I remember having a conversation with a top AMAG executive a decade or so ago and at the end of our discussion, he confidently boasted that he was proud his company was the best kept secret in the security industry. Stunned, I countered perhaps that wasn’t the best marketing tool in his kit.
Fast-forward to 2019 and the ecosystem is no longer centered around an access control manufacturer-only mentality. Instead, it is now a robust environment that showcases a complete end-to-end open-system solutions provider featuring access control, video surveillance, visitor management, identity management, incident and case management, along with mobile solutions that have intelligent data analytics and hosted solutions with available API’s that look to drive an open standard with automated operational efficiencies.
Since introducing the Symmetry M4000 intelligent door controller this March as an open-source operating system, AMAG can provide an advanced panel that offers system security, resilience and reliability. The controller supports four doors, up to one million credentials and 65,000 off-line transactions, which can be expanded further if required. Install multiple controllers to a single network connection with up to 20 readers, 80 inputs and 64 outputs. The controllers will operate with Symmetry Access Control software V9.1...
The Symmetry M4000 supports OSDP, Wiegand and AMAG’s own MCLP reader communications, enabling organizations to install industry-standard Symmetry access control software and modules and providing end-users with the option to choose any card reader that fits their unique needs and requirements. It comes with an onboard 1Gb network interface with AES encryption capability. The system also allows web-based configuration, monitoring and upgrading with the Symmetry Sentry, a remote management tool.
I recently had the opportunity to sit down and talk to Kurt Takahashi, President of AMAG Technology, which is a member of the global G4S security family. We discussed his vision and changing business model that he hopes will propel AMAG to the top of the industry and better define its roadmap into the future. AMAG will be featuring its security solutions this week, September 10-12, at Chicago’s McCormick Place during the GSX event. They are residing in booth #561.
Steve Lasky: Why is this a new day and a new way at AMAG?
Kurt Takahashi: The best place to start would be when I got here in 2015. I would say that all anybody ever talked about was access control. Any meeting I went to, any presentation I went to, the only thing I ever saw was access control. One of the reasons I came here was because of all the other things that we had here and the things that we were capable of doing. If you think about, where we've come from in '15 to where we are today is huge; we've completely changed our go-to-market strategy. We've focused on it, our entire software stack, our whole solution versus just access control. So yeah, we have an access control system. Yeah, we have video management. But what we focused on in the last few years is how does all that get operationalized. I can put an access control system onto any existing system, any building, then walk away tomorrow and not care about what the client wants in future expansion.
Lasky: How did you work your clients into the new technology roadmap?
Takahashi: When you sit down with the clients and you see them using the system, you see a ton of disconnected processes. A lot of manual processes. Everything's based on emails. When people need to make changes or requests or audits and all these things, we realized that the three most compelling business drivers that we need to be solving for our clients are how do we reduce risk, how do we ensure compliance, and how do we save money.
When you base all of that around your technology and then you figure it out. Go back and sit down with the clients and see how they plan to you use it. We weren't doing that with our clients. As we started developing these new technologies, we sought to fix those challenges. Now we've come up with the visitor management solution, full policy-based visitors solution that can automate the entire compliance and audit requirements around a lobby.
We developed an identity and access management platform that completely automates the entire onboarding, offboarding, recertifications, access requests, audits, compliance, reporting; doing everything that companies like Quantum or Alert Enterprise do. We did that because there was no other access control player in the market that took on that challenge; they left it to the other software development companies. So, we did that to service our clients and provide a differentiator. Then this past year we added our incident and case management solution to our options as well. Now one of the challenges that we ran into was it would only work with AMAG and that was still the dig since we didn’t work with Mercury.
Lasky: So that is a real challenge, right?
Takahashi: It's a challenge. The last several years we've been working on a new architecture for our hardware. We recently released our M4000 panel, which is the most open panel in the market. The M4000 is a Linux-based panel that has an open and available API. When I say open, I mean if we sell our M4000 panels to somebody and they want to have another provider write to it, we'll give them the API. Nobody else will do that.
We brought our M4000 to the market with the intent that this changes the game for us because now everything we do is open, from our controller to our reader. We brought to market a multi-technology transition Bluetooth reader that can work on anybody's system. Our video management solution is completely open, it integrates to anybody's access control, and is open to hundreds and hundreds of cameras and other third-party applications. One of the big things we did last year was joining PLAI.
We also sit on the board of PLAI. We've built our connectors and we're charging forward with that methodology because up until then, all our solutions only worked with AMAG. Now what we're saying is all our solutions will work with everything that's PLAI compliant. My argument is that if you want to say that you're an open technology, why aren't you a part of PLAI? If you look at PLAI, there are not a lot of security companies involved -- only a few players. But everybody says they're open because they use a common platform.
Lasky: Are you looking to do anything with the panel as a possible OEM?
Takahashi: Not yet. We could, but that is not the current plan. But if anybody wanted it we would. We just released it so we're still getting into the market. But I would for sure license that to anybody that would want it.
Lasky: Describe how the open platform concept plays into your strategies and eventual API offerings.
Takahashi: When I look at our entire stack, from our access to our incident management and everything in between, from readers to credentials to visitor identity, incident management, all of that, nobody has a more open platform. Since we own all that stack, now we're starting to use the data more effectively. We've built an analytic algorithm that utilizes machine learning so we can learn; you know, your pattern of behavior.
Say you go to the office Monday through Friday; you go through the same set of doors every day at the same time. As you start to do those things, you start creating a normal pattern of behavior. We’ve constructed an algorithm that can manage and begin learning what your everyday routine might be. The moment you start acting outside of that normal pattern of behavior, that raises a risk marker. Let's just say you work for IT; you have access to certain types of data and now you're acting outside the normal activity. Maybe you're coming in at 10 at night, you're coming in early in the morning, you know, you're making photocopies, you're doing anomalous behavior. Now we're going to start detecting and monitoring that.
If you start trying to gain access to a lab or other area that you don't normally visit…these are anomalies and we can mirror that against your identity record because we're an identity management company. This will allow us to change your risk level based on your behavior. We want to raise the new risk alert to the levels that management can now have options to make different decisions that might say you are acting a little bit suspicious. Maybe we don't grant you access to the data center. Maybe we need a second approval for that access request. That now changes your risk profile.
Lasky: How do you determine the metrics and reset risk factors?
Takahashi: All the data gets weighted. We have a weighting structure to it. Take, for example, your HR record. It tells us who you are, what department you work in, what your title is, what level of access to data you possess. That data is scored based on your behavior, your access, things like that, while we also consider the person’s business behavior and work trends.
Lasky: So, it is a risk scorecard that an organization is looking for?
Takahashi: Exactly. That's what they want. They want to know what they don't understand right now. You have all this data but nobody's using it, so we've now taken that data and we’ve pushed it into our algorithm and fed it right back into. The idea, though, is how do we harness the power of the information that we know we have. That's step one. We have a big plan for analytics as we move down the road but we're just trying to do something really simple. I don't need to boil the ocean today. I just need to do something meaningful. We’ve started with our platinum clients and as they start to use it, we're going to build out more use-cases where we can add to that algorithm. All the different things that we are currently doing and plan to do now are being driven by data intelligence.
Lasky: What's the strategic marketing plan to brand AMAG’s new open environment solution? Also, how are you going to strategically market this to the channel, number one, and then number two, to get the pull through from the end-user?
Takahashi: We’ve created this ideation team and have done about 40 different workshops where we sit down with new and existing clients and end-users for multiple meetings. We ask them to show us what they’re using today, especially if it's AMAG because on many occasions they're underutilizing what they have. We look at the entire technology estate, and we start marrying it against, well, what they are trying to achieve. We have certain compliance requirements; we have certain audit functions.
We will then sit down with the client and whiteboard out their entire program and identify their risk and security gaps. Now those gaps feed right into my product. Everything that I just told you that we've developed has all come as a result of clients telling us these were the things that they have been challenged with. We take that feedback and develop solutions right back into our technology stack. So, one way we get to the market is by going right back to our existing customers because a lot of our existing customers only used AMAG for access control. They didn't know about all these other options.
We then must go out and evangelize to the market. We're trying to teach the market that there's more to access control than just securing the door. We must meet their other operational challenges. How is that audit and compliance officer actually doing their job? Not many people talk about that because they don't understand it. We’re now going out to the market to let them know there is so much more to our platform than just access control.
About the Author:
Steve Lasky is the Editorial Director of SecurityInfoWatch Security Media, which includes print publications Security Technology Executive, Security Dealer & Integrator, Locksmith Ledger Int’l, and the world’s most trafficked security web portal SecurityInfoWatch.com. He is a 30-year veteran of the security industry and a 27-year member of ASIS. You can contact him at [email protected].