Security management in banking is a discipline unlike any other. Rather than integrating all security into one centralised system, some banks choose decentralised security for their branch offices. AEOS, a leading platform in integrated security, turns out to be just as effective when deployed decentrally.

”We were already using Nedap AEOS in our headquarters, as well as various regional offices. Then, in 2011, the security system used by our 800 branch offices in Belgium needed to be extended with access control. Because we were already aware of AEOS’s capabilities and very satisfied with its performance, it was a logical step to ask Nedap to solve our problem.” - Joris de Greve, Security Manager at ING Belgium.

Key management challenge

ING’s 800 branch offices in Belgium were already equipped with autonomous intrusion detection and camera surveillance. All doors and their accessories, such as locks, push buttons and door contacts, were monitored and controlled by the intrusion detection system. Doors were opened and closed using keys in security cylinders. A central alarm management system handled alarms coming in from local intrusion control systems.It was virtually impossible to keep track of the physical keys and who was authorised to use them"

Key management had become a problem, according to De Greve. ”It was virtually impossible to keep track of the physical keys and who was authorised to use them. We had no central database in which authorisations could be assigned or retracted.” In addition, changing locks, replacing keys and keeping key plans up to date had become difficult. “It was time for an electronic access control system,” explains Peter Rommens, Country Manager at Nedap Belgium. “Since all peripherals were connected to the intrusion detection system, the scope of the project was clearly defined. We were looking purely at access control at one or more doors per office.”

Expanding the centralised AEOS system

After considering a wide range of solutions, ING eventually selected two for further evaluation. One was to add access control to the existing intrusion detection systems. This was technically the least complicated option, because the basic infrastructure and necessary hardware were already in place. The other option was to expand the centralised AEOS system that was already up at headquarters and regional offices to include access control at the branch offices.

The latter offered the major advantage of being able to connect all branch offices to one central database, while retaining the ability to delegate responsibility for authorisations to lower-level security management layers. Other benefits of this option included its system architecture, the proven stability of the system for large numbers of offices and cardholders, the system’s scalability and flexibility, the native IP controllers’ ability to communicate peer-to-peer and bypass the server, and the system’s redundant facilities and security (failsafe, switching servers, etc.).

Flexible and extra secure

The factor that clinched the deal was that AEOS allowed for decentralised management of separate units and the use of entrance filters. This meant local offices could be authorised to manage their own security without access to other offices’ data, Joris de Greve explains. “The bank’s security structure is based on central access to buildings and central facilitation of technical solutions, but decentralised security and access responsibility per zone. Therefore, the system must allow us to cluster cardholders into groups with different authorisations. AEOS supports this.”Cardholders who lose or forget their badge are issued a replacement while the original badge is invalidated"

“Another factor was ING’s requirement that authorisations not be assigned to a badge, but to a cardholder,” adds Rommens. ”This builds in extra security: cardholders who lose or forget their badge are issued a replacement while the original badge is invalidated. This guarantees there are no unaccounted-for, authorised badges ‘floating around’.

Decentralised approach

ING combines centralised and decentralised policies. Overall security policy is set at top headquarters; security management there decides who is authorised to manage accounts and which authorisations may be assigned. This is part of the bank’s security structure. We ask ING Belgium Security Manager De Greve to illustrate.

“For example, the Milan office uses a server in Belgium and the technical facilities provided by central security management. However, the management in Milan are in full control of who is allowed access to their building and when,” he says.

User training is also decentralised. There are some 500 administrators, all of whom were trained internally and decentrally. AEOS enables this flexibility. Because AEOS is web-based, interventions are simply and swiftly carried out.

Keeping an eye on things

A consequence of decentralisation is the need for reports. “Central management wants to keep an eye on what is happening at the various branch offices,” De Greve says. ”Is security functioning properly? And are offices complying with security policy?” He believes reports “are also a valuable management tool.” For example: how many people are at work at any given time, or whether people only come in a few times a week. “This helps us to make sound decisions concerning flexible office space, for instance, and that’s an important way to reduce costs.”

Proxy offices roll-out

ING BE has two different types of offices: Proxy offices where all money is distributed by ATMs and Full Service where staff behind counters provide service. In both types of branches local staff is present and mobile specialists are available to respond to specific needs or questions customers may have.

Nedap is currently installing AEOS at the 800 Belgian branch offices at an approximate rate of nine offices per week. Peter Rommens explains how the roll-out is being organised logistically: “In preparation for installation, ING centrally creates the appropriate authorisations in AEOS. Then, Nedap’s business partner defines the configuration and uploads this to the controller. This means on-site installation is quick; once the controller is connected and deployed, the system is up and running.”Each office is prepared for expansion of its access control or the addition of other security functionalities"

AEOS at proxy offices

“The bank preferred our proposed solution, with one AP4803x per branch office, over a solution with one or more AP6003 network controllers per office but only one AEpu per ten offices,” Rommens says. “Although having one AEpu per office is costlier, availability is more sure with the AP4803x and it offers more long-term advantages. It means each office is prepared for expansion of its access control or the addition of other security functionalities.”

Proxy offices are defined as individual access control zones. Each office has its own profiles defining who is allowed access and on what basis. Proxy offices are secured with readers and a key replacement badge. The alarm system runs separately from the access control system. The badge only provides access, while arming and disarming the alarm system requires identification. In line with existing policy, if an unauthorised person finds a badge and tries to use it when the office is empty, this sets off an alarm. If a person tries to use a stray badge when the office is manned, he or she is immediately exposed by staff (social control).

“Badges are also blocked based on expiry date or end of contract because in general the fewer badges in circulation and the fewer people with access, the smaller the security risk,” says De Greve.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Nedap Security Management news

Nedap announces integration with Forge Bluepoint visitor management system for smart access control

Buildings or sites with existing or future Nedap access control systems can now benefit from integration with Forge Bluepoint visitor management to give people visiting their space smart, secure and time-limited access. Integration with Forge Bluepoint The new integration was customer-driven by HB Reavis’s new building in Bratislava, Nivy Tower, which went live in November. Wayne Lee, Director at Forge, said “We’re excited about this partnership and being able to offer our c...

ASSA ABLOY Opening Solutions introduces Aperio E100 Wireless Escutcheon to secure access control door wirelessly

Flexibility and a trusted record of reliable security in real-world environments: these are critical features when choosing any new electronic locks. With the Aperio E100 Wireless Escutcheon from ASSA ABLOY Opening Solutions, one can get both. A robust device suited to almost any medium- to high-traffic door, the E100 is easy to install wire-free - an ideal choice for both retrofit projects and new buildings. With Aperio’s open platform, it is straightforward to then integrate the escutch...

Hikvision announces the integration of HikCentral video security platform with Nedap AEOS Access Control Solution

Hikvision, an IoT solution provider with video as its core competency, has announced the integration of its HikCentral video security platform with the Nedap AEOS Access Control Solution to provide single-platform operations for users who maintain both Hikvision and Nedap systems. The integration, via Nedap AEOS Connector, provides event information, alarms, and person-data synchronisation of access control and intrusion events between AEOS-connected hardware and HikCentral. This integration en...

Nedap Security Management case studies

ROCKWOOL chooses Nedap’s Global Client Programme to secure its offices and factories worldwide

Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the programme, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardisation across sites, shorter implementation times a...

Nedap’s AEOS installed at ING’s branch offices in Belgium

Security management in banking is a discipline unlike any other. Rather than integrating all security into one centralised system, some banks choose decentralised security for their branch offices. AEOS, a leading platform in integrated security, turns out to be just as effective when deployed decentrally. ”We were already using Nedap AEOS in our headquarters, as well as various regional offices. Then, in 2011, the security system used by our 800 branch offices in Belgium needed to be ext...

Nedap Security Management installs AEOS access control system at AZ Alma hospital

AZ Alma was a brand new hospital, created by merging two other hospitals. It needed an access control system that could cope with the demands of high levels of employees and visitors, varying access rights and the flexibility to respond in emergencies. The new hospital also had a vision of being completely keyless. Opportunities offered by AEOS AZ Alma installed Nedap Security Management’s AEOS access control system and implemented several useful features. LEDs on readers, for example, i...