For years, the security industry has relied on a ‘reactive’ model for maintenance on surveillance systems. Older, analog systems, working in concert with security officers, guard dogs, and physical barriers, required less maintenance and management than today’s high-technology IP-based systems. When they failed, people knew because there was no image on a screen. Security systems today are more capable, more powerful, more “virtual”, and more secure—but also more complex, requiring more detailed inspection to ensure their consistent function. Seeing an image on a screen does not mean with IP-based surveillance that video is recording as it should – that’s why so many security teams have faced the “missing video” problem when they go to retrieve video evidence and it is not there. Because there are more things that can go wrong, and go wrong “silently” without someone knowing a failure has happened, most physical security teams are in the rut of reactive maintenance. No one knows when the failure happened. To figure out root cause, a technician is sent to inspect the system. Then fixes are tried, sometimes iteratively, until it looks like it’s working again.
As the Internet of Things grows, adding devices in myriad industries onto IP networks, the ability to leverage a digital twin to maintain these devices becomes a more and more attractive option--simpler to use and more cost-effective to implement. But a digital twin is relatively new technology, and many don’t understand how to use it or what benefits it can provide.
For several years the move to IP-based physical security has been underway, but if you are responsible for maintaining and servicing these systems the reality is your work life has not improved as expected. That is about to change, and quickly, as the combination of artificial intelligence, mobility, and analytics makes the old way of performing service on physical security systems seem antiquated and ineffective. In other words, the transition to IP-based physical security has been hard (and expensive), but massive payoffs are about to emerge from that effort and the first recipients will be project managers and service technicians in the form of an “AI Sidekick”.
Conventional wisdom suggests employee access is the weakest link in enterprise cyber security. Now, there are good reasons to believe that the cybersecurity hygiene of your third-party vendors may be at least as weak as employee access. Third-party cybersecurity matters now more than it ever has before.
CSOs count on video surveillance systems to keep an eye on all areas of their facility, employees, visitors, and equipment, and they need those systems to stay online and functional. In the past, video streams in analog surveillance systems followed distinct, closed paths from cameras to coaxial cables to VCRs. Under this closed surveillance model, if video could be viewed on a monitor, there was little or no doubt that it was also being recorded for later review.
Almost daily there is a new cyber-threat announced, and increasingly they target physical security. A recent Fortinet survey showed that over 50% of CISO’s said their greatest security challenge is the rapid evolution of cyber threats. This should be no surprise, as cybercrime has damaged revenues and reputations at many well-known organizations. In a study from the Ponemon Institute in October 2016 they found the average cost of cybercrime for a company to be $9.5M (up 21% from their 2015 study). It’s pretty clear that cyber-attacks using or manipulating physical security systems are increasing in cost, frequency, and urgency.
Data protection has been in the news a lot recently; not only the issues around hacking and malware, but perhaps more importantly on the issues of how data is handled within (and across) organizations. In 2018 the EU will have the General Data Protection Regulation (GDPR) go into effect, covering millions of people’s personal information. As shown in this chart from DLA Piper, much of the world today is covered by either “heavy” or “robust” data protection. To pull one number out of many to make the point, the State of California alone has over 25 data privacy and governance laws.
Even if you’ve never played “Whack-A-Mole” you’ve probably heard it used as a metaphor for a repetitious and futile task. In maintaining and servicing physical security systems there are a number of manual operations that fall in that category that are better done with automation; checking that default passwords aren’t being used, verifying operational status across multiple sites and/or device vendors, and maintaining an inventory of devices on the physical security network just to name a few. Since there are more than one “Whack-A-Mole” situations our industry deals with I’ll be more specific – the topic of this blog is a situation Viakoo calls “Console Madness”. If you want to stop reading and just see our new infographic on Console Madness please click here – otherwise continue on to see the Madness I’m referring to.
Fact: Organizations across many industries are subject to government and other regulations and must demonstrate physical security compliance on a regular basis.
Every organization has differences in how they accomplish their job, which can be thought of as tradeoffs. Restaurant A might choose to open early for breakfast, trading off the additional employee expenses for ability to gain higher revenues and profits. Restaurant B, considering whether to serve breakfast may decide against it because while it might be profitable it goes against their brand image as the “dinner” place. No one would accuse either restaurant of a bad decision, just a difference in how they decide to run their business and the tradeoffs they make.