PHYSICAL SECURITY and the Internet of Things are converging in promising ways for integrators. Earlier door locks with keypads or card readers required a server and management software on-site, making the first lock costly. New cloud-based IoT lock controls avoid that expense and allow one console to manage multiple locations.
Yet those new opportunities are accompanied by new worries. With all the headlines about IoT devices being hacked, is it smart to trust your customer’s office door to one?
Bernhard Mehl says yes. “IoT’s bad security reputation comes from cheap and home IoT products,” insists Mehl, who is CEO of Kisi (pronounced kee-zee), a developer of a cloud-based keyless access control system with offices in Brooklyn, N.Y., and Stockholm. “We haven’t seen customers worried about IoT security in the last two years.” Besides, he adds, legacy access control systems aren’t exactly fool-proof either.
“Maybe 95 percent of card security systems are still vulnerable,” Mehl says. “If you buy a solution out of a box, you get problems.”
Still, the vulnerabilities with IoT physical security solutions are more dangerous, acknowledges Melissa Stenger, vice president of product management and marketing for ISONAS, an IP access control vendor located in Boulder, Colo. “In an IoT device, this point of vulnerability is on the network,” she says.
According to Mehl, many physical security companies remain unaware of best practices in electronic security.Stenger has seen “smart” physical security vendors educate themselves though, often adding network or IoT experts to their teams. “They became network companies as well as physical security companies, ensuring they follow best practices for securing devices and protecting their customers from potential threats,” she says.
Savvy vendors, adds Mehl, also address another common concern about IoT physical security devices—what happens if connectivity is lost. “Our card readers have a way to store a decentralized database of credentials approved for each access point,” he says.
Getting Started with Physical Security
Mehl doesn’t play up the IoT angle when describing his products to integrators. “We describe them as a modern, internet-connected device, not IoT,” he says. “The advantages of starting with one door lock with a process that’s scalable, modular, and well managed is important to the IT folks we talk to.”
He also emphasizes IoT physical security’s low barrier to entry. “IT integrators may not be familiar with low-voltage locks,” says Mehl, “but they understand software and can work with subcontractors or a physical security integrator if necessary. Or even a locksmith.” When a client already has an older electronic system, integrators can reuse those locks and existing cabling to add a new, modern IoT-based card reader.
They can also wow customers with the advantages of internet-connected physical security solutions, such as the flexible automated response options many provide. Customers today often want an alarm system to issue a real-time alert, rather than call the police, Mehl notes. “They want to know when an anomaly happens and review the video streams. Police get there too late, so they’re focused on damage prevention rather than just trying to document for an insurance claim. They want to be in control.”
Customers who simply can’t be persuaded to buy an IoT access control system still have physical security needs, notes Stegner, who urges integrators to propose an access control monitor for existing locks or add a simple old-school video surveillance system for such clients.
Don’t let the existence of naysaying end users keep you out of the IoT physical security market altogether though, she adds. “[It] opens up a tremendous opportunity to expand business capabilities and expertise into the physical security space and offer customers additional solutions.”
Opening photo courtesy Kisi