In talking with several end users and security integrators this week, one thing is clear: we are facing severe limitations on being able to service and maintain physical security systems. Many end users are not letting people onsite, and in some parts of the country there are shelter-in-place orders that limit the ability of technicians to do their normal work. Yet, especially for healthcare and other people working at the frontlines to combat COVID-19, this is a time when they need to know that they and their facilities are secure. In other words, it’s time for the industry to get serious about using digital connections and automation to ensure security systems are always operating as they should.
Access control is one of the most prevalent physical security technologies deployed, and not surprisingly it is getting a lot more complicated. Many organizations operate within a facility or controlled area, with an access control system used to protect the perimeter and enable appropriate access inside the facility. In recent years the combination of environmental design (e.g. “man traps” designed into entrances), need for fast response time when breaches occur, and the need to communicate with first responders with accurate information have placed new data reporting burdens on operators of access control systems.
Physical security systems can be managed and operated in a variety of ways – some methods lead to flawless operation, and some lead to quite the opposite. But when having an operational physical security system is critical – for life safety, business impact of a failure, or other unacceptable outcomes – then it becomes important to know that the system is in fact operating exactly as it should. This is the domain of compliance.
If you’re responsible for physical security, then you might be familiar with the concept of “mean time to innocence”. It’s an IT term that highlights how the network is often blamed for problems, and how the IT team needs to quickly get to the real root cause in order to show that the network is “innocent”. Same thing happens in physical security; for example, if video is not recording properly it often is blamed on the camera device when the root cause may be an issue with storage.
Many organizations are implementing, or have already implemented, cloud-based physical security services to supplement or replace instances of on-premises software and processing. The trend to make everything into “as-a-Service” has brought us popular cloud services including CRM systems such as Salesforce, communication systems such as GoToMeeting, and shared storage such as Box. Security systems “as-a-Service” are also rapidly growing, including cloud-based identity management, access control, and video surveillance, among others. With more than 20,000 cloud services available, consumers and businesses alike have quickly become accustomed to their advantages, including greatly improved access from any connected location, and greatly improved collaboration with other contributors.
This past Thursday evening Viakoo participated in a great event hosted by CapitolSec 2020 in Sacramento – a “pitchfest” where multiple technology companies came to share ideas in front of a judging panel on how their technology could be used to improve the security of election systems. While we’re proud that we were awarded as the winner based on having the most compelling technology solution to this problem, the more important takeaway is that solutions for IoT service assurance and cyber hygiene are needed for broad societal issues, not just commercial or industrial applications.
Because they model a part of the real world, “digital twins” are quickly becoming important business tools for organizations that deploy Internet of things (IoT) devices. Digital twins can help maintain industrial processes, explore new business opportunities, and develop new and enhanced connected products and services. They are particularly applicable to distributed systems such as physical security systems that include many IoT devices, where they can help solve operational issues more quickly and effectively than field diagnostics.
All too often a massive amount of effort is put into specifying, negotiating, and installing a physical security system, yet after it is installed few people can answer the question “how’s it working?”. In the IT world it is very common for uptime to be a key metric for system availability, and in some cases for the system to be specially configured to be high availability. At Viakoo we believe the same should be true for physical security systems – uptime is one of the key metrics, and it should be used to guide the system towards achieving high reliability and availability. The last thing anyone wants from a security system is low availability, right?
The European General Data Protection Regulations (GDPR) have been in effect for some time now – since May 2018 – and they have already had some significant impacts on how companies around the globe collect, store, and manage data that includes personal information. In fact, the first penalty levied against an organization for non-compliance to GDPR was for video surveillance violations. Many companies that are affected by these regulations have implemented specific compliance objectives to stay ahead of requirements, which include both organizational and technical safeguards to protect the specified data.
As the physical security industry has transitioned from analog to IP-based systems, several advantages have been realized. Yet many organizations still use approaches from the old analog days to manage the lifecycle of physical security devices. Perhaps the reason is that at the device level the benefits of moving to IP are more easily realized (for example, self-test health checks by cameras, storage, VMSs, and others). But for something system-level (like lifecycle management) there have been more hoops to jump through to gain these benefits. With the advent of automated service assurance for physical security systems like Viakoo many (if not all) of these barriers are now removed, paving the way to more cost-effective and comprehensive lifecycle management.