Security management in banking is a discipline unlike any other. Rather than integrating all security into one centralised system, some banks choose decentralised security for their branch offices. AEOS, a leading platform in integrated security, turns out to be just as effective when deployed decentrally.

”We were already using Nedap AEOS in our headquarters, as well as various regional offices. Then, in 2011, the security system used by our 800 branch offices in Belgium needed to be extended with access control. Because we were already aware of AEOS’s capabilities and very satisfied with its performance, it was a logical step to ask Nedap to solve our problem.” - Joris de Greve, Security Manager at ING Belgium.

Key management challenge

ING’s 800 branch offices in Belgium were already equipped with autonomous intrusion detection and camera surveillance. All doors and their accessories, such as locks, push buttons and door contacts, were monitored and controlled by the intrusion detection system. Doors were opened and closed using keys in security cylinders. A central alarm management system handled alarms coming in from local intrusion control systems.It was virtually impossible to keep track of the physical keys and who was authorised to use them"

Key management had become a problem, according to De Greve. ”It was virtually impossible to keep track of the physical keys and who was authorised to use them. We had no central database in which authorisations could be assigned or retracted.” In addition, changing locks, replacing keys and keeping key plans up to date had become difficult. “It was time for an electronic access control system,” explains Peter Rommens, Country Manager at Nedap Belgium. “Since all peripherals were connected to the intrusion detection system, the scope of the project was clearly defined. We were looking purely at access control at one or more doors per office.”

Expanding the centralised AEOS system

After considering a wide range of solutions, ING eventually selected two for further evaluation. One was to add access control to the existing intrusion detection systems. This was technically the least complicated option, because the basic infrastructure and necessary hardware were already in place. The other option was to expand the centralised AEOS system that was already up at headquarters and regional offices to include access control at the branch offices.

The latter offered the major advantage of being able to connect all branch offices to one central database, while retaining the ability to delegate responsibility for authorisations to lower-level security management layers. Other benefits of this option included its system architecture, the proven stability of the system for large numbers of offices and cardholders, the system’s scalability and flexibility, the native IP controllers’ ability to communicate peer-to-peer and bypass the server, and the system’s redundant facilities and security (failsafe, switching servers, etc.).

Flexible and extra secure

The factor that clinched the deal was that AEOS allowed for decentralised management of separate units and the use of entrance filters. This meant local offices could be authorised to manage their own security without access to other offices’ data, Joris de Greve explains. “The bank’s security structure is based on central access to buildings and central facilitation of technical solutions, but decentralised security and access responsibility per zone. Therefore, the system must allow us to cluster cardholders into groups with different authorisations. AEOS supports this.”Cardholders who lose or forget their badge are issued a replacement while the original badge is invalidated"

“Another factor was ING’s requirement that authorisations not be assigned to a badge, but to a cardholder,” adds Rommens. ”This builds in extra security: cardholders who lose or forget their badge are issued a replacement while the original badge is invalidated. This guarantees there are no unaccounted-for, authorised badges ‘floating around’.

Decentralised approach

ING combines centralised and decentralised policies. Overall security policy is set at top headquarters; security management there decides who is authorised to manage accounts and which authorisations may be assigned. This is part of the bank’s security structure. We ask ING Belgium Security Manager De Greve to illustrate.

“For example, the Milan office uses a server in Belgium and the technical facilities provided by central security management. However, the management in Milan are in full control of who is allowed access to their building and when,” he says.

User training is also decentralised. There are some 500 administrators, all of whom were trained internally and decentrally. AEOS enables this flexibility. Because AEOS is web-based, interventions are simply and swiftly carried out.

Keeping an eye on things

A consequence of decentralisation is the need for reports. “Central management wants to keep an eye on what is happening at the various branch offices,” De Greve says. ”Is security functioning properly? And are offices complying with security policy?” He believes reports “are also a valuable management tool.” For example: how many people are at work at any given time, or whether people only come in a few times a week. “This helps us to make sound decisions concerning flexible office space, for instance, and that’s an important way to reduce costs.”

Proxy offices roll-out

ING BE has two different types of offices: Proxy offices where all money is distributed by ATMs and Full Service where staff behind counters provide service. In both types of branches local staff is present and mobile specialists are available to respond to specific needs or questions customers may have.

Nedap is currently installing AEOS at the 800 Belgian branch offices at an approximate rate of nine offices per week. Peter Rommens explains how the roll-out is being organised logistically: “In preparation for installation, ING centrally creates the appropriate authorisations in AEOS. Then, Nedap’s business partner defines the configuration and uploads this to the controller. This means on-site installation is quick; once the controller is connected and deployed, the system is up and running.”Each office is prepared for expansion of its access control or the addition of other security functionalities"

AEOS at proxy offices

“The bank preferred our proposed solution, with one AP4803x per branch office, over a solution with one or more AP6003 network controllers per office but only one AEpu per ten offices,” Rommens says. “Although having one AEpu per office is costlier, availability is more sure with the AP4803x and it offers more long-term advantages. It means each office is prepared for expansion of its access control or the addition of other security functionalities.”

Proxy offices are defined as individual access control zones. Each office has its own profiles defining who is allowed access and on what basis. Proxy offices are secured with readers and a key replacement badge. The alarm system runs separately from the access control system. The badge only provides access, while arming and disarming the alarm system requires identification. In line with existing policy, if an unauthorised person finds a badge and tries to use it when the office is empty, this sets off an alarm. If a person tries to use a stray badge when the office is manned, he or she is immediately exposed by staff (social control).

“Badges are also blocked based on expiry date or end of contract because in general the fewer badges in circulation and the fewer people with access, the smaller the security risk,” says De Greve.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Nedap Security Management news

Nedap partners with Touchless Biometric Systems to host Security Integration Forum 2019

Nedap and Touchless Biometric Systems (TBS) are hosting the first Security Integration Forum in the Middle East on 7th October 2019. Held at the Conrad hotel on Sheikh Zayed Road in Dubai, it will bring together technology businesses and experts. The aim is to enable discussion of the latest security industry trends and potential collaborations, and showcase advanced technologies and integrations. The highlight of this first Security Integration Forum is the live experience area. Here, in a liv...

Nedap partners with Mitie to provide access control systems in the UK market

Mitie Fire & Security Systems announces Nedap Security Management as a partner of choice for access control in the UK. This new strategic partnership builds on a close relationship developed between the two organisations while working for clients in a range of sectors, from large automotive manufacturing to high street retail outlets. Complex security solutions Chris Watts, Director of Mitie Fire & Security Systems says: "Mitie's relationship with Nedap has gone from strength to stren...

Intersec Saudi Arabia 2019 records the presence 111 exhibitors from 20 countries

The 3rd edition of Intersec Saudi Arabia got underway with 111 exhibitors from 20 countries zooming in on the Middle East’s largest commercial security and fire safety market. Running for three days at the Jeddah Centre for Forum and Events, Saudi’s foremost security, safety, and fire protection trade show targets the Kingdom’s vast market which is estimated to grow at an annual compound growth rate of 7.7 percent over the next seven years. It was opened yesterday in a pre-sho...

Nedap Security Management case studies

ROCKWOOL chooses Nedap’s Global Client Programme to secure its offices and factories worldwide

Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the programme, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardisation across sites, shorter implementation times a...

Nedap’s AEOS installed at ING’s branch offices in Belgium

Security management in banking is a discipline unlike any other. Rather than integrating all security into one centralised system, some banks choose decentralised security for their branch offices. AEOS, a leading platform in integrated security, turns out to be just as effective when deployed decentrally. ”We were already using Nedap AEOS in our headquarters, as well as various regional offices. Then, in 2011, the security system used by our 800 branch offices in Belgium needed to be ext...

Nedap provides physical access control and long-range readers for vehicle identification at the AZ Zeno medical care

Technology company Nedap has provided physical access control and long-range readers for vehicle identification at the new AZ Zeno medical care centre in Knokke-Heist (Belgium). AZ Zeno, which opened in April 2018, consists of a hospital with rehabilitation centre, an outpatient clinic, auditoria, public event space and a heliport. Nedap Identification System and Nedap Security Management have worked together on this extensive project.    It is AZ Zeno’s highest priority to guar...