A few years ago at physical security industry conferences the word I heard the most was “convergence”. At that time the meaning of it was how Physical Security and IT were coming closer together, and it was a hot topic because analog technology was quickly giving way to IP-based approaches. With access control becoming tied to identity management, and surveillance being managed, stored, and analyzed on computer networks, it’s easy to see now why that convergence was critical for the industry and one that required rethinking old approaches.
The European General Data Protection Regulations (GDPR) have been in effect for some time now – since May 2018 – and they have already had some significant impacts on how companies around the globe collect, store, and manage data that includes personal information. In fact, the first penalty levied against an organization for non-compliance to GDPR was for video surveillance violations. Many companies that are affected by these regulations have implemented specific compliance objectives to stay ahead of requirements, which include both organizational and technical safeguards to protect the specified data.
As the physical security industry has transitioned from analog to IP-based systems, several advantages have been realized. Yet many organizations still use approaches from the old analog days to manage the lifecycle of physical security devices. Perhaps the reason is that at the device level the benefits of moving to IP are more easily realized (for example, self-test health checks by cameras, storage, VMSs, and others). But for something system-level (like lifecycle management) there have been more hoops to jump through to gain these benefits. With the advent of automated service assurance for physical security systems like Viakoo many (if not all) of these barriers are now removed, paving the way to more cost-effective and comprehensive lifecycle management.
The now infamous Target data breach was transacted by malware being placed on the HVAC system servers. A casino had its “high roller” database stolen by leveraging the network connection of an aquarium thermostat to export the file from the internal network. Leveraging the physical security system’s camera devices a bank was hacked, revealing confidential information. These are just some of the examples of how IoT devices, especially at the edge of a network, can be exploited by cyber-criminals.
Every security integrator faces this issue. Your customers purchase new physical security systems and devices in order to benefit from the security and risk-reduction features they offer. Once deployed, however, these devices can actually increase risk and liability if they stop operating properly without the user becoming aware of the disruption. The risk compounds when you consider that new IoT (Internet of Things) enabled devices are being introduced to the market and added to users’ networks at an accelerating rate.
Physical Security competes with other industries for talent, and there is (right now) a giant opportunity for the industry to be a career magnet for people at the forefront of technology and innovation. To be deeply involved in IoT, cyber-security, machine learning, and cool-as-could-be drone technology and robotics is a giant draw for the best new talent. And those are exactly the leading-edge needs facing the physical security industry.
There are ideas and concepts that you come across that you realize immediately were not developed for your particular endeavor, but nonetheless are very appropriate. As physical security is becoming more oriented around industrial IoT, Big Data, machine learning, and other areas of data science there are some useful ideas for physical security professionals to consider. One of these is “data gravity”; the nature of large amounts of data to draw in applications and processes that take advantage of the presence of that data. If you’re running an IP-based physical security system, you may have already noticed that whether it’s a PSIM (physical security information management), Viakoo for automated system verification, or numerous advanced video analytics applications, there are now a lot more applications being drawn towards the data present in IP-based physical security systems.
As time marches on in physical security, sometimes there are clear markers along the way that fundamental changes have happened. We are all aware that IP-based physical security has taken hold, and the nature of managing and maintaining physical security networks has changed along with it. Is there a line we can draw in the last couple years to say “this is when it all really changed”? I would argue that 2017 is when a distinct change happened organizationally, specifically on how IT is sharing more responsibilities than ever before regarding physical security.
In many organizations, security is still considered an independent issue that is restricted to the security department, and decisions made by the security team are mostly of interest to the board only in relation to their costs or if a significant breach occurs. As physical security continues to take a more central and company-wide role in compliance, brand reputation, and cyber-security, it has consequently become an area your board is likely to want to have more information on – and sometimes will want that information on a moment’s notice.