This is the seventh article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.
By Ray Bernard, PSP, CHS-III
Mobile first means much more than working first on applications for mobile devices, and second on applications for PCs and laptops. It’s not just about development priority. The phrase “mobile first” is short for a slightly longer phrase, “mobile first design.” However, that doesn’t mean “design” in the way the physical security industry has generally performed design work.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 LegacyHow you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2A look at the different H.264 video frame types and how they relate to intended uses of video.
More to come about every other week.
At the ASIS International 2016 Annual Seminars and Exhibits Conference, and the recent ISC West 2017 conference, I had several vendors enthusiastically tell me that their software development was now “Mobile First”. I asked each enthusiastic individual what that would mean to their customers, and most answers were similar to this: “We release improvements first for mobile users, then later for PC and laptop users.” I asked how long it takes them to get to the PC and laptop users. Only one company could easily answer that question, because their web-based application runs on all devices—the application just tailors itself for each device’s screen size.
Mobile First Design
Mobile first means much more than working first on applications for mobile devices, and second on applications for PCs and laptops. It’s not just about development priority. The phrase “mobile first” is short for a slightly longer phrase, “mobile first design”. However, that doesn’t mean “design” in the way the security industry has generally performed design work, and we’ll get to that in just a few paragraphs.
Why is “mobile first” being brought up at all? If all the relevant software development practices relating to mobile first are being applied, the sales person or sales support engineer or product demonstrator should not even be mentioning “mobile first”. They should be demonstrating the new capabilities that their product now offers. To a security manager desiring to improve security operations and the functionality of the security operations center (SOC), what would mobile first mean—that SOC operations are now a lower priority for product development?
As with anything, it’s possible to do a poor job at mobile first design, and then there won’t be much to show or talk about. If mobile first design is being done right, there will be plenty to talk about without ever mentioning mobile first. The customer wants to hear security first. If your product demonstrations show a security first orientation for your application development, then you and your company are relevant.
Mobile First Should Mean Security First
Mobile first is a design approach outlined in 2009 by Luke Wroblewski and explained in his 2011 book by the same name. Simply put, mobile first is designing for smaller screens first, then adding more features and content for bigger and bigger screens. But as I mentioned earlier, it’s not design as typically done in our industry—it’s a much deeper effort and a lot more work.
Mobile first requires a change in design thinking, because the way mobile users use different size devices is not the same. They want to do some things on smartphones, and some things on tablets or PCs or laptops. An integrator’s service tech is not going to install and configure 30 cameras using a smartphone. However, she might want to use her smartphone to remotely adjust the configuration of a single camera that is already installed. An end user may prefer to look at a single camera or two using a smartphone, and may rarely want a view of all cameras. Then again, a SOC operator will almost always want both.
Security first, as I have used it, really means security tasks first. What are the typical tasks that the various categories of users need to perform on mobile devices? With mobile first design, you figure out how those tasks can be most easily performed on the smallest device, and make that as intuitive and easy as possible for that size device. For a small device it’s a minimalist design, due to the lack of screen space. Not all tasks make sense for a small-screen device. Certainly report-writing is not such a task, although report-reading probably is.
Designing for Mobile First
But mobile first also means taking the design thinking one step further. What capabilities do mobile devices have that PCs and laptops don’t? Take maximum advantage of them within the task contexts. For example, how can location be utilized? If an officer on a security patrol takes a photo of an incident taking place, and sends it to the SOC, when the message is opened by the SOC operator, will the cameras views for that area automatically be displayed? If a muster call is made, will the registered mobile devices of facility occupants and visitors be used to automatically locate them and track their arrivals into the designated areas? Are users’ mobile device priorities set so that the locations of smartphones are prioritized over tablets whose locations show they were left behind in the evacuation?
Mobile first means thoroughly and completely exploring how mobile devices can be used to maximize security awareness, command, control and communication in the key risk scenarios of users. Continuing with the evacuation scenario, can a user click a button for “Where is my team?” or “Where is my boss?” Can verbal search, which is often faster than typing and can be performed one-handed while walking, be utilized to check for the status of colleagues or to request help? Can a visitor quickly locate his sponsor? Can a visitor press a button for “Where should I go?” and then have the SOC track his progress getting to the nearest safe area? Can an on-site CPR-trained individual closest to an accident location be located by the SOC?
During incident response, can I hit a single button on my phone, “Call My Team”, and immediately ring all their phones from a conference call? Or press “Share with Team” to send a photo or video to all my team members? How about “Set Team Status Check-In”, that will request that all team members report their status within 20 to 30 minutes, start a timer display on their phones, and collect their responses on a status page?
In each of a facility’s risk scenarios, what are the ways in which a mobile device can help achieve security awareness and response objectives? These of course will vary by facility type, size and other factors.
This is security first design thinking in the mobile first context.
Achieving Security First
If we can’t significantly improve the security capabilities of a facility, it security personnel, and its occupants, then what good is mobile first for customers?
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.