Protected environments demand both robust security and a frictionless user experience – no compromise, no trade-off.
In a climate where the threat of a security breach continues to worsen, adopting a resilient and sustainable security capability is an essential requirement for government and critical infrastructure. So how do you deliver a security solution that’s able to adapt to an ever-changing threat landscape while meeting demands for both protection and convenience?
We spoke to Ken Seiler, Director at Secom Technical Services, and Blair Crawford, MD and Co-founder of Daltrey, about their partnership and their work delivering a first-of-its-kind biometric security solution to the Commonwealth Government.
This project is the first of its kind anywhere in the world. How did it come about? What was the vision?
Ken: Our client presented a problem involving support of a legacy product and its impact on their operations. The problem encompassed various locations worldwide and inconsistent usage patterns, which meant varying support availability and uptime were critical. Auditing and management of user access were imperative. Our vision was to detach the customer from dependencies associated with the legacy vendor and product. We needed to provide resilience and multiple support vectors using industry-standard products and protocols, including high uptime, supportability, and repeatability in deployment.
Blair: The nature of operations in high-security environments requires access by multiple stakeholders, but legacy systems have resulted in a combination of insecure and inconvenient access methods. This presents a poor user experience and fails to provide certainty that the people accessing the assets are the right people.
We work closely with partners to bring our solution to market, and Secom is the leading business delivering this biometric security capability into Canberra. Our job was to support the vision Secom had established with the client, understanding and complying with requirements in the design phase and over the lifetime of the contract.
Why is this so different to past approaches?
Ken: This proof of concept has never been done in Australia or overseas. Although the project’s primary focus is physical security and access control, the technology used connects to the client’s ICT environment, leveraging existing infrastructure. Converging cyber and physical access requirements ensured all vulnerabilities are addressed appropriately at the required levels. The outcome for the customer: lower support costs and fast response times, and immediate access to apply security patches, ensuring no disruption to service.
Blair: This project is an example of a complex digital identity use case and is unique for a number of reasons. Importantly, it adheres to industry standards for how biometric technology should be deployed in high-security environments. Being able to meet those standards while deploying within an established and complex technology environment is something that hasn’t been possible before and a big win for the industry.
How did the technology choice support resilience requirements?
Blair: The use of biometric-based identity technology addressed the need for the solution to protect both the customer and asset. Its resilience is the result of a thorough and collaborative design process, ensuring it meets the customer’s specific security and user requirements – including integration with the existing technology environment – while adhering to the relevant industry standards.
Because of the nature of the environment the solution is being deployed into, performance and accuracy of the biometric is paramount – we had to ensure the people being identified are being accurately identified. The solution also had to be deployed across multiple regions and sites, requiring architecture that efficiently supports that level of scale. If it’s not built to meet these critical requirements for uptime, availability of service (always on), performance (speed) and accuracy, it won’t be robust enough for a client like this to rely on. Finally, it needs to be easy to maintain. Our strategy is to have as few moving parts as possible so partners, clients and we can be as hands-off as possible while the system is running in service.
How did you work with the end client? What were the project stages and milestones?
Ken: The simple criteria from the client was “the system had to work” and demonstrably work well. It also had to meet budget expectations and be deployed and serviced in a repeatable fashion, ensuring resilience and immediate response to outages or vulnerability.
The key project stages:
- Identifying the problem: A workshop session with the client to establish the requirements, restrictions and current technologies.
- Solving the problem on paper: Work with Daltrey to provide a preliminary designed solution based on the client’s parameters.
- Checking financials and viability: Discuss client’s expectations of capital expenditure and ongoing costs. Complete a reverse brief to ensure the paper design over the lifetime of the product was viable.
- Drafting Proof of Concept: Work with Daltrey to pre-commission a system and run it through its paces.
- Delivering Proof of Concept: Demonstrate a live working model on Secom’s network and provide details to meet the stringent technology and support criteria.
How did Secom and Daltrey work together to deliver this project?
Ken: Both parties worked collaboratively, providing active commercial and real-world functionality, restrictions and commercial checks before committing to the prototype. Secom supported Daltrey through the supply of infrastructure and depth of industry knowledge. The support added strength to the design and implementation of the prototype, allowing Secom to work closely with the client, preparing their expectations before the demonstration. The demonstration included a Q&A workshop session with Daltrey, Secom and the customer to convince the client to engage in the cutting-edge biometric deployment.
Blair: One of the most important elements of a collaborative project like this is maintaining the voice of the client. They have a strong relationship with their security partner – in this case, Secom – and one of the best things we’ve achieved through this project to date is how the Secom team has accurately translated detailed requirements without Daltrey having to be in every conversation.
For more information about biometric security solutions for high-security environments, contact us today.
This article was first published in Paradigm Shift, the AIPM digital magazine.