As Director Business Development at Primion, Nils Schapmann has been responsible for Product Management in the areas of access control, time recording and physical security information management (PSIM) since the beginning of 2023.
In an interview with the trade magazine for corporate security SECURITY INSIGHT, he answered questions about developments in access control in the area of on-premises and cloud solutions:
The general trend is towards more integrated solutions. How do you assess the current development in the area of access control?
Companies today want to work together across departments in order to organise their work as simply and efficiently as possible. This requires appropriate networking. The exchange of data via APIs, i.e. programming interfaces, has long been standard. However, entire processes are now being automated. The larger the company and the more complex the structures, the more integration and networking is required. The integration of security solutions is also on the rise among public authorities and medium-sized companies.
How is the importance of cloud-based solutions developing?
The trend towards SaaS (Software as a Service) and therefore the cloud is unstoppable. The best example is Microsoft. Today, everyone has the 365 product range; ten years ago, such software as a service solution was still unthinkable for most people. In security-relevant environments, where the demands on IT are higher, SaaS helps small and medium-sized companies in particular. They can outsource costs and do not have to build up their own IT expertise and staff, which is becoming increasingly difficult in view of the shortage of skilled workers. Although on-premises solutions are often still required in the high-security sector, a rethink has begun here too.
What contributes to a rethink?
A common question is where customer data is stored and whether it is secure. Primion is very clear about this: our cloud providers for German customers are in Germany and the data remains in the country. In addition, the security of a cloud solution is generally higher. Available updates are immediately installed centrally by the manufacturer, the latest encryption methods are used and the security standards are therefore more affordable and convenient for companies to use. Shifting the costs from CapEx to OpEx is also interesting for many companies. Last but not least, on-premises or cloud is not a question of either/or. For mobile time recording, the mobile phone must log into a cloud; for mobile access, data must be transferred via a cloud. If customers want to use such services, we offer them the option of either switching completely to the cloud or only using the new services in the cloud, with the main system remaining on-premises. In this way, we are slowly reducing concerns about a cloud solution.
What solutions do you offer, both on-premises and cloud-based?
Our solution for access control and time recording is prime WebSystems, available either on-premises or as SaaS. Our prime SecurityManagement (pSM) covers integrated security management and is a pure on-premises solution with a web interface. New is MyPrimion, a pure native cloud version as a platform for new functionalities that require a cloud solution. Mobile time recording with the MyPrimion app and mobile access control in the MyPrimion Wallet are available as a first step. Further solutions will be added, for example for staff scheduling. prime Visit, our visitor management system, will also be integrated into the platform and there will be new solutions for office space and car park management.
Will MyPrimion replace the existing platform?
In future, we will deliberately offer both platforms in parallel in order to remain flexible. More complex solutions with special requirements can be optimally realised with prime WebSystems. With MyPrimion, the focus is on simpler, more cost-effective solutions. However, both systems are networked with each other so that the user can easily use them individually or together. The user interfaces in particular are growing together; here we are focussing on a uniform, modern and intuitive look and feel for all Primion products. At the end of the day, it's the overall solution that counts for our customers.
Everyone is talking about AI at the moment. What role does AI play in access control solutions?
In principle, the use of AI is not yet very advanced in our industry. Chatbots and configuration wizards, which are also based on AI, are already widely used. However, as soon as it comes to metadata analyses, where, for example, the behaviour of users is examined in order to improve access control, there are major challenges and reservations in Europe, especially in Germany, with regard to data protection. In addition, the same question arises as in the automotive industry: who takes responsibility for the autonomous decisions made by AI? In view of these limitations, I don't believe that everything can be managed by AI in the near future. I see AI more as a future advisor that supports people in their daily work with good analyses and suggestions.
In addition to the KRITIS umbrella law, another topic that is currently preoccupying the industry is the implementation law for network and information security (NIS2). How do you assess the impact on access control solutions?
I come from the cybersecurity sector and clearly see a need for action here, especially when we talk about networking and cloud solutions. Legal regulations and industry security standards help us and our customers to harmonise requirements. I am an avowed fan of standardisation. For example, if a company introduces an access control system for various properties, the security officer no longer has to deal with IT security standards in detail and list all the requirements individually. It is enough to say: "Fulfil the requirements according to NIS2". It is much easier if requirements can be queried and documented with clear references. All in all, NIS2 is an important building block in ensuring that the industry has a uniform standard. In addition, the NIS2 directive makes it possible to differentiate oneself from price-aggressive providers whose products often cut costs in areas such as IT security.
Source:
SECURITY INSIGHT SicherheitsPraxis 3/24 www.prosecurity.de