Training and Security System Integration Companies
Tom Carnevale
I mean, that’s nothing but a good thing. I’m glad you brought that up. I think that there is inherently a lack of education and training on this issue. And I also think that manufacturers in some cases need to do a better job of training. What are you seeing in regards to training for the security installers of the world for access control with this value proposition of OSDP?
Michael Glasser
That’s a great question. And there’s a couple of different approaches that the industry is taking. The security industry association has, I believe, run their second OSDP boot camp, targeting integrators to teach them about OSDP, which I think is a terrific thing. For the most part, I have not seen manufacturers pushing it with the exception of manufacturers that are financially incentivized to, for example, Cyprus, who makes OSDP devices, they have been speaking at trade shows, and similar about the benefits OSDP. Most of the major manufacturers of access control systems, I have not seen really pushing it. Now I’m sure that as soon as I say that every manufacturer will point to a link on their website, or a blog post or a post on LinkedIn. But when I walk around the trade show, I don’t hear people barking OSDP at me, except a very limited set of directions, like Cyprus and some of the specialist groups.
With that said, in the 1950s, my grandfather drove a Cadillac. And in that Cadillac, there were no seatbelts. And he bought used seatbelts from an airplane and installed them in the backseat of his Cadillac so that his children would have seatbelts. He took the initiative to do what he thought was right, even though the industry in the manufacturers didn’t provide it. Parallel that today’s market and there are companies out there, like Spiders Security Products, that are building these bridge devices, they have a device they call the Spider Blocker, which is effectively a relay disconnect module that if someone were to pull a reader off the wall, like a Weigand reader, though it technically would work with OSDP as well. It physically cuts the wires to the reader until reset from the system to help alleviate some of the risks with Weigand and with physically attacking protocols communication buses. So these Band-Aid type devices exist, while the industry is training up on OSDP and more secure protocols. And I don’t think anyone will really push it unless there’s a financial incentive to and that financial incentive is only going to be driven by the integration, the end-users, manufacturers will sell what sells, certainly they will innovate and come out with a new product.
But from my experience, that new product has to give them a competitive advantage and allow them to make money. Plenty of people come out with products that don’t make money. But no one wants to come out with a product that doesn’t make money unless it’s going to somehow really bring that business in that visibility. So considering that most of the major manufacturers now do have OSDP compliant hardware. Most of the major card reader manufacturers do have OSDP compatible card readers and combined card readers. At this point now it’s just up to the industry to accept this as the new norm. We no longer have to have converter modules at every door, we no longer have to have converter modules and every panel, no longer have to pull our hair out wondering, will this take off and will manufacturers accept that? It’s here, it’s now, it’s the right thing to do for the customer. Let me go back to the seatbelt example. Now I’m too young to remember some of the things that my grandfather told me about. But I questioned in advertising for manufacturers ever advertised seat belts, if they ever advertised airbags probably can search the internet and find that they did a bit. But until there were regulation and real push from industry, I questioned how strong of an issue that was. For my grandfather, those seat belts were important. Probably partly why I’m here. If those seat belts weren’t there I don’t know if my parents would have survived. For the industry, I’m hoping that now that the majority of manufacturers have OSDP support, and the education is available out there, that the integrators and end-users simply say yes, of course, I’m going to wear my seatbelt, of course, we’re going to use OSDP, why wouldn’t we?
Security System Consultants and Specifiers
Tom Carnevale
Well, yeah, I mean, it’s like anything else, that’s a great example of your grandfather, knowing the risks and taking the initiative to put security first for his family. And that’s what I think the security managers of the world, IT directors, security consulting and specifiers need to really do. The reality still is the majority of security system integrators go with what they know. I mean, you said it before. And this is a problem in any space and any transition in any technology. Oh, well, it worked yesterday, why change it? And like you said, the learning curve is not day and night, it takes a little bit of preparation but ultimately can deliver a more cost-effective, more secure solution.
You know, in my career I started introducing a new technology where it wasn’t supported by any software platform or any existing system, and built a grassroots campaign door by door manufacturer VMS by VMS, and had to get it integrated one by one and you have to start with the end-user demand and pull it through to the training and education of the system integrators and to ultimately benefit the technology ecosystem. So I think there’s a lot of opportunity with this. And I’m glad I learned more about it from you just sitting right here. I think maybe we could probably have a whole podcast on OSDP. But I want to also bring up the benefits of video surveillance, integration with access control systems and what your experience is with that, and maybe some examples of how you’ve seen it done really wrong, and in how it should be configured and optimized for an end-user.
Michael Glasser
Tom, I’d love to answer that question. But I feel I’d be negligent if I didn’t just cover one more thing on door security as a whole. A lot of focus is given to the card reader technology right now, because there’s a lot of YouTube videos and over the years, from when Zac Franken put out the gecko in 2008, to do man in the middle attacks on Weigand to more recently BLE keys and USB keys and all those things. A lot of people are forgetting about the rest of the door. It’s something that you really need to be aware of, that technology isn’t the only thing. If I can bypass the door with a coat hanger without setting off alarms, there’s not much concern about me attacking the reader. It really is the weakest link. So I’ll close out the OSDP conversation by saying that I’m glad we’re fixing one portion of the industry. But until we understand the entirety of what we’re securing, and all the different attack methods, including things as simple as tailgating and social engineering, all of it, we need to look at the opening on what is our goal? What are we trying to offer to the industry? What are we trying to offer to our customers? And really plan it accordingly. There’s nothing that makes a customer more frustrated than spending all this money to put an encrypted smart card with OSDP. And all these other wonderful things and somebody can walk up with a coat hanger and an inside lever. And it’s the racks on the left, the men without setting off a single alarm.
On that note, I’m happy to move to your video question. If you use that same example, and someone comes up with a coat hanger and hits that inside lever, the video surveillance will not have an alarm, it will not have an event triggered. So we have to look at the entirety of it. Integrating access and video has been done for many years, well over a decade, probably over two decades. When I was first starting in it, it was done through relay logic. And some people were able to do on the really advanced systems and RS 232 connection or a serial connection. And some of the old Pelco Matrix sees the big boxes in the rack, you’d hook them up via serial, and it would automatically pop up your video on alarms, which is really cool. Fast forward today and access and video are integrated on most decent systems so that you can quickly have an alarm pop up, or you can look an alarm event in the audit trail and have the associated video. The same is true now with burglar alarms, and even people’s houses. A lot of the burglar alarms and cameras on people’s houses and now have it integrated. And just the default it’s a must-have the ability to quickly verify a live video of what’s going on is just an absolute must anyone not doing it, I feel is really remiss. And I’m happy to provide more insight into it for you if you have any targeted questions.