Big Interview: Interoperability and identity management Leave a comment


David Bunzel, Executive Director, PSIA, talks exclusively to Security News Desk about the critical nature of interoperability, identity management and standardisation

The Physical Security Interoperability Alliance is a global consortium of over 65 physical security manufacturers and systems integrators focused on promoting interoperability of IP-enabled security devices across all segments of the security industry. The company’s currently five active working groups: IP video, video analytics, recording and content management, area control and systems.

Security Buyer catches up with David Bunzel, Executive Director, The Physical Security Interoperability Alliance (PSIA) to discuss the world of interoperability, standards and trends.

How is identity management a critical security vulnerability?

Identity management has always been an important consideration in a robust security ecosystem, but it has taken on an even great importance with issues such as ransomware, workplace violence, and remote working challenging enterprise customers.

Companies now recognise that identity management, both physical and virtual, is an area where vulnerabilities exist and companies need to invest money and resources.  

The PSIA has two initiatives to support identity management: the Physical Logical Access Interoperability (PLAI) spec and the Security Credential Interoperability (SCI) Initiative.  PLAI has been around for more than five years and we are seeing commercial implementations at fairly large enterprise customers.  PLAI addresses a critical issue, which is providing a bridge between disparate PACS systems so they can share identity information.  With many enterprises acquiring other companies at one time or another, they often inherit different PACS systems.  While “rip-and-replace” may allow standardisation to one system, it also is expensive and disruptive.  PLAI provides a bridge which can be temporary or permanent to support the need for a single trusted source. 

The SCI initiative was introduced in the last year and provides a simple, yet effective approach to mobile credentials.  It was developed by a number of PACS vendors and access control device vendors, so it has an excellent foundation.  

The PSIA recently introduced the Secure Credential Interoperability Initiative; could you tell us a bit more about it?

The SCI Initiative leverages off established specifications, including the public key infrastructure (PKI) specification and PLAI.  It relies on a combination of a private key being generated by a smart device and a public key being shared with panels, smart locks, biometric readers, BLE readers and various other access devices.  It is simple, yet a great solution to address emerging needs for a secure mobile credential.  It is compatible with both iOS and Android devices, offering a huge installed base to support it.

How do you think the Coronavirus pandemic has impacted the industry, and how have you been guiding your members? 

There were some early initiatives which supported controlled access to buildings based on temperature scanning to identify people at risk for COVID-19.  It is not clear how widely deployed these were because temperature was not as effective as testing, which became easier and faster.  Some vertical markets, such as higher education, were trying to implement these systems.

Most of our members have maintained their businesses during COVID 19.  Some projects have been stretched out a little longer, delaying some revenue, but fortunately we have not seen any of them significantly downgrade their businesses.

With COVID-19, have you been able to deliver training and learning virtually? 

We have participated in some virtual public events. For example, I recently spoke at PSA Tec on the subject of identity management, one of the primary domains of the PSIA.  

How important is interoperability to achieve a smart city?

At the PSIA we feel interoperability is a critical component to access control and identity management. Having at least a nominal level of interoperability enables a significant amount of services in a manner which is safe and secure. Ultimately this is an important component of a smart city.

What is one of the biggest trends you see today?

Open standards.  Companies find that there are reasons to collaborate on standards which exceed the value of maintaining proprietary solutions.  PLAI is a prime example of this, where companies which normally compete, may be involved in a project where they have to work together to solve a customer problem.  Industry standards facilitate this and offer the potential to save money and time when implemented.

What do you think is the biggest challenge facing the security industry?

Cybersecurity.  Colonial Pipelines was a visible example of a cybersecurity breach, but large and small companies will face this issue if they are not vigilant.  The industry needs to be much more proactive in educating companies in proper methods to protect their organisations.  Hackers are discovering that the means to attack a company are not difficult and the financial returns on ransomware are lucrative enough to make this an emerging business model.  

How and why do companies standardise their products with PSIA?

We provide the specifications in an open manner for companies to implement.  The specifications have the “recipes” and resources needed to implement and we also provide the test tools to assure interoperability.  Companies standardise products with PSIA specifications because of the business opportunities they provide and the ability to solve customer problems.  

Anything else to note?

One of the interesting aspects of an open standards organisation is the ability of large and small companies to influence the direction of specifications.  We have a wide range of organisations participating, from start-ups to established companies.  

 

To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio

Tel: +44 (0) 1622 823 922
Email: editor@securitynewsdesk.com





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *