Sitting in the reception of the UK headquarters of global internet giant Cisco, you appreciate some truths about access control. From our September 2000 print edition.
Sitting in the reception of the UK headquarters of global internet giant Cisco, you appreciate some truths about access control. Staff access has to be swift and imperceptible. Employees take instant access control – and all the security measures that protect themselves and their property – for granted. As you watch staff, from around the world, walk in and out, it takes an effort to grasp that such a smooth-working access control system does not just happen. Quite the opposite. In such a large, fast-growing company, the potential for refusal of cards or passwords or any access control feature is huge. Staff are hot-desking and working all hours – in Brussels or Zurich one day, Stockley Park, the UK headquarters north of Heathrow Airport, the next. Paul Mercer, security systems manager EMEA (Europe, Middle East, Africa), is the man responsible for the access control and other security systems. A phrase of Paul’s from the end of the interview at Cisco’s UK headquarters in west London sums up the culture: ‘You don’t want to put hurdles in the way of a productive employee.’ At Cisco, security has to be in keeping with the company’s hard-working, dynamic culture – thanks to a global network centred on Cisco’s home in San Jose, California.
<br><br>
Building a career
<br><br>
Paul Mercer says he made a major transition to enter his current field. He was in construction until the recession in the UK building sector about ten years ago. He moved into security systems for buildings in the IT sector. He applies his knowledge of how buildings are put together, to security. ‘What we endeavour to do is look at a building and assess it for risk, and introduce a series of measures – access control and other traditional security applications. The likes of Cisco, Microsoft, e-Bay and Amazon have worldwide offices and need worldwide management systems. Cisco manages the world in three areas: the Americas; EMEA; and Asia-Pacific, and is expanding fast. Its UK headquarters is at 3 and 4 The Square, Stockley Park, a business park near Heathrow Airport; they are moving into number 5 too. In the UK alone they have offices in England, Scotland, and the Republic of Ireland. Everything – sales, staff numbers, office space – is mushrooming. Access control has to guard against unauthorised intrusion, and the removing of physical and intellectual property. In the internet economy, a forward-thinking firm like Cisco has an ethos that applies to security too. In this new economy, an open and keen mind are called for. A traditional police or armed forces background is neither a hindrance nor a passport for a security professional’s job – as Paul’s own background suggests.
<br><br>
Access to a new economy
<br><br>
Cisco’s 35,000 (and growing) employees worldwide have basic access to all company buildings. Beyond that, certain staff have access to certain areas inside those buildings, depending on their job. To take an extreme instance, employees in the staff restaurant have no cause to access the SOC (security operations centre). Paul describes the staff ID card, that uses a proximity reader, as a permit or a passport. As in many organisations, Cisco buildings are secure yet open ’24-7’. No longer does the janitor open a building at 9am and close it at 6pm, and only a key-holding manager, and then only rarely, comes in out of hours. Access control technology has made the janitor redundant. Company buildings are in constant use. ‘We are a multi-national company and as a consequence you have global travel – people travelling from region to region.’ It is not Cisco’s philosophy to have staff inconvenienced by having any security delay entering a Cisco building. Cisco, as a rapidly growing firm seeking premises, has until recently had little say in the design of its buildings. Only with offices under construction – in Amsterdam, for instance – is Cisco having that say. Paul’s team treated 3 The Square as a building that they had to customise. There are no perimeter fences at Stockley Park, only greenery – lines of bushes along the car park between bays, young trees and lawns. Security on the business park is handled by uniformed guards belonging to Stockley Park (other tenants include KPMG, Polaroid and Panasonic Technics). Inside, there are two uniformed men at a desk to greet staff and bona-fide visitors – and greet is the kind of approach that fits in with the Cisco way of doing things. Those visitors are let through to reception. The best internet staff are hard to retain; they (and the people visiting them on business) are important. Cisco wants to keep them as secure yet as unruffled as possible.
<br><br>
Seamlessly international
<br><br>
Paul thinks in terms of EMEA. He is a member of ASIS (American Society for Industrial Security) and he thinks in terms of European solutions and protocols for consistency across his region. Those solutions have proved difficult, he says. His team seeks to make entering, exiting and locking of doors, for example, as simple as possible for the end user. Rather than impose a London-based norm, access control for Cisco buildings across the EMEA region takes into account local customs. The team wants to avoid the need for a check-list or guide in a language maybe foreign to the user. Every piece of equipment has to be easy for staff to use, across the region. As in all organisations, staff users of access control are not going to sing the praises of the system – it’s a tool. Nevertheless the business depends on it, as it depends on any everyday tool. Creating a member of staff’s global ID is almost immediate: the new employee’s details go on the human resources (HR) database. Such details are regularly downloaded into the OnGuard Enterprise system provided by Lenel, the US IT firm that works in the field of security. Lenel’s system integrates access control, ID management, alarm monitoring, digital colour CCTV recording (using CCTVware from Loronix) and asset management. The new employee’s details are pulled from HR and used to create a unique badge. There is a protocol so that an image cannot be created for the badge until the employee information has been transferred from HR. The network is designed so that each Cisco region has the ability to support the other regions. Without the Cisco network none of that would be possible. If another organisation is going to build this sort of global system, you need Lenel and networking products – the products that Cisco make.
<br><br>
Network approach
<br><br>
This network approach chimes with Cisco’s business. The company is a worldwide leader in providing the software and hardware for the internet. Its revenue in the last four quarters was $16.7 billion. Phil Mailes, Lenel’s UK Director, says: ‘Although we at Lenel deal with many large multi-national organisations, Cisco represented the perfect fit for us due to the similarity in culture and approach of the two companies. The requirement was to solve Cisco’s high security requirements yet at the same time remaining both unobtrusive and flexible.’
<br><br>
People
<br><br>
Paul Mercer reports to the EMEA security manager Tom Jones, also based at Stockley Park. Paul’s team does not manage information systems – that’s part of another group. Paul heads a team of project managers and engineers. Cisco, then, keeps design of security systems in-house because the designs are confidential. Paul says that an external contractor or consultant cannot be expected to successfully deploy the type of sophisticated system that the company requires. Rather, the company needs somebody within, who understands the culture of the organisation and works with colleagues. Companies like Cisco are international and seamless – needing technology that allows staff, wherever and whenever they are, to remain in control. That technology is provided by Lenel. ‘The system we have can turn on lighting, [CCTV] cameras, any device you choose to interface. One of the schemes I have designed has interfacing with cameras with roller shutter doors with windows. For example, we operate automatic roller shutters on some of our buildings because of high risk. They are scheduled to operate when required. There is no human interface. It does require consideration – you don’t want things opening and closing without warning. We put a strobe light as an early warning, to advise users that this is going to happen in five or ten seconds. You have to communicate with your users to advise them of an automated system.’
<br><br>
Control room
<br><br>
The security operations room for Cisco EMEA is on a corridor behind a door that looks like any other. The SOC runs 168 hours a week. Five people were inside at 3pm the weekday Professional Security visited, though that was more crowded than usual because of the shift changeover in operators. There are eight operators in the team – two, a senior supervisor and an operator, work at any time, on eight-hour shifts. With them is a database administrator, who supervises the system and programs in any new data – working with his opposite number in the US, for consistency’s sake. The two operators do not look at a stream of CCTV images all the time but monitor cameras when they are activated. Cisco has designed the system to have dual capability to manage a very large geographical area. The SOC has overall responsiblity for incoming information from the access control systems throughout the region. Any office also local response capability, allowing for a rapid response if one is needed – if a duress alarm is activated, for example. This arrangement is to deal with the fact that not every member of staff speaks English, let alone non-Cisco members of the public. It’s Paul Mercer’s responsibility to decide on a case by case basis whether a site will have the ability to monitor CCTV, with the overall management residing within the SOC.
<br><br>
Voicing a wish
<br><br>
Is there a product not on the market that Paul would like to use’ He believes biometric applications will become more viable. He wonders if the key – to a car, or a door – may disappear. Instead, might staff have access to their computers by voice recognition’
<br><br>
Some last words
<br><br>
The open, positive-thinking way of doing things at Cisco is mirrored in the way Security is provided for staff and property, and the way that Cisco staff regard their security. Security is not ‘the security department’ of an organisation; it’s not something negative or a bit of a chore. It’s something that lets you go about your daily work safely and smoothly. Cisco has a highly productive and successful way of going about its business, that has meant changing the way security (like every other part of a business) is done. It’s about change, but change for the better rather than for the sake of it. It’s about words like teamwork and customers and quality and open communication. The Cisco vision is about changing the way we work, live, play and learn and in a way you can only grasp it when you see for yourself inside the reception of a Cisco headquarters or when you listen to someone like Paul Mercer.
