This is the 63rd article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.
By Ray Bernard, PSP, CHS-III
We have reached a juncture in physical security technology that is making most of our past thinking irrelevant.
All-in-one RWOB
MAXIMIZE YOUR SECURITY OPERATIONS CAPABILITIES
Upgrade your security operations effectiveness through Security Technology Strategic Planning. Provably get more for your company's security technology investment.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#56 IoT and IoT Native: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#57 Cloud Native IoT: A continuing look at what it means to have a 'True Cloud' solution and its impact on today’s physical security technologies.
#58 Bluetooth vs. Bluetooth LE: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#59 LPWAN - Low-Power Wide Area Networks: Emerging IoT smart sensor devices and systems are finding high-ROI uses for building security and safety.
#60 Edge Computing and the Evolving Internet: Almost 15 billion personal mobile devices and over 22 billion IoT devices operating daily worldwide have shifted the Internet’s “center of gravity” from its core to its edge – with many implications for enterprise physical security deployments
#61 Attack Surface: (Published as a Convergence Q&A Column article)An attack surface is defined as the total number of all possible entry points for unauthorized access into any system.
#62 Autonomous Compute Infrastructure: We’re on the brink of a radical new approach to technology, driven by autonomous operations.
#63 Physical Security Watershed Moment: We have reached a juncture in physical security technology that is making most of our past thinking irrelevant.
#64 Access Chaos: For 50 years we have had to live with physical access control systems that were not manageable at any large scale.
#65 AI and Automatiom: Will engineering talent, business savvy and capital investment from outside the physical security industry bring technology startups that transform reactive security to proactive and preventive security operations?
#66 Interoperability: Over the next five years, the single greatest determinant of the extent to which existing security industry companies will thrive or die is interoperability.
#67 AI Model : One key factor affects the accuracy, speed and computational requirements of AI
#68 Interoperability – Part 2: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#69 Interoperability – Part 3: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#70 Operationalizing AI: AI is not a product, but a broad category of software that enables products and systems to do more than ever before possible. How do we put it to good use?
#71 Shallow IT Adoption – Part 1: It’s not just about being IT compliant, it’s also about leveraging IT capabilities to properly serve the needs and wants of today’s technologically savvy customers.
#72 E-waste – an important security system design issue: Now e-waste is an important design issue not just because of growing e-waste regulations, but because educated designers can save enterprise security system customers a lot of money.
#73 LRPoE - Long Reach Power over Ethernet: A dozen factors have improved the business attractiveness of network cameras, making it more desirable to place cameras further from existing IT closets than the 328 foot limitation of standard Ethernet cable.
#74 NIST Declares Physical Access Control Systems are OT: Does it really mean anything that OT has joined the parade of labels (IT, IoT, and then IIoT) variously getting applied to security systems?
#75 Future Ready: Google sees the term "future-ready" trending up across many subject domains. But does that term apply to the physical security industry and its customers?
#76 Data KLiteracy: AI needs data. Thus, the ability of any department or division in an organization (including security) to use AI effectively depends on its ability to effectively obtain and utilize data – including security.
#77 Security Intelligence (upcoming): AI brings two kinds of intelligence to physical security systems – people bring the third.
More to come about every other week.
The Global Security Operations event (www.gsoevents.com) is fast upon us and this is the kind of pivotal technology information that this powerful event covers.
The term “watershed moment” is an idiom that refers to an important event that changes the direction of history. (ProWritingAid)
A watershed moment is a turning point, the exact moment that changes the direction of an activity or situation. A watershed moment is a dividing point, from which things will never be the same. It is considered momentous, though a watershed moment is often recognized in hindsight. (Grammarist).
Physical Security Watershed Moment
We have now reached a physical security industry watershed moment, in which we are making a complete break in security technology capabilities from the products and deployments of the past. It has been hard to see but now the evidence is appearing. The next 10 years of physical security will be a radical transformation from the previous 50 years.
Take video surveillance, for example. Security video deployments have always been compromised for several reasons, and the two primary reasons have been low technology capabilities (compared to actual needs) and high technology costs.
Cameras were only so capable. The cost of putting cameras everywhere you wanted them made sufficient video coverage unaffordable. As camera capabilities increased (megapixel coverage) and cameras became more affordable in terms of coverage per camera field of view, we encountered the scale problem.
We now have more camera views than even multiple staff can utilize effectively in many types of incident response situations. Even if we filter out false alarms and identify an incident in real time, our ability to track the real time activity can’t keep up with the scale of action as events unfold.
Security Industry’s #1 Failure
This number one failure in the physical security industry has been: we keep claiming that products achieve “situational awareness” but that’s only if the situation is evolving at a snail’s pace. Otherwise, we fall minutes and hours behind what’s going on in real time.
Security operations centers are almost always playing catch-up from the moment we detect an incident, which is usually minutes to hours after the fact. Rarely are the security responders called to action when they are first needed, and even then, they can’t keep up.
If you don’t agree with me, then visit the website of Liquid360 and see what true situational awareness looks like. Is this emerging technology a result of an advancement from within the security industry? No. It was the result of a mother being separated from her 5-year old daughter, who disappeared in a New York hotel.
Her daughter had been missing for less than 5 minutes when she confirmed her absence. She called the security control room operator using her cell phone and ran throughout the floors checking stairwells and calling her name, always continuing to speak to the control room operator by phone, hoping to hear some new of the security staff locating her on video.
After working her way down from the hotel club floor to the first floor, she was riding the escalator to the street level – just in time to see her daughter pushing open the heavy glass door to the street.
She called her name and ran down the escalator as her daughter flew in her arms. Had she waited in the control room for a video search, her daughter would have walked out into the city alone, and the police would have been called.
The security video cameras, whose primary purpose apparently was recording, were of no help. She found the situation so reprehensible that she searched for and found the right people to help her design and develop a true solution to the problem.
Liquid360 makes security surveillance useful at any scale, regardless of how many cameras there are or how many buildings or building floors there are.
It takes charge of the camera fields of view and lets you navigate them using a transparent (i.e. see-through wall) visual digital twin of your facility. It will point your PTZ cameras where you need them to be looking during incident response, and you can jump from one point of view to another – inside or outside of buildings – and the camera views will show you exactly what’s going on at that moment.
How bad is an industry failing when the people we’re trying to protect have to take security technology design into their own hands, because we’re simply not taking true advantage of available technology?
Security Industry Technology Lag
For years I’ve been saying and writing that the physical security industry lags 5 to 15 years behind the advances of information technology. I should have also included gaming technology.
Look closely at the clip at the top of the Liquid360 home page. It looks like a video game, doesn’t it? The bad news is that for years our own kids have been using visual technology that’s more advanced and more highly usable in time-critical situations than the best that we’re making and selling now. The good news is that groundbreaking technologies are changing that situation.
This is the watershed moment in physical security: technology has now advanced exponentially as has its affordability, to the point where low technology capabilities, high costs and other factors will no longer constrain our physical security system deployments going forward. Only our own thinking will! See Figure 1 below.
Physical Security Watershed Moment 1920×1080
The security industry has been building up to this moment for over a decade, but it’s been too hard to see. That’s why I created the Global Security Operations event, which James Connor helped me launch. He also co-hosted the initial events with me when it got started.
The GSO event takes a 3- to 5‑year look ahead at the future of security leadership and physical security technology. This event is as different from typical security conferences and trade shows as you can get. Figure 1 above is one slide from a GSO Event work session about the state of technology today.
If you think a 5-year look ahead is future-oriented, think again. Our industry is far behind because we’re nowhere near as forward-thinking as we could be and need to be.
In a recent white paper about Autonomous Compute Infrastructure, Dell Technologies gave profuse thanks to the Society of Automotive Engineers (SAE) for its contributions to Dell’s thinking about automation, which is reflected in the Autonomous Compute Infrastructure Framework that Dell developed.
A Truly Useful IT Convergence Perspective
I originally came to the IT world from the automotive industry, which is one of the reasons why I have tracked that industry’s progress over the years.
Computer chips found their way into automobiles in the late 1960s and early 1970s to manage simple things like fuel injection and transmission shifting. Now they handle everything from locking doors and calculating fuel efficiency to emergency braking, traction control, autonomous parking and several types of self-driving vehicles.
It’s a challenging computing environment. Imagine a tire pressure sensor that has to communicate wirelessly to a dashboard receiver while bouncing up and down on the roadway at 60 miles per hour – which is about 14 revolutions per second. And we think that connecting a wireless camera is a challenge?
It is the automotive industry that had its first convergence conference in the U.S. back in 1974. That’s right: 300 engineers converged on Detroit for that conference, which at last check had over 8,000 engineers attending – mostly young engineers.
Why do I mention all this? Over a decade ago, the SAE convergence conference announced that they were focused on taking a 40-year look ahead at where technology is taking mobility.
No wonder we’ve started seeing autonomous vehicles. Technology advances exponentially fast, and that 40-year look ahead has been showing up in 15 years, and now 10 years, due to ever-accelerating technology progress. Who do you think, for years, has been designing vehicles for the moon and mars?
Can you see why we need to recalibrate our security technology thinking so that we finally quit disappointing our largest and best customers?
Security Industry’s #2 Failure
The number two failure of the security industry is the proliferation of products and systems that aren’t manageable at any but the smallest scales of deployment.
Managing Technology at Scale
Our industry makes and sells products that can’t be managed at scale. If you don’t think so, consider this. Let’s say the FBI said there was a credible cyber threat in a specific business sector that’s targeting security cameras; and the FBI advised that sector to immediately update all security camera firmware and digital certificates (due to the vulnerabilities being exploited) and change all camera passwords due to the number of compromises that had already occurred.
How long it would take to make those changes to 1,200 cameras? Days? No. Weeks? Maybe. A month or more? Most likely “more,” whether via a service request to an integrator or an assigned task to internal staff.
Which is why Viakoo designed an automated solution that lets you perform all those actions in a matter of days for 1,200 cameras or more, because every site with cameras can be updated simultaneously.
However, it’s not just devices that can’t be managed at scale.
Managing Physical Access at Scale
When you have thousands or tens of thousands of employees that need physical access privileges, the larger that population is the harder it is to actually ensure that all access privileges are correct and stay that way.
But we’ve lived with that situation for decades, and surely what we do now is better than what we did decades ago, right? But is it an acceptable situation?
Well, let’s think more specifically about that. How many unauthorized people is an acceptable number to have in areas where you don’t want them? We really want to say, “zero.” But we know we can’t assure that. There are significant insider threat risks involved that are very hard to measure exactly but definitely exist.
I don’t want to belabor this point because finally, after 50 years (when physical access cards were first introduced), there is a solution that not only encompasses all forms of physical access control – including locks and keys – but even logical access control for information systems and computer applications.
I’m talking about Gathid website (formerly Access Analytics from RightCrowd). These are the folks who for over a decade, have been helping the largest Fortune companies deal with the access privilege management problem.
Using an earlier generation of information technology, they were able to solve the problem with customized integrations across a plethora of large enterprise systems, including visitor management, HR and identity management systems, logical access directories, and so on – so that things like safety training and contractor insurance requirements can be fully accounted for and auditable.
Due to the scale and complexity involved, until now such deployments were only affordable for the very largest of end user companies.
However, advances in technology – combined with some brilliant thinking at RightCrowd – have now made it possible for all elements of access privileges, physical and logical, to be managed at any scale by taking utilizing the same processes and procedures that companies already have in place and providing every access decision-maker with a tool that lets them instantly see the access privilege landscape from any perspective needed, with views by individuals, groups, access requirements (like training) and even combinations of physical access that are prohibited or required (as per separation of duties and two-person rules). It’s all viewable instantly with just a few clicks or selections.
The secret to doing this is similar to Liquid360’s approach. Access Analytics provides visualization into the access privilege landscape from any needed perspective, with individual, group or overall views. It’s situational awareness from an administrative perspective, and we’ve never had anything like this before. This is groundbreaking technology.
Changing Our Thinking
Although I’ve used a few new technologies to provide some insight into physical security’s watershed moment, the focus of this article is not about products, but about our own thinking.
We need to update our thinking, because we can now effectively address major security technology weaknesses – which also means security operations weaknesses – that we’ve had to live with for decades.
However, we can no longer rip and replace all our systems like we used to. They’re just too big. And that’s the genius factor in the design of Liquid360 and Access Analytics. Those products work now with whatever technologies and systems are in place, and they are instantly usable with only minutes of training. Their technology deployments take a fraction of the time compared to what we’ve been used to.
This article has touched on just two aspects of the physical security watershed moment. There is also a watershed moment occurring in IT as well. They both have profound effects on the future of physical security system deployments.