This is the ninth article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.
By Ray Bernard, PSP, CHS-III
Sometimes the word “Enterprise” is the top label among several given to sets of product features and capabilities, such as Basic, Professional, Team, and Corporate. Often these labels are retrofit onto existing product capabilities in the hopes of attracting more customers in each category. It doesn’t necessarily mean that the top-of-line product was designed to support all or even most of the needs a large enterprise may have.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
More to come about every other week.
Sometimes the word “Enterprise” is the top label among several given to sets of product features and capabilities, such as Basic, Professional, Team, Corporate and Enterprise. Often these labels are retrofit onto existing product capabilities, in the hopes of attracting more customers in each category. It doesn’t necessarily mean that the top-of-line product was designed to support all or even most of the needs a large enterprise may have.
Industry Technology Adoption
Historically, when the physical security industry has adopted information technologies, that adoption was incomplete. Often the technology understanding is shallow rather than deep, narrow rather than side, and very often technology is adopted without accompanying technology practices. For example, the industry began putting systems onto networks in the 1990s, but didn’t develop and publish an industry standard for MIBs until 2015. Only IT companies with physical security products, such as Axis Communications, provided MIBs for their products until recently. MIB standards for Management Information Base, and it refers to the documentation for the information available from a networked device using queries and alerts per the Simple Network Management Protocol (SNMP).
This is an example of why IT terminology adopted by the physical security industry often does not carry forward the full meaning that is has in the IT domain. So let’s first take a look at the common scope of enterprise class requirements in the IT world, and then see what occurred in our industry.
Enterprise Class Requirements
In enterprise class systems, organizational requirements must be considered in addition to individual user-task requirements. For a technology to be feasible for deployment at a large scale, the dynamics of system size and function combine with organizational needs to create a very large set of requirements.
Requirements vary across different types of technologies, but the basic enterprise-class information systems requirements include:
Availability. This means more than just 24/7 product or system use. Enterprise-wide availability can require multiple languages, 24/7 tech support, and integration with a variety of regional systems whose product versions may vary significantly. It can require Application Programming Interfaces (APIs), as more and more, users are not just people but also other systems, and some users need custom and advanced capabilities that can only be obtained via custom software development (in-house or outsourced) enabled by an API.
For example, for real-time and near-real-time systems, it means taking time zones into account. Enterprise systems that have workflows that involve review and approval, may need workflow routing options that include alternate recipients, to account for people on vacation, sick leave, business travel, unavailable on special assignment, or even just taking personal time off. Availability in context may require accounting for such real-world conditions. In general, availability being available at all the times and in all the ways required not just for the application to perform, but to allow users to keep performing as well within their enterprise context.
Business Alignment. How well does the application fit into the company culture and operational context? If it is a highly collaborative organization, does the application support the required collaboration, or are third party tools needed or out-of-system workflows required? Parks and recreation operations are different from hospitals and manufacturing companies. Does the system act as a force multiplier, allowing fewer people to get more work done more reliably, quicker, and to a higher quality? If not all those factors, which force-multiplier effects are provided?
Compatibility. The word compatibility covers a very large landscape, two key categories of which are: System – referring to operating platforms and interoperability with various devices and systems, and Data –data formats, database integration capabilities, data exchange capabilities (including speed and volume of transaction processing). Legacy compatibility is another perspective. Standards play a large role in system, device and data compatibility.
Manageability. How manageable is the deployed technology? How easily can it be upgraded? How much training is required and what does a typical learning curve involve?
Performance. Does it meet the speed and capacity needs required for its users and operational results stakeholders to be satisfied? How current do dashboards need to be: daily, hourly or up-to-the-minute? How fast can data distribution occur?
Reliability. Can the system be counted on to perform exactly as it is supposed to when being fully utilized? Are there audit trails and logs to verify? What are the options or alternatives in case of any type of failure?
Security. From one end of the system to another, are the integrity and privacy of data maintained at all points throughout the system? Can the system be sufficiently protected given the risk profile, both technical and organizational, of the enterprise?
Scalability. The scalability issue involves maintaining all the above attributes at large scale, which includes high user count, high data processing loads, and high communication levels. To what scale has the system been proven to maintain high performance for the key customer categories and the ways in which their system usage typically varies?
Enterprise in the Security Industry
In the physical security industry, the original objective for Enterprise Class for physical security systems started with a focus on these capabilities:
- Company-wide networking. All site security systems could be networked via the customer’s enterprise network.
- Central administration and operations. The main security administration functions, and security operations functions such as monitoring, could be performed centrally.
- High Availability. Local and central systems will stay online and communicating with extremely low downtime.
- Multi-Language. Limited multi-language support was provided on a per-operator basis, with the capability for language expansion, including user-provided localization.
Many companies did achieve those objectives, but unfortunately progress seemed to stop there, mainly because the required IT practices were not adopted, leaving systems integrators to the impossible task of trying to make up for the lack of proper technological support. The built-in features required to support troubleshooting and management of enterprise size systems are still generally lacking.
For example, how do most customers with hundreds or thousands of security video cameras get their firmware updated? Can they use an automation approach like IT does with large computer deployments? No, and the result is that updates are infrequent and sometimes non-existent. Is cyber security protection common for internet-connected cameras? Also a No. Thus, the latest, and to date the largest, botnet attack was enabled by malware-infected security system video cameras.
Why, in many large corporations, do security investigators report that 10 to 20% of the time they can’t find video that should have been recorded? Can you call it an enterprise class system if the customer assigns operators to manually check cameras and report those found to be offline?
A True Enterprise Perspective
Enterprise requirements should be viewed from the perspective of high task and workflow support for users, strong business alignment, and full support for the “IT way of doing things”. It must include fully understanding and utilizing product design, development and deployment practices. It should not be a case of deciding what’s the minimum that must be done to use the enterprise class label, but what’s the maximum that can be done to support security operations and technology infrastructure maintenance in enterprise scale deployments.
The Full Scope of Enterprise Class
Space does not permit an in-depth evaluation of all the requirements that makes security technology solutions enterprise-ready. However, the next article in this series does contain a checklist that integrators, specifiers and end users can use to evaluate and compare offerings that are labeled “Enterprise Class”, and take enterprise class thinking to a level where it should be.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.