Security Trends: The Path of Most Resistance
By Brian Kraemer
Published in the August 2005 issue of Today’s Facility Manager
Afacility manager doesn’t have to look far these days to find potentialsecurity threats. Just recently, the terrorist attacks in Londonreminded the world that complacency cannot be tolerated, and adequatesecurity measures need to be taken to ensure safety. A large corporatebuilding that houses hundreds of people on a regular basis makes anattractive venue for an attack. Of course, a terrorist threat is notthe only concern for the facility manager who needs to protect not onlythe people in the building, but also the valuable information that isstored within.
Determining the threat may bethe most important aspect of creating an effective security system inany facility. By identifying a possible risk ahead of time, thefacility management team should be able to customize a system that notonly fits the needs of the building, but also provides a consistentlygood barrier against possible harm.
Amulti-level security system could be the best option for manybuildings. By identifying separate layers or zones of access to abuilding and then taking advantage of the best technology available, afacility manager will accomplish two things. First, by demarcating thebuilding and its surrounding grounds into distinct zones, the teamconstructing the system will be forced to consider what kinds ofattacks could occur at each level. For example, the security used togain access to the server room will be different from the security usedto enter the parking lot. That may seem like an obvious fact, but itbegins to get a design team thinking about the differences in the kindsof threats each layer faces. This, in turn, forces the facility staffto consider each threat as it is dictated by the building.
Oncethe identity of the threat is determined on a zone by zone basis, thesecond objective of a well designed security system can beaccomplished: to put in place preventive measures and technology thatneed to be implemented. On one hand, a biometric system may be neededto keep an intruder from gaining access to critical information. On theother, trying to implement the same system in a lobby will slow downhow quickly occupants get into the building. One size doesn’t fit all.
Atotal redesign of a security system is an enormous task that shouldgarner interest from everyone who resides in the building. From highlevel management to the entry level employee, feeling secure in theworkplace is a critical factor not only in terms of productivity, butalso in hiring and retaining workers. Simply said, safety will leaveeveryone in the building with a feeling of comfort.
However, being handed the task of refortifying the security of anentire building can leave a facility manager reaching for the antacids.Especially if the job is conceived of, and composed without, thefacility manager being present.
Becausethe facility manager is responsible for running and maintaining everyaspect of the building, to exclude him or her from discussions from theoutset would be an act of irresponsibility. Bob Weinstein, director ofoperations control for Amityville, NY-based Continental Instruments,says “Given the level of involvement that a facility manager has in abuilding, he or she needs to be part of the decision making processfrom the outset.”
“The early stages of a new security system installation may be too soon for a facility manager to dedicate his or her full attention to the project,” says Dan Kropp, CCP, president of D.H. Kropp & Associates based in Collegeville, PA. “But it is likely that the architects or security engineers are focused on their own tasks, which may be driven by aesthetics or security function and not daily facilities operations.”
Afacility manager, as opposed to an architect, knows the actual day today workings of the building as well or better than anyone else on thepremises. Chances are also good that a security engineer won’t knowthat part of the HVAC unit is exposed and would make an easy target.
Bybeing aware of, or involved in, the design talks from the verybeginning, the facility management department will be able to providethe necessary insight to ensure the right measures are taken for thedifferent layers of security that should eventually be installed.
Beforeany sort of security breach can occur, a potential threat has to reachthe building by arriving in a vehicle, on foot, or by some other lesscommon method. The perimeter constitutes the first layer of securityvulnerable to attack. But by considering how an intruder is going toget on to the premises, facility managers can plan contingencies tokeep the threat away.
Scott Perry, vertical market program manager for Carmel, IN-based IRSecurity & Safety, notes, “research shows that people who pose asecurity threat typically follow the path of least resistance andchoose the easiest targets.”
Afacility without a fence, exterior lighting, or any other type ofexternal security would most certainly qualify as an easy target. Bytaking some relatively easy, low tech precautions, a facility becomesmore difficult to access. It becomes something other than a target thatoffers little or no resistance and starts to become more formidable.
“Implementingvisually appealing natural or architectural barricades can prevent carsfrom getting close to the walls of the facility and prevent a vehiclebased attack,” says Ofer Azoulay, CEO and founder of SFW based in LosAngeles, CA.
But, Azoulay continues, goodperimeter security doesn’t have to rely on new technology. “Sometimesthe use of an old fashioned solution can be just as effective astechnology, and at times, more effective than security systems. Using aheavy planter can block potential cars from storming into the facility.”
Withan old fashioned solution to car problems as a workable solution, itmay be beneficial to a building to investigate some more tried and truemeasures. People on foot also need to be considered and can be deterredif a facility manager has correctly identified possible threats.
“Thereal strength of the facility manager stems from preventive measuressuch as adding a fence and a gate, adding cameras, and obstructing theview of the facility from the street,” Azoulay continues. “Covering afence, extending the wall or fence height around the building, andinstalling good lighting may be enough to make someone think twiceabout trying to get into a building.”
As thefirst layer of security that is encountered, the perimeter may not bethe most sophisticated, but it is important to screen out potentialthreats. If it does its job, the next security layer will have aneasier time doing what it must in order to prevent a higher levelsecurity breach.
Getting Into The Building
Ifa threat is not deterred by the exterior security measures and doesmake it to the entrance of the building, the options that a facilitymanager has to detect a problem are numerous. Combinations oftechnologies can help to implement a strategy that will easily allowthe building staff to identify and remove unauthorized visitors.
Preventing access to the employee section of the building—the section behind the locked door in the lobby—is the second layer of the security system. The first obstacle that a building will place in front of an intruder is the barrier, or door itself.
Perrysays, “The most basic and yet the most important place to start is withthe opening itself. Is the door frame sufficiently strong for theapplication? What type of hardware is required?”
Byhaving identified what a potential threat might be and thinkingcritically about how unauthorized access could take place, a facilitymanager can make overtures to a more solid security system. This shouldbe a priority, because once an intruder makes it past this level ofsecurity, he or she will be in the building, thus creating a real riskto employees.
One place for a facilitymanager to begin is with the lock on the employee access door. Anormal, basic lock will be less secure than a mortise lock, which canbetter withstand break in attempts because of its additional hardwareand security features.
Once a lock hasbeen selected, the consideration of how that lock is going to bemanipulated becomes important as well. Will it be keyed into orconnected to a pad where every person entering the building has a code?Or will a proximity reader be the more popular choice? Facilitymanagers have more than a few options but need to consider the demandsof the people working in the building everyday.
Employeesstill have to get into the building in the morning and after lunch, soputting a system in place that will cause bottlenecks—even though itmay be the most effective access control system—isn’t going to work.People will get aggravated and begin to lose the feeling that they cancome and go freely.
A proximity card readeris one attractive option. The card can be waved by a detector to openthe access door, and the employee can access his or her portion of thebuilding easily. However, cards can be misplaced or stolen and createthe possibility of someone slipping into the building undetected.
“Accesscontrol is based on a couple of different things,” says Kropp. “Asystem that has a physical basis depends on something a person has. Asystem built around a keypad is based on something you know, and abiometric system is based on who you are.”
Usinga combination of security technologies for access control, just like onthe perimeter of the building, is the best option. Perry says ofcombined systems, “Installing an access control system that can preventand deter security breaches up front will reduce the need for securitypersonnel in the building to respond to breaches.”
Weinsteinagrees, saying that a good access control system will help reduce thenumber of intrusions. “Usually, employing a combination of a reliablecard reader and CCTV system is a good place to start,” he says.
Thetechnology that comprises the access control system, however, is notthe entire story. The CCTV needs to be able to communicate withsecurity personnel, and the card reader has to interact with the systemthat unlocks the door.
Meanwhile, the impactof interoperability on facilities will be amazing. Card readers will beable to speak to computer programs which will talk to the CCTV system,which will alert security guards to an unauthorized access.
“Interoperabilitynot only saves lives and money,” says Scott Howell, manager ofworldwide marketing for Hirsch Electronics based in Santa Ana, CA, “Itautomates routines and solves problems. A non-security system canlisten to all the security system events, identify a key event, andthen do hundreds of things with that information.”
Butsometimes a human is the best access control system, says Azoulay. “Theuse of a proximity card under the control of a security officer isextremely reliable. The officer can assure that the person scanning thecard is really the same person on the picture.”
Sensitive Areas And Biometrics
The final layer of security in a facility concerns the high riskelements of the building. These could be areas that contain financials,server rooms, sensitive information, or animals in a research facility.
These areas need to be protected by the most sophisticated and reliablesecurity measures available. This is the area of the building wherebiometrics will be the most useful.
“Incorporating biometric devices into the system is the only certainway of ensuring that the person being allowed entry is actually theauthorized person. Nothing else ties a person specifically to acredential,” says Perry.
“Biometrics getinstalled in these situations,” says Kropp, “because a person wouldhave to go to a lot of trouble to trick the system.”
Usingone of the available technologies—hand geometry, retinal scan, orfingerprint scan—a facility manager effectively seals an area off toanyone who is not authorized to get there.
“What the biometric system does is confirm or reject the identity of a person trying to get through a door,” says Kropp.
Whena person places his or her hand or finger on a reader, the biometricdevice takes a scan and compares it to the one that is stored in thedatabase. The scan either matches or doesn’t, which will determinewhether or not to allow that person entry.
Obviously,if a machine is doing a scan of a retina, it is going to be verydifficult for an intruder to replicate someone else’s eyeball. Andwhile the scan may be quick, it will still take time to beperformed—which is why these devices don’t mix well with high trafficareas of a building. But in order to protect a server room or testingarea inside the facility, biometrics fulfill that function perfectly.
Even the best security systems can be circumnavigated by a verydetermined perpetrator. When designing and installing a system for thebuilding, the thought process of a facility manager shouldn’t concernhow to lock the facility down and keep everyone but the employees out.Instead, he or she should focus on creating a system that deterscriminals at every step. A thief may be able to beat two layers ofsecurity, but a third, higher level may prove to be too strong adeterrent which will keep the intruder from trying at all.