This is the 37th article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
Anyone responsible for access control management or smart building experience must understand and apply presence control.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 LegacyHow you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2A look at the different H.264 video frame types and how they relate to intended uses of video.
More to come about every other week.
“Presence control” is one such term. It describes what is already being done in smart buildings and elsewhere but has been given ho-hum labels like “integration”, “trigger” and “activation”, which describe how it is accomplished but not what it actually is. It is the concept that is most important, because it opens the door to new thinking and, as is the case with this term, can inspire us to extend the capabilities of systems and devices we already have in place.
Presence Control has two definitions, and in them you may recognize some of the things you have already seen and maybe are already doing.
- Controlling or directing where individuals and groups should go or be at any given moment within a built environment.
- Using the presence of individuals or groups to control the elements or behavior of a built environment.
(Note that Presence Control is also the name of a control knob on some Fender guitar amplifiers. That’s of course a completely thing than what we’re talking about in this article.)
Monitoring and Controlling Presence
The term “presence control”, as it relates to built environments, was introduced by Ticto (pronounced “tic-too”), whose visual security wearables are used to monitor, control and provide visual status of who is authorized be present within a facility or managed open area. This contrasts with traditional access control, which only controls who can open a door or gate.
In most situations traditional access control technology requires that a second technology be applied to detect or prevent when an authorized user unlocks a door and an unauthorized individual enters with or without the authorized user’s permission. Presence control, as applied by Ticto, goes beyond that because its badge holders and lapel pins indicate by a continuously changing random sequence of colors who is authorized to be in a specific area (the colors match for all users authorized for the specific area), and who is not (the badge holder or lapel pin flashes red, or is unlit). See Figure 1 below.
Figure 1. Ticto badge holder
Challenge Process Vulnerability
Many organizations have a policy that requires or asks personnel to challenge individuals they see but don’t recognize in an area. Personnel can be uncomfortable with that, especially in cases where such a challenge goes against the culture of the local area, the individual or the business. This is the same cultural element that contributes to unchallenged piggybacking, a long-term access control system vulnerability. Presence control technology changes the challenge process to make it much simpler and easier. It provides a challenge that aligns with the “helpful” cultural element rather than one that goes against the “non-confrontational” and “trust” cultural elements. It also has a preventive effect, as personnel know that their badge will actively give them away if they try to enter an area they are not authorized for.
With Ticto’s visual wearables, personnel don’t have to challenge new faces whose badge holder’s color is in sync with everyone else’s badge. They’re obviously authorized and that can be seen from a distance, relieving potential concerns over unrecognized individuals. When an individual’s badge color is wrong (either flashing red or no color), making the challenge is as simple as pointing to the badge that not in sync color-wise and/or just saying, “Your badge is doesn’t’ work.” The badge becomes the deciding authority, not an individual employee. That’s much easier than confrontationally interrogating someone about who are or why they are in an area.
The Ticto system includes indoor locating functions whereby wearables enable presence control for a zone in an open area or for a room that doesn’t have an access-controlled door.
Flow Control vs. Access Control
Digicon is a manufacturer of the dFlow line of optical turnstiles (dFlow) that facilitate the rapid flow of people through their innovative pedestrian gate design, dViator, which, for example, routes authorized people straight ahead or to the left or right, while routing unauthorized people in a different direction to a receptionist, security desk or back out to the entrance side of the turnstile or gate area. The traffic flow is not stopped due to the presence of an unauthorized individual. People are simply sent in different directions based on their status.
Video 1. Demonstration of the dFlow pedestrian gate.
The dViator system can send messages to a display monitor (or other types of electronic displays) that provide specific instructions based on individual or group status such as being unauthorized, having an expired credential, being a contractor whose company’s insurance has expired, or other qualifications. For example, an unknown person might be displayed one set of instructions, while personnel with an expired credential may be told to obtain a visitor’s pass and given directions to the badging office. An contractor whose company’s insurance certificate has expired may be directed to a security office or other service desk so that appropriate arrangements can be made to regain access.
In most organizations, the majority if not all the access denied events are not attempts at criminal intrusion, but stem from a wide variety of other situations. From the security and facility management perspectives, a more nuanced management of directing people based on their situation fits the concept of employee and partner service, whereas simply denying access leaves them on their own having to determine what to do next.
In smart buildings, luminous carpets can display visitor-specific messages with arrows that point the way to go. If a restroom is out of service, luminous carpet arrows can point to an alternate restroom. If a meeting room assignment has changed, invitees can be directed to the newly assigned room. There is an array of technologies that fall into the category of presence control, all of which deserve design thinking that considers opportunities for managing who goes where based on security, safety, service and convenience management factors. The operational value of such displays can be enhanced using presence control.
Video 2. Luminous carpet demonstration.
Video 3. Luminous carpet water soak demonstration.
Controlling the Environment Based on Presence
Smart facilities are already controlling their built environment based on presence, for example, automatically configuring a desktop phone to an individual who has stepped into an office, while adjusting the lighting and temperature controls according to the individual’s known preferences. Conference room temperature controls are adjusted based on occupancy, to provide an appropriate level of air conditioning and turning it off when the room is unoccupied. When a presentation projector is turned on, ceiling lighting is automatically adjusted for the best viewing conditions.
Electronic signage is currently an underused technology whose time has come thanks to the affordability of consumer-grade display technology and the ubiquity of facility networking. The use of signage with the dFlow gate to provide individual- or group-specific instructions implements both definitions of presence control, controlling where people can be, and controlling the environment based on who is present.
The lobby of the Herbalife headquarters in Torrance, CA (shown in Figure 2 below) is an example of using electronic signage and visual displays to provide visitor-specific messages. Smart buildings and museums utilize such displays and change their content automatically using presence control. Retail locations have already begun using such technologies to customize product displays for individual shoppers.
Figure 2. the Herbalife corporate headquarters lobby.
No sooner was this article released than I got a message from cybersecurity advocate Rodney Thayer who asked me, “Presence Control: What about Privacy?!!!” I actually had started writing a section on privacy and then, because there was so much to say, I decided to save it for an article of its own. However, I can certainly add now that there are at least four important privacy aspects that need serious consideration when implementing any product or system feature that uses personal or group attributes including Presence Control:
- Information oversharing
- Cyber tracks
- Cyber snooping
Information oversharing occurs when more information is shared than is needed for the specific purpose of the feature or function. For example, listing the full contact information of all meeting participants, when all that’s needed is the individual’s name – because the individuals are already known (or will be) to the other meeting participants.
Cyber tracks are the bits of information left behind that others can see later, after time period when the information is needed has passed. This is information lifecycle management in miniature: where is the information going? How long must it stay there? How will it be permanently deleted?
Cyber snooping is what it sounds like, people looking around for bits of personal information that they have no business knowing. Information oversharing and cyber tracks are what make cyber snooping possible.
Consent is especially important given the arrival of GDPR and other privacy regulations. Consent must be an element of any personal information collection and distribution. Before you use personal information that is available to use, you should be aware of the conditions that govern the use of that information, including the specific elements of utilization that the individual consented to when providing that information. For example, if a security or other system interfaces with an Active Directory database, was consent given to use that information for the purpose that is now being considered? This warrants close attention due to the personal and corporate legal issues and related penalties that are involved.
I’ll update this article again when with a link to the larger article on privacy issues, when that is published.
Presence Control is not New
Although the “presence control” label is new, the concept of presence control is not. Kmart’s famous “Blue Light Special” is an application intended to enhance the shopping experience. Now, modern mobile technology allows retail organizations to use presence control via smartphone apps to send customized coupons to shoppers based on the display the shoppers are standing in front of, and in other ways enhance the shopping experience.
Emerging technologies are providing new capabilities that enhance both security and business operations, as well as improve the built environment experience. The use of presence control will continue to grow as an important part of that picture.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
© 2018 RBCS. All Rights Reserved.