A few years ago at physical security industry conferences the word I heard the most was “convergence”. At that time the meaning of it was how Physical Security and IT were coming closer together, and it was a hot topic because analog technology was quickly giving way to IP-based approaches. With access control becoming tied to identity management, and surveillance being managed, stored, and analyzed on computer networks, it’s easy to see now why that convergence was critical for the industry and one that required rethinking old approaches.
The European General Data Protection Regulations (GDPR) have been in effect for some time now – since May 2018 – and they have already had some significant impacts on how companies around the globe collect, store, and manage data that includes personal information. In fact, the first penalty levied against an organization for non-compliance to GDPR was for video surveillance violations. Many companies that are affected by these regulations have implemented specific compliance objectives to stay ahead of requirements, which include both organizational and technical safeguards to protect the specified data.
As the physical security industry has transitioned from analog to IP-based systems, several advantages have been realized. Yet many organizations still use approaches from the old analog days to manage the lifecycle of physical security devices. Perhaps the reason is that at the device level the benefits of moving to IP are more easily realized (for example, self-test health checks by cameras, storage, VMSs, and others). But for something system-level (like lifecycle management) there have been more hoops to jump through to gain these benefits. With the advent of automated service assurance for physical security systems like Viakoo many (if not all) of these barriers are now removed, paving the way to more cost-effective and comprehensive lifecycle management.
The now infamous Target data breach was transacted by malware being placed on the HVAC system servers. A casino had its “high roller” database stolen by leveraging the network connection of an aquarium thermostat to export the file from the internal network. Leveraging the physical security system’s camera devices a bank was hacked, revealing confidential information. These are just some of the examples of how IoT devices, especially at the edge of a network, can be exploited by cyber-criminals.
There’s a popular business quote that goes something like, “if you can’t measure it, you can’t manage it.” But when it comes to physical security it’s not so easy – because the most meaningful measure is in what does not happen. How many intruders were discouraged and denied? How many secrets and goods were not stolen? And how many damaging data breaches didn’t happen? In demonstrating the value of a physical security team, can we get to a point where these values could be measured, tracked, and have rewards based on it? While for now that may be wishful thinking, maybe we’re a lot closer than you might think. The growth of metrics, analytics, and machine learning in physical security is heading us in that direction.
Do you think IoT devices as part of a physical security network are a blessing or a curse?
It’s happened: you had a major failure of one (or all) parts of your physical security system. Maybe it’s something relatively minor (like the CEO not being able to get access to their office), or something truly catastrophic that is in the news and has dramatically impacted the reputation of your company (and your team). What you should do (after taking a deep breath) to regain and rebuild not just the protection offered by physical security, but the trust and belief that this will never happen again? Here’s a few “best practices” that will start to repair the damage done.
Every security integrator faces this issue. Your customers purchase new physical security systems and devices in order to benefit from the security and risk-reduction features they offer. Once deployed, however, these devices can actually increase risk and liability if they stop operating properly without the user becoming aware of the disruption. The risk compounds when you consider that new IoT (Internet of Things) enabled devices are being introduced to the market and added to users’ networks at an accelerating rate.
To sense the scale and magnitude of changes happening in physical security it helps to put numbers to what is happening across the industry. There is no doubt that the last 5 years have brought a lot of changes to the industry – but can you put data to those changes and trends? To be able to do so is useful for multiple reasons.
Everybody is talking about it, and more and more people are using it. From self-driving cars to predictive analysis and everything in between, artificial intelligence, or AI, is the next big thing in technology (including physical security). 85% of Americans already use AI in some way, from smart devices to complex intelligence for business operations. AI can detect and react much faster than human eyes and hands, and manage complex technology easily, relying on highly sophisticated software to ensure constant and repeatable success. Most importantly, problems or issues that may get missed or overlooked by humans can be reacted to and prevented from becoming serious. In physical security, what might be easily overlooked can quickly become life safety critical.