By Zach Winn · January 26, 2017
Campus Safety recently attended an access control luncheon hosted by CGL Electronic Security in Westwood, Massachusetts.
Presenting at the event was S2 Security CEO and President John Moss.
Moss has been in the security industry for over 30 years, first entering the business when he created Software House (now owned by Tyco International) and later founding S2 Security in 2002.
In that time, Moss has been a strong innovative force in security systems technology, creating several major commercial products in the access control industry and beyond.
CS Senior Editor Zach Winn got a chance to sit down with Moss after his presentation, and below is a transcript of that talk that has been lightly edited for brevity and clarity.
Zach Winn: How are access control solutions different for K-12, college and hospital settings?
John Moss: In every institutional setting, your primary concern is basic access control and lockdown, and then active shooter is something all institutions train for. The challenge in hospitals in particular is that it’s a 24/7, continuous operation and it’s mission critical the whole time, so you can’t afford any downtime.
In the K-12 environment, the only people that are carrying the credentials are the staff members typically, but when you get to the university level, everyone’s carrying credentials because students need cards too. So there’s an administrative load that comes with that, because maintaining the population of credentials becomes a big administrative job. You’ll see a migration of ID credentials to mobile devices over a period of time, but that technology is not quite ready to be deployed yet. It’s just a little bit early, but we’re certainly experimenting with that.
ZW: What are your thoughts on the evolution of biometrics in access control?
JM: Any place that you need to be able to access quickly and move quickly, biometrics is going to be a problem. Where biometrics makes sense is a second factor in a multi-factor authentication situation, in settings where there isn’t a lot of traffic and personnel.
ZW: How do visitor management and remote lockdown capabilities in access control change things?
JM: There’s a little bit more training necessary. For instance, there’s a process we call threat leveling when you start by having a policy about how you’ll deal with various threats, then you have to design that policy into your systems and drill on it. You can’t just say, ‘There might be an active shooter one day, but people will do the right thing,’ because they won’t. So you need to have periodic drills on that stuff, which security didn’t always have to do. S2 has standard software that’s designed to have school or hospital emergency response policies put in it.
ZW: Do you have any advice for officials shopping for access control solutions?
JM: It depends on your size, but basically what we sell on an access control system is 10 or 15 percent of the overall cost. A lot of the cost is the installation.
The biggest mistake I see institutions make is specifying everything themselves. If you’re designing a building, you don’t sketch it yourself and tell the plumbers where to put the pipes. You need experts to be specifying stuff like that who are scientific about it. So when you’re considering a hundred-thousand dollar project, get an experienced system designer to design everything first and then implement. Get your requirements done professionally.
ZW: What are some wider trends in access control you’re expecting to see over the next five years?
JM: I think the big trend will be moving your servers into the cloud, although your panels will still be installed where they are today. Another trend is the integration with video to provide a more unified experience.
Then there will be a fair amount of attention paid to the cybersecurity aspect, because every one of these appliances that you install on a network is a potential risk factor. Not long ago we saw cameras that would come in from the Far East with exploits already on them, and then you’re installing them behind your firewall and it becomes the attack vector. I think that’s a part of networking that you sometimes don’t realize until it’s too late.
ZW: How does moving to the cloud change cybersecurity practices?
JM: You think it would change a lot but it really doesn’t. It actually may make things easier. Just because your server isn’t where you can see it doesn’t mean you can’t secure it, and if I can secure it in the cloud then it secures it from a lot of people all at once, which actually makes it more secure. It’s like e-commerce, where people don’t really worry about putting their credit card information into a website, even though that’s on the cloud, because it’s secure and there are standards to adhere to with all that.