Printer Friendly

System selection and set up.

In 1979, The Management Philosophy at Hewlett-Packard Company (HP), headquartered in Palo Alto, California, encouraged an open campus environment. The company, which designs, manufactures, and services computing and electronic measuring equipment, did not restrict access in the twenty-building complex; interior and exterior doors were not locked. Employees worked in open offices. The computer room was behind closed doors only to maintain specified air-conditioning requirements for the equipment. The doors to this area were not locked.

The business climate was, however, changing in the 1970s. HP, along with other large corporations, was the target of bomb threats and demonstrations from radical, anti-government groups. Corporate information systems security, which comprises security personnel within the information systems organization, was asked to design a system for the new computer room. The system would protect company assets and data while allowing ease of access to authorized personnel. The challenge was twofold. The team had to educate data center employees about their responsibility in the area of security and data protection. It also had a much larger problem: to educate 8,500 employees who did not have access but thought they should.

The goal was to introduce a card access and facility monitoring system. Unfortunately, the system originally selected caused more problems than it solved. For approximately three years, the company operated this system in a trial-and-error method. The technology was so new that even our vendors' programming staffs were exchanging ideas with the security team for system patches and upgrades. The system also required expensive maintenance. Each time a service call was placed, whether it was related to hardware or software enhancements, the cost to the company averaged $1,000. These calls were made at least three to four times per month. The company could not continue to incur the high costs associated with the ongoing programming and hardware support of such a system. Management decided to design a proprietary system.

The company chose Westinghouse hardware for the door components and an HP 1000 computer as the central processing unit (CPU). Coding and testing took approximately two years. Many considerations were evaluated during this development and design phase, including integrating the old system with the new one. Where technology from the old system was beneficial to the new one, it was incorporated. For example, the security team liked the idea of user programmable time codes. This gives security the flexibility to control access at specific times and days if necessary. As the programming effort evolved, management decided to assign clearances for specific employees in combination with time codes. This allowed for tighter security because access could now be limited to specific doors as well.

As the administrative tree was being built within the system, a hierarchy for control and audit issues was incorporated. The hierarchy began at the basic acknowledge alarm level through to password administration. This arrangement enabled the company to limit entry areas to individuals on a business-need-only basis.

The system was also designed to include an additional safeguard on passwords. If an attempt is made to hack the system, the first incorrect password entry causes the system to trigger an alarm. This entry attempt is reported at all system stations, including the main console. The alarm will not cease until a valid password is entered. In addition, the program will report where the invalid entry is occurring.

In March 1984 the new system was activated. The corporate computing center was the first HP entity in Palo Alto where access was limited to business need. Unfortunately, employees became angry when they could not access an area previously open to them. To defuse this situation, the company held many educational sessions to explain the program to employees.

Installation. By 1989, the corporate security manager wanted to use this system to provide card access to the corporate offices, with the possibility of expanding to other HP divisions in the area and elsewhere around the country. A task force was established to design and recommend a corporate solution for access control.

It was a unanimous decision to use this access control system for all divisions in the Palo Alto area, but how to sell management on the idea was the big question. This was accomplished by reviewing the components that make up the system hardware and software.

Choosing the HP 1000 computer for system hardware was especially attractive since the company could purchase equipment internally and have instant system support. The company was also privy to product development plans. The security department was staffed with several HP 1000 computer experts providing programming backup if needed.

Security chose Westinghouse products as the door controllers, card sensors, and command keys. The department had already worked with the products for several years, and they had proven their reliability.

As the software was developed in-house, it could be modified to do whatever management wanted while meeting the Information Systems Steering Committee's (ISSC) standards. The ISSC reviews all programs to be implemented at HP to ensure consistency.

Since the system had been in place for several years in the corporate computing center, the bugs had been worked out. Educating employees on the security mission became the new focus. The same employee population of 8,500 workers in the Palo Alto area whose original exposure to the system was to learn that they would not have access to the computing center, were now to become users of this system as it expanded to other facilities. The company already had 400 salespeople - the data center personnel - who could help educate these new user groups on the system's benefits.

The company began educating employees about the system approximately nine months prior to activating it in the Palo Alto area. Security personnel attended staff meetings and coffee breaks and placed articles in company newsletters. The convenience of the system was emphasized. Employees were notified that the doors would be locked but that they would receive a key to the building. Three weeks prior to going live, security activated the system but left the doors unlocked. This provided employees the opportunity to experiment with their command keys without being locked out of the facility. When the system was turned on in January 1991, only a few problems were encountered.

During the installation planning, cameras and intercoms were added throughout the facility. The proprietary system had been programmed to handle additional cameras, making installation hassle free. Again, educating the employees to use these cameras was key to their acceptance. Since a picture is worth a thousand words, photos of well-known people within the company were placed in strategic locations throughout the site demonstrating how the cameras would be used. The photos served as positive public relations tools for instituting new security products. For example, one photo of a two-part photo spread featured several well-known section managers attempting to go through one security pedestal at one time without success. The adjoining photo showed the managers exiting one-by-one successfully with the use of their individual access cards. Another picture demonstrated how employees could move through card sensor readers easily, with women holding their purses toward the reader pedestals and men positioning their wallets in the pedestal's direction.

Mistakes and solutions. As the system grew in size, new problems arose. One problem concerned the lack of intercoms. The system purchased for the corporate offices could not economically be expanded for other HP buildings because it required cable to be run for all locations. Initially, security decided that it could forego intercoms and simply install card access and cameras. This was acceptable until the first time someone was locked out of the building at night in a fenced-in area. For safety, all future installations would include card access, cameras, and intercoms. A technology that used simple telephone lines for transmission was selected.

Another problem was the expansion of the HP camera system. As more buildings were incorporated into the system, security was constantly adding cameras. This required the addition of camera sequencing back at the command center, as well as the need for more monitors. A space crunch developed as it took more hardware, more resources from the camera switcher, and more people to operate and monitor all this equipment.

Sound resource planning, especially in the design phase of a command center, is essential. Initially, security planned for monitors, the security system itself, and radio traffic monitoring. Each piece of equipment was evaluated separately, not as an integrated network. That led to logistical problems, which resulted in additional expense when it became necessary to move monitors, telephones, and keyboards to facilitate ease of use by officers.

The architectural makeup of the monitor room is extremely important. Security initially asked for too little space, and now the department needs more but will probably have to settle for what it has. When more than three people are in the center it becomes crowded. Lighting is extremely important but was overlooked, and now a costly change is in the development stage. Also, the monitor room was built within the security room and, thus, is not enclosed. Because of the noise from the security office and the activities that take place in the command center, the department now faces the architectural and budgetary dilemma of adding doors.

At its present stage, security has become a partner with many of the company's divisions as opposed to a necessary evil. While the specific systems still face user resistance, the general need for security is gradually being accepted. Today, many sites request security risk assessments. The department is often contacted for ideas to improve policies and practices. Quarterly group meetings are also held with all of the company's security managers throughout the United States to discuss current policies, trends, and upcoming programs. These people return to their divisions and educate site personnel on security requirements. Site security managers have now become the sales force for corporate programs.

HP currently has more than ten proprietary card access system installations in the United States, and the company is exploring the technology required to transmit records via LAN, WAN, and UNIX platforms. It plans to network personnel, security, and video-imaging systems together to communicate worldwide. While employee records, such as photo identification, performance records, and termination notices, must now be handled manually, management sees great advantages to being able to process these records and transactions automatically in the future.
COPYRIGHT 1993 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Wilson, Steve
Publication:Security Management
Date:Sep 1, 1993
Previous Article:IDs put on a new face.
Next Article:Six secrets of a successful survey.

Related Articles
Nexell Therapeutics Receives FDA Approval On Next Generation Isolex 300i System; Version 2.5 for Positive Stem Cell Selection Delivers Enhanced...
Quick Tips for Control Knob Selection.
Take a New Bearing Is Taking a New Bearing!
Adaptive learning object selection in intelligent learning systems.
Econometric Analysis of Model Selection and Model Testing.
Finding right racks for your warehouse harder than ever, with so many choices.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters