By Lisa M. Kempfer
Facility security has many battlefronts, from protecting assets and employees to thwarting data thieves and safeguarding a company's reputation. A well-managed security program includes the right policies and procedures as well as sophisticated information technology controls and access-control systems.
Here are four strategies and tools that facility managers can put into place today to better secure their factories and distribution centers from intruders, thieves and spies.
1. Network Security
Having secure channels for exchanging information is critical for optimal supply chain management. Jon Downs, v.p. of technology services at CEVA Logistics North America (www.cevalogistics.com), a logistics service provider based in Jacksonville, Fla., knows his company's reputation depends on rock-solid data security. CEVA's customers include some of the world's largest companies. The company spends 2% to 3% of its operating budget on all aspects of network security, which includes training employees on best security practices.
"Customers entrust CEVA with data that is often the lifeline of their supply chains." Downs says. "As soon as you pass a virus to them, or worse catch a virus from one of them and pass it to their competitor, you've lost all of your creditability."
CEVA processes five million transactions an hour during peak periods. It keeps its information secure through disciplined policies and procedures. It runs its network through a central data center; does not allow outside connections to any of its warehouses or locations; and uses virus and spam filters, firewalls, and spy ware. In addition, the Internet can only be accessed from the main data center. Other tools are used to catch employees who make mistakes or don't follow the procedures.
Derek Hudson, information security engineer for the company, says CEVA's information security management system was designed and implemented using a combination of industry frameworks. The system ensures information is only accessible to those people with authorization to see it. It safeguards the accuracy and completeness of the information.
CEVA has achieved ISO/IEC 27001:2005 certification for its information security management systems (ISMS) within North America. ISO 27001 is an auditable standard for information security that demonstrates that an organization has an adequate set of information security controls in place and that those controls are being properly executed and reviewed.
"Every good set of controls should start with a good risk assessment," Hudson says. "Assess the risk and learn how to manage it." Keep in mind, he adds, that there are some risks that will never be totally eliminated.
For companies new to IT security, Hudson recommends starting with education. He suggests starting at the SANS (SysAdmin, Audit, Networking and Security) Institute (www.sans.org) for general information and the SANS Technology Institute (www.sans.edu). The International Information Systems Security Certification (ISC, www.isc2.org) also provides education through third-parties and security professional certification.
2. Eye in the Sky
Keeping an electronic eye on assets is an effective way to protect them. Today, cameras can be placed throughout a facility or yard that will send a signal to a mobile device when there is a problem or alarm. Motorola Inc. (Holtsville, N.Y., www.motorola.com/enterprise) working with camera manufacturer, ComCam International, Inc. (West Chester, Pa., www.comcam.net), offers its Pocket C3 as part of a new breed of mobile command and control viewing application.
"Because of streaming video, security employees are not tied down to viewing monitors in a room. They are now mobile and can move around and still be connected and see what is going on," says Gerald McNerney, senior director for Motorola. Users can choose a camera and view what the camera sees on their mobile handheld computers.
The mobile devices can also be connected to a company's alarm system. When an alarm goes off, the device lets the user know when and where it is. The guard can immediately switch on the camera nearest to the alarm and see what the problem might be. If there is something wrong, a broader alarm can be triggered from the mobile device.
"You are mobilizing and expanding the capabilities of the security employee so that he can do security measures as well as other activities in his daily job," McNerney says.
Ray Shilling, a v.p. at AvaLan Wireless (Palo Alto, Calif.) says cameras are usually placed in warehouses and DCs at points of high sensitivity, near valuable equipment or where employees may be injured. AvaLan's (www.avalanwireless.com) AW-H5800 mounts will support almost any fixed-format network camera with a non-line-of-sight wireless network. Images are recorded on network video recorders. The cameras can be integrated with access-control and biometric systems.
Cameras are used for more than asset tracking, Shilling says. "They are also used for slip-and-fall protection to protect employers from false workers compensation claims."
3. Access Control
"In the future, warehouse workers will carry a single, smart card," predicts Jack Bubsney, product manager, HID Corp. (Irvine, Calif., www.hidcorp.com). "They are like your own person license plate.
"The main function of smart cards was once to control access into a building, and into more secure areas, such as special computer rooms and money rooms. To be verified, the system's controller interprets the data and determines its validity. Valid data triggers the controller to release a magnetic lock for example.
Since 9/11, more companies have been asking for the cards to carry more than just identification information. Newer smart cards store an employee's ID information, level of authorization, times and areas of access, fingerprint data and even software applications.
As a result employees with multiple responsibilities only need one smart card and do not have to have two or three cards hanging by a lanyard around their neck.
Biometric access-control is an up-and-coming security technology currently used in some hospitals and government agencies. These systems use face recognition, fingerprint recognition, and iris recognition to grant access. An Ethernet-based access control system from Integrated Biometrics (Greenville, S.C. www.integratedbiometrics.com) can compare 1 to 10,000 fingerprints in less than a second. Employees can quickly enroll in the system. All they need to do is scan one finger from each hand plus an alarm finger-if this finger is used, it sets off an alarm.
4. Secure Containers
RFID tags may be able to accurately track containers in warehouses, but how can inventory managers be sure a carton's content has not been compromised? SecureContainer, from Mikoh Corp. (New York, www.mikoh.com), uses a single pressure-sensitive RFID-based seal to protect a box's contents against thieves as it moves through the supply chain. A tamper circuit on the tag's chip either disables the tag or alerts RFID readers that the tag has been tampered with.
"Protecting against product theft, substitution, contamination and the introduction of counterfeit items is serious business," says Peter Atherton, Mikoh's chief technology officer. "If the physical security of the container and RFID tag is not maintained, companies have little or no way to ensure that the product has not been compromised during the distribution process."
Mikoh's SecureContainer durable, reusable closing system uses disposable plastic inserts that slide into the container flaps and secured using a tamper-resistant seal. The design places the RFID tags in a consistent position and orientation relative to the tag readers. If the container is opened, the pressure-sensitive seal is damaged, alerting employees or the container tracking system to potential product tampering. For material handling applications that do not use RFID systems, other security seal technologies such as foil or holographic seals can be used.
SecureContainer from Mikoh Corp. holds RFID tags that alert RFID readers when they have been moved from their original location.