia Interface): A licensable audio/videoconnector interface for transmitting uncompressed, digital streams. HDMIconnects digital audio/video sources, such as a set-top box, a HD DVD Discplayer, or a PC to a compatible digital audio device and/or video monitor.(Wikipedia)

iSCSI: A protocol that allows clients to send SCSI (Small Computer System Interface) commands to SCSI storage devices on remote servers. Itis a popular Storage Area Network (SAN) protocol.

Glossary

Eric Fullerton

FEBRUARY 2008 | SECURITY PRODUCTS

Project6 1/10/08 11:28 AM Page 1

Circle 412 on card.

phone, it will prioritize any traffic headed its way to make surethe audio they’re carrying suffers no degradation because ofpacket delays.

It should be the same with video, saysBob Beliles, senior manager of physicalsecurity market management at Cisco:“Once the network is a video platform,it will be much easier and faster for inte-grators and dealers to install new sys-tems. Developers will be able to addmore features and networks will be

much easier to scale.”This will require makers of edge devices such as cameras

to embrace certain standards, “but that’s the beauty of stan-dards,” Beliles says. “Anyone can implement them. And ifthey do, any vendor’s product will communicate with anyother vendor’s product.”

The alternative is the maddening process of developing in-terfaces to help different products interoperate. Says DennisCharlebois, Cisco’s director of product management for phys-ical security:“In our experience, easily 19 of 20 companies willsay they do something [as defined in a technical spec] whenactually they do not. This creates a lot of pressure and wastesa lot of money.” Building to a set of standards will assureeveryone of some level of basic interoperability. SaysCharlebois: “The challenge will be in getting something outthere that people will adopt. We must collaborate with othersto establish standards.”

INSTALLED BASE TO PROTECTAs Cisco sees it, the first standards to get in place will be at theedge, inside cameras. Following that is middleware, the soft-ware that integrates video with other security systems with an-alytics and perhaps even CRM systems. Other standards willbe needed to deliver video for viewing on desktop worksta-tions and mobile devices.

Cisco’s hardly ignoring the sizeable number of customers stillusing analog networks and cameras. Its acquisition of SyPixxNetworks brought it software and hardware technologies thatenable analog video networks to IP-based setups. “This enablesus to provide a hybrid environment,” Beliles says.

Whether Cisco can successfully leverage its unsurpassednetworking know-how into the security market remains to beseen. And how well old-line providers can navigate the tech-nical and economic changes wrought by IP is another bigquestion mark. Perhaps the only sure bet is that eventually,and probably sooner than later, IP will dominate video sur-veillance as it has just about every other field on which it hasset its sights.

JJoohhnn WW.. VVeerriittyy is a free-lance writer based in South Orange,N.J. He can be reached at john@jverity.com.

Bob Beliles

FEBRUARY 2008 | SECURITY PRODUCTSS26

Security companies see their market-place in the next two years characterizedby an accelerated pace of digital informa-tion technologies (IT) and Internet Proto-col (IP) networks converging into and sup-planting the traditional analog systems andphysical solutions business. This stands todisrupt what has been a linear and straight-forward supply chain: Manufacturers soldto distributors. Distributors sold to a net-work of contractors, installers and dealers.

The entry of companies such as Cisco

Systems, Electronic Data Systems, Hewlett-Packard and IBM, which bring their ownstructured channel partner networks, hassent tremors through the traditional supplychain. Established contractors now findthemselves faced with the task of develop-ing new skill sets to deal with the IT aspectsof the job. The good news is that IT compa-nies show signs of reaching out to contrac-tors and installers of video and access-related security systems (see “ChangingChannels,” Network-Centric Security,

August 2007). The downside is that theseestablished players will now be competingwith the IT reseller channel and may haveto share sub-contracted business with otherintegrators. On another front, there havebeen reports of distributors themselvesbidding on large security projects in directcompetition with their dealer base.

A late 2007 canvassing of manufacturers,distributors, systems integrators and valueadded resellers (VARs) strongly suggests aconsensus toward a positive yet sometimes

Wisely prepared companies in the resale channel will continue to benefit

from the new, emerging climate of security and IT convergence. Along the

way, channel executives envision an increase in new partnerships and

tighter handshakes on existing relationships among the security industry’s

manufacturers, distributors, systems integrators and value-added resellers.

A Place in the New Resale Machine

WHAT'S NEXT FOR CHANNEL PARTNERSHIPS?

By Frank Barbetta

WWW.SECPRODONLINE.COM S27

disruptive and challenging outlook withinthe third party channel environment asmany participants position themselves forchanging times.

Channel businesses may stop short offormal joint ventures and merger and ac-quisition (M&A) activities, but manufac-turers aren’t ruling out such developments.French manufacturer Schneider Electric’s$1.54 billion acquisition of Clovis, Calif.video management system vendor Pelcothis past October could be a representativepace setter.

In addition, local and regional securitycompanies are closely watching severallarge diversified electronics vendors andgeneralist system integrators—such asCisco Systems, EDS, EMC, Hewlett-Packard, IBM, Science Applications Inter-national Corp. (SAIC) and Seagate—thatwill be showing increased interest in thebusiness over the next 12 to 24 months.

Meanwhile, the overriding imperativeamong dealers and installers is to avoidstepping on each other’s toes in competitivebidding contests and to gauge arguablythreatening collisions with the nationalbrand name vendors seeking major con-tracts that include security criteria. To date,however, security executives surveyedaren’t reporting any low-ball or margin-squeezed bids by such large companies.Several security integrators, in fact, see newopportunities when IT vendors pursue mul-timillion dollar contracts directly with end-users. The way the IT channel works, largechunks of those contracts will filter down toVARs, who end up in a sub-contracting role.The key for a physical security installer orintegrator, then, is repositioning the busi-ness to be a credible IT VAR.

STRENGTHENING PARTNERSHIPSMeantime, the relationship equity that secu-rity contractors and integrators have builtwith customers has not escaped the notice ofbig IT equipment distributors. The conver-gence trend is motivating them to beef uptheir security product portfolios andstrengthen their integrator partnershipswith sales leads and other third party sup-port programs, says Robert Hile, vice presi-dent of business development at IT, networksystems and broadband integrator Adesta in

Omaha, Neb. Amongthe incentives beingoffered to resellersare purchase dis-counts, longer pay-back periods and reg-istries for getting in-side tracks on projectbids, he says.

“The IT types of distributors are addingvalue to spur purchases of all sorts of prod-ucts,” he added. “They really are doing agood job stepping up to the plate. I don’treally see anything that would stop thismovement. Traditional distributors of secu-rity products aren’t reaching out as much.”

Hiles sees an accelerating evolution inthe new security IT distribution model.“We’ll see more creative ways to help usget business and make money,” he says.“Some companies are putting feet on thestreet to get deals and bring in the integra-tors. But the traditional security guys willbe the most challenged to maintain theirpiece of the market share.”

John Gaillard, president of security dis-tribution at value-add distributor Scan-

Source Inc., Green-ville, S.C., agrees. “Weare continuing to seethe convergence trendmove forward as wethought it would,” hesays. “IP forecasts arereasonable, and wewill see some big

shifts in buying habits. There are lots of tra-ditional analog systems being sold, andthere are still many applications for that.But more IT integrators are seeing the IPopportunity and the future someday will be100 percent IP, albeit not overnight.”

According to Gaillard, IT integratorsbidding in the traditional security market-place has now become “a fact of life,” al-though whether the IT integrators are fromsoftware, server, computer system or net-working worlds may be somewhat mud-

dled. Video security is the priority for new-comers, he said, with some interest in ac-cess control systems likely to follow.

“A full suite of security will be the eventu-al goal, and the smart ones are looking to ITfor all this,” Gaillard maintains. “The pace isbeing set by end-user bids for computers,telecom and such—with security beingadded. Some traditional security dealers arestruggling with all this and not getting thebigger picture, but the risk is that if theydon’t migrate, they lose the ability to sell tothe customers. For the most part, IT integra-tors understand what will be happening.”

MORE INTEGRATION“Where we’re going a couple of years downthe bend—as so much depends on cost asphysical security migrates over to IT—is tobetter reposition physical security in rela-

tion to IT,” said ArtMorrison, operationsmanager at value-adddistributor ProTechSecurity, North Can-ton, Ohio. “The ven-dors with the besttoys will sell the siz-zle and show how it

can be done. People will find the money be-cause they want good working systems. Ascameras get smarter and have more fea-tures, as access control gets bigger and assmart analytics increasingly surface, we’llsee more integration.”

Morrison said he is looking to public ad-dress intercom, speaker and paging systemsfor mass alerts as another potential up-and-comer for the IT/IP/security convergencemix. He also foresees more competitionamong smaller companies from both thephysical security and IT sides of the fence.

AN INCREASING SKILL MIX“We’re starting to see an increasing mix ofsecurity people and IT/networking typesgetting involved in physical security andsurveillance,” said Robert Lecher, owner

‘What ends up winning is the best channelprogram regardless of technology.’

—Joseph M. Heinzen, e-Convergence

Robert Hile

John Gaillard

Art Morrison

and president of value-add distributor Re-pLogix LLC, Shelby Township, Mich.“There are also people from the automa-tion business starting to look at this marketas a potential growth area.”

Lecher sees a continued repositioningand re-education among manufacturers,distributors and resellers alike. “This ispart of the challenge that will continue withthe existing security base,” he said. “I seepeople with the knowledge of IT technolo-gy move into the physical security spaceand see that transition being easier thanthe traditional security people learning IT.”

For ioimage, amaker of digital sig-nal processor (DSP)-based video surveil-lance devices, en-coders, IP camerasand analytics soft-ware tools, distribu-tion is paramount in

its effort to reach mid-range markets, saidDvir Doron, marketing vice president withthe Herzila, Israel, headquartered company.

With U.S. offices in Denton, Texas, ioim-age has reps, integrators and distributors inits U.S. lineup, including e-Convergence So-lutions of Centreville, Va.; Northern VideoSystems of Rocklin, Calif.; and most recent-ly, Supercircuits of Austin, Texas.

Doron says the companies need the abili-ty to reach mass distribution markets, but headds that large systems integrators are in thefield with direct end-user bids at the high endof the market. It remains questionablewhether either approach will emerge asdominant within the next two years, but rightnow the overall value proposition offered byIT/IP and security keeps competitive price,margin and shakeout pressures at bay.

One of ioimage’s distributors likens thecurrent security environment to the voicebusiness’s early digital technology migra-tion, culminating with the voice over IP(VoIP) invasion.

“The data VARs got it but for many ofthe voice VARs, it was ‘never the twainshall meet,’ right?” remarks Joseph M.Heinzen, president of e-Convergence.“Now much has changed in the market dueto that conversion mix and migration. Thetransition is similar with adding physical se-curity and video to IT and IP.”

“There could be a shakeout of distribu-tors and resellers relative to sales strategies

and IT knowledge, and this could impactmanufacturers also,” Heinzen continues.“What ends up winning is the best channelprogram regardless of technology. I thinkit’s going to happen quick, with video nowfollowing the pattern of VoIP [Voice overInternet Protocol].”

‘LINES IN THE SAND’Channel executives, however, don’t fore-see formal joint ventures and M&A ma-neuvers among their peers—IT distribu-tors, integrators and resellers.

“The lines in the sand are still clear enoughfor most of our businesses that we don’t haveto share investments and revenues in a trueJV,” Adesta’s Hile remarks. “The models arestill very different. And I think the manufac-turers will stay away from integrators toavoid end user bidding conflicts.”

Gaillard also warns of end-user biddingconflicts if competitors blur the distinctionsbetween distributor, installer and integra-tor. “These can be disruptive strategieswithin the channel,” he says. “The classicsupply chain views each party as having arole to play. If everyone does their work,the supply chain works.”

Heinzen of e-Convergence said past in-stances of security distributors sellingagainst their VARs were “horrible” devel-opments, but he foresaw future correctionsof such practices. “There’s a conflict if dis-tributors sell direct to end users, and suchcompanies eventually can be out of busi-ness,” he adds.

FFrraannkk BBaarrbbeettttaa is a free-lance journalistbased in Little Falls, N.J. He can be reachedat frank_barbetta@yahoo.com.

FEBRUARY 2008 | SECURITY PRODUCTSS28

Do IT companies stand to be friend or foe? Either way, they will change theway security integrators do business. Skeptical segments of the resale chan-nel tend to see the likes of Cisco, EDS, HP and IBM as 900-lb. gorillas that cancause havoc even when it’s not intended.

However, optimists believe these beasts can be tamed. Several channel players pointed out that Cisco Systems’ approach is to

understand the security business and position distributors to help resellersincrease margins. Cisco, which has made several investments and acquisi-tions in recent times to enhance its system resource and network security of-ferings, is well known for elaborate third party certification and partnershipprograms in multiple industry segments.

Robert Hile, vice president of business development at Adesta, maintainsmany vendors of IP-oriented surveillance systems, service platforms andsoftware will continue to look to the traditional security channel for resellerpartners. Nonetheless, he also believes security resellers who seek thesepartnerships must be prepared to adjust to the more structured channel pro-grams typical in the IT supply chain. This usually involves a willingness tocommit management and employees to ongoing training, qualification andcertification. The result, however, can be the rewards of new, more in-depthbusiness. Cisco’s channel program is typical of this approach, and the com-pany has expressed interest in the traditional security channel in numerousforums. HP, IBM and Seagate are likely to follow Cisco’s path, Hile says.

Joseph M. Heinzen, president of e-Convergence, agrees. Major systemsintegrators interested in physical security are looking at third parties to han-dle contracts, and such vendor companies as IBM and HP are developingchannel plans comparable to Cisco’s.

Channel executives for the most part foresee large national companiesbidding mainly on the largest of commercial, corporate and governmentcontracts, with security a part of the larger action. “The large integrators willalways be there,” said Art Morrison, operations manager at ProTech. “Letthem play in their own markets. They really don’t pose a threat to me andmany others.”

The 900-lb. IT Gorillas

Dvir Doron

AirVisual Inc., a solution provider for the enterprise security and public-safetymarket, has deployed its IntelliViewer 2.0 software for use by the Chicago Police Department. The system, purchased and integrated by RMS Technolo-gy Solutions, has been added to the existing camera network to give the CPDthe ability to deliver pre-recorded and live video and other critical informationto computer terminals and mobile devices. The system also gives the CPD theability to integrate disparate security surveillance systems onto a single emergency response platform, while delivering theinformation wirelessly to responders over any network and to virtually any mobile device.

The open-architecture, IP-based platform connects to video sources, access control, RFID, sensor networks, and performs adaptive routing, optimization, distribution and delivery of content based on a rules-based system.www.airvisual.com

FEBRUARY 2008 | SECURITY PRODUCTSS30

STOPware Inc. has released a new version of its visitor management software(VMS) system that can control global facilities access and management from a centralized location. PassagePoint Global v10 offers integration with IT infrastructure to link to any ODBC or LDAP directory systems, as well as the capability to create a directory of hosts, and link to Active Directory toleverage single sign-on capabilities.

The software is compatible with most major access control manufacturersand can accommodate biometric scanners to allow repeat visitors to sign in byscanning their thumbprint. The upgraded version also supports PassagePointMobile, software that allows security personnel to process visitors at any location with a wireless handheld device.www.stopware.com

2 STOPware Visitor Management System

1 Chicago PD Opts for AirVisual

WWW.SECPRODONLINE.COM S31

4 Bosch Security Software

Bosch Security Systems has introduced a modular software program for small to medium businesses that require a high level of security but do not currently need alarge-scale system.

Bosch’s Access Personal Edition is designed for retail stores, office buildings andmanufacturing facilities. The software supports up to 2,000 users, 64 readers and 16workstations. It communicates with Bosch’s Access Modular Controller hardwareplatform via TCP/IP and RS-485 connections.

The Access Personal Edition solution includes a data management system for personnel information, access profiles scheduling and visitor management.Anti-passback capabilities and automatic card cancellation after expiration give administrators the ability to protect against unauthorized use of access cards. Thesoftware uses a Windows-based interface. Users can define access privileges, timeschedules and door parameters to meet their specific needs.www.bosch.com

5 Imprivata Access and Authentication Software

Imprivata Inc. has released a new version of its OneSign platform, extending OneSign’sidentity-centric access and authentication services across system and geographicboundaries with complete distributed management, delegated administra-tion and business continuity capabilities. With OneSign Version 4.0,security professionals can implement integrated authentication management, single sign-on and physical/logical convergence functionalities in a fully distributed enterprise environment.

The software allows a single centralized employee IT access policy to determine every aspect of access acrossall users, all rights, all locations and all conditions. OneSign delivers these capabilities without requiring changes toexisting IT and physical access infrastructures.www.imprivata.com

3 DVTel SOC Software

DVTel’s latest release of Latitude NVMS V5, a component of its unified intelligent Security Operations Center (iSOC), is a fully scalable,standards-based, enterprise-level multimedia management system. This advanced network-based system’s architecture permits simultaneous monitoring of video and audio, live and recorded, from multiple stations.The software can be configured to store and view from one to thousandsof cameras and monitor connections across an unlimited number ofservers. All the necessary networking, computer workstations, servers andstorage hardware are available off the shelf. Latitude V5 integrates fullywith existing legacy CCTV equipment and all third party hardware andsoftware solutions.www.dvtel.com

Information in this section has been supplied by the respective vendors. Network-Centric Security magazine does notaccept responsibility for the timing, content or accuracy of the product data or for the quality or accuracy of the photos.

FEBRUARY 2008 | SECURITY PRODUCTSS32

Report Provides Foundation For Effective Action

Historically, corporations have struggled to accurately assess hotline performance becausethey had nothing to compare it to.They could collect data on their own hotlines to see howmany reports had been received and what action had been taken based on those reports.But with no way of knowing how those numbers stacked up against those of comparableorganizations, they couldn’t draw any reliable conclusions about the quality of their hot-lines and reporting programs.

For the second year in a row, the Security Executive Council has joined forces with TheNetwork Inc., the leading provider of ethics and compliance hotline programs in the U.S.,to create the 2007 Corporate Governance and Compliance Hotline Benchmarking Report,which provides more extensive hotline benchmarking data. The 2007 report breaks out the

data by industry and by year, and itpresents several data points in theform of rates instead of percent-ages, which controls for data varia-tions between industries and busi-ness sizes.

The report is based on an analy-sis of more than 277,000 hotline

incident reports from more than 650 organizations across all major industries over a five-year period. Participants—or those who made reports—may be employees, former em-ployees, vendors and the public. The data was masked to protect confidentiality.

Findings that accounted for aggregated frequencies across five years included:4For those reports where case outcome was provided, most reports (65 percent) were se-

rious enough to warrant an investigation and 45 percent resulted in corrective action taken.4The research showed that half of the reports received concerned personnel manage-

ment incidents. Beyond the personnel management category, company/professional codeviolations (16 percent), employment law violations (11 percent) and corruption and fraud(10 percent) were the most commonly reported incidents regardless of industry.

Aggregated rate data for 2006 only included:4A rate of 8.3 incidents was reported per 1,000 employees overall (regardless of

incident type).4Smaller organizations showed a general decrease of incidents reported over

time. Mid-sized and larger companies showed a general increase of reported incidentsover time.

On the HotlineBy Kathleen Kotwica

continued on page 34

The report is based on an analysis of

more than 277,000 hotline incident

reports from more than 650 organizations.

FEBRUARY 2008 | SECURITY PRODUCTSS34

DEVELOP A PLANBut even with all these improvements, likeany other report, the value of this study liesnot just in the data, but in what can be donewith that data.

First, comparing the numbers alone won’tprovide you with a complete picture of yourhotline’s performance. Unless you look be-yond the numbers to consider all the poten-tial explanations of why your program variesfrom the average, you’ll still be missing criti-cal insights that could change the whole di-rection of your program assessment.

For example, after reading the report’s as-sessment of reporting rates, you determinethat your organization, given its size, shouldbe receiving eight to nine calls per 1,000 em-ployees. You are only receiving three perevery 1,000. This result may be an indicationthat your organization has far fewer compli-ance issues than its peers and competitors.While that may be so, it is not the only possi-

ble explanation. You’d likely receive fewercalls than average if company employeeswere being intimidated by their managersinto keeping mum about misconduct con-cerns. Or, perhaps your awareness programisn’t what it should be.

Once you have studied the benchmarkdata presented here and considered whyyour numbers are higher or lower in variouscategories, share what you have found withyour partners in other business units. Inter-nal Audit is no longer the only player in com-pliance and misconduct. Many of the issuesexamined in this study will impact HumanResources, Legal, IT, and Corporate Securityand Safety, among other departments.

Organize a team with representativesfrom every affected business unit to pinpointthe problems or accomplishments behindthe numbers and determine how to correctany shortfalls.

After you’ve determined what actions

should be taken, present your findings tomanagement and explain how you intendto use the report to help better calibrateyour hotline program. Show managementthat you’ve organized a collaborative ef-fort to improve performance and tell themwhat you are doing with the informationyou have acquired.

Protecting brand image, people, organi-zational growth and stakeholder confi-dence are at the roots of what should bedriving how you measure the success ofyour program.

KKaatthhlleeeenn KKoottwwiiccaa is vice president-research

and product development for the Security

Executive Council. This article is excerpted

with permission from the SEC’s 2007 Cor-porate Governance and Compliance Hot-line Benchmarking Report. Download the

entire report from https://www.securityexec-

utivecouncil.com/public/surveys/index.html.

Network-CentricSecurity e-newsNow available in your in-boxtwice a month

Join over 30,000* integrators, end users,installers, contractors and IT professionals

who get the most up-to-date network-centric security news delivered to

their desktops twice a month.

Sign up now at www.secprodonline.com/mcv/newsletters/

*Publisher’s Own Data

Project5 1/10/08 11:20 AM Page 1