This is the 30th article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
What does “future-proof” mean in an era of managed services, continuous delivery, and ever-accelerating technology advancement?
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
More to come about every other week.
When it comes to electronic security systems, the label “future-proof” was originally applied to systems that were expandable to meet a customer’s future needs. One example is a 16-door access control system that could be upgraded to 32 or 64 doors, or to a larger number of card holders, without having to replace the original 16-door system’s equipment. That was the first usage of the term “future-proof” in the security industry – that a rip and replace upgrade was not required simply to expand the size or capacity of the system.
The original Schlage Electronics proprietary proximity card access control systems were considered future-proof because they were durable and had a decades-long operational life when installed per the manufacturer’s instructions. The technology was wildly successful but had a technical limitation. Only so many unique cards could be manufactured. Thus, the product became obsolete in the sense that its success brought them to the point where new systems could no longer be manufactured and sold, even though even 20-year-old systems were still operating as intended.
In the 20th century, security products typically had a life cycle of 10 years or longer. They were standalone systems made for single buildings. Many customers expected that somewhere between 5 and 10 years after a system’s purchase, they would replace the system with a new and improved product. That set the roughly 5-year pattern for end user security trade show attendance. It was a small industry back then. The 1987 International Security Conference (ISC) had 75 vendor booths.
The Arrival of Networks
However, in the last 15 years of the 20th century, Ethernet networking arrived, along with personal computers, software and upgradable device firmware. Standalone security systems started being replaced by multi-building networked systems. After the year-2000 (Y2K problem) corporate network upgrades, enterprise networked security systems arrived. Company-wide rip and replace of security systems was no longer desirable or financially feasible. The cost and disruption could rarely be justified by the incremental security product improvements.
Thus, leading security industry manufacturers, especially Bosch Security, strove to maintain new product compatibility with existing installed products. To this day Bosch can credibly brag on security trade show floors that the advanced systems now on display are compatible with nearly all its installed security products.
As the security industry continued to adopt information technology, the use of the “future-proof” label started to include the idea that software feature development would continue year after year, so that the future functional needs of customers would be supported. Major and minor software upgrades and new product introductions were timed for release at the ASIS International and ISC West annual conferences.
21st Century Death of the Lengthy Product Life Cycle
In the digital world we now live in, many device functions are virtualized. Multi-purpose devices such as smartphones are commonplace, and devices can be upgraded electronically making them increasingly more useful. Product manufacturing life cycles are getting shorter, even though the operational life of products remains the same or is now longer, due to technology improvement.
For example, in 2010 my company specified a certain make and model of camera by Axis Communications for specific outdoor uses. It was the first network camera that could operate at 12 frames per second (fps) at its full 5-megapixel resolution. Competing 5-megapixel cameras could only serve up 3 or 5 fps. The following year, when it was time to deploy the same design of video system at other sites, that model Axis camera was no longer available. It had been replaced by a newer model that had more features and cost $300 less. The original cameras are still working well and have a total useful life exceeding 10 years. The original camera model was manufactured for only two years. It was made obsolete for manufacturing by technology advancement, which made possible a better camera at a lower manufacturing cost. Axis has continued introducing new and better products at an amazing rate, thanks to its innovative mind-set and the ever-increasing pace of technology advancement.
Cloud Clobbers Product Life Cycle
In the world of business information systems, cloud-based systems are largely replacing on-premises client/server-based systems. In the cloud both software and hardware evolve and advance, with no on-premises impact. In the cloud world, products (applications or web service functions) are services available via subscription. There may be a product life cycle for the laptop, tablet, phone or other device through which the cloud application is used, but there isn’t an equivalent product life cycle for the cloud application or web service. Customers expect it to be updated continuously beyond the foreseeable future.
The cloud “product life cycle” is continuous. Technically speaking it has practically a zero-length product cycle and at the same time an infinite length because change never stops from the consumer’s perspective. The life of the cloud service will likely outlast the life of the consumer.
Does the term “future-proof” have any meaning in this kind of situation?
The nature of future-proofing for security industry products is being changed dramatically by the infusion of information technology and its many technology trends, including virtualization, miniaturization, lower-power, mobility, cloud connectivity, big data, artificial intelligence and machine learning. In the previous century, with physical products whose feature sets and capabilities were fixed, future-proofing meant establishing a set of product attributes that guaranteed the long-term usefulness of the product. In the 21st century, formerly physical products have been virtualized so that the physical form factors are in most cases replaced (such as the virtual phone keypad) or miniaturized (like the tiny 10-megapixel phone camera lens), and often also made mobile.
Physical products are virtualized to the maximum extent possible, resulting in what are called cyber-physical systems. According to the National Science Foundation (NSF), “The term ‘cyber-physical systems’ refers to the tight conjoining of and coordination between computational and physical resources. The NSF envisions that the cyber-physical systems of tomorrow will far exceed those of today in terms of adaptability, autonomy, efficiency, functionality, reliability, safety, and usability.”
The NSF’s Cyber-Physical Systems Program page further states, “Research advances in cyber-physical systems promise to transform our world with systems that respond more quickly (e.g., autonomous collision avoidance), are more precise (e.g., robotic surgery and nano-tolerance manufacturing), work in dangerous or inaccessible environments (e.g., autonomous systems for search and rescue, firefighting, and exploration), provide large-scale, distributed coordination (e.g., automated traffic control), are highly efficient (e.g., zero-net energy buildings), augment human capabilities, and enhance societal wellbeing (e.g., assistive technologies and ubiquitous healthcare monitoring and delivery).”
Cyber-physical systems can be mobile like a smartphone, or stationery like the smart electrical grid. The Department of Electrical Engineering and Computer Sciences (EESC) at UC Berkeley provides a concept map for cyber-physical systems, originally developed by NIST in 2012, converted to a picture by Prof. Edward A. Lee of UC Berkeley, with continued development by various contributors to the UC Berkeley initiative. Looking at the concept map, you can see a lot of terminology that is currently being used in discussing updated and emerging physical security industry products.
We are already seeing cyber-physical systems for outdoor event security that create a virtual fence around protected areas and people, with real-time presence control features (the term access control doesn’t really apply).
As it turns out, the advancement of technology has made the term “future-proof” not only more relevant to, but also critically important for, all physical security industry products.
The New Definition of Future-Proof
Today, a physical security industry product or system is future-proof when (a) its feature set – including cybersecurity features – can be synchronized in real-time or near-real-time with its manufacturer’s product advancements; (b) it supports standards-based and emerging protocols for Internet and local connectivity and interoperability; (c) it has an open and secure API that can be utilized by other products and systems, and its API improvements don’t break previous API capabilities except where required for cybersecurity purposes; and (d) its manufacturer is committed to ongoing innovation consistent with user- and partner-community feedback.
Note that it is acceptable for relatively inexpensive and easily-replaceable products to become obsolete by way of a significantly better alternative. Such products don’t have a future-proof requirement. It is not acceptable for deeply or widely integrated products and systems to require complete replacement. Today’s emerging products are designed to be part of an evolvable technology infrastructure and that requires the future-proof attributes defined above.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.