This is the 23rd article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.
By Ray Bernard, PSP, CHS-III
Mobile devices such as smartphones and tablets have changed the technology landscape, and in doing so have expanded the number of users for security applications.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 LegacyHow you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2A look at the different H.264 video frame types and how they relate to intended uses of video.
More to come about every other week.
Roles and Responsibilities
I’m a proponent of risk-scenario-based security design and planning, which to my thinking includes roles and responsibilities for those monitoring and responding to risk situations. Consideration of risk scenarios should include the situational awareness required for responders and impacted individuals to perform their roles and fulfill their responsibilities in safeguarding people and property when threats are active and the risk situation changes. Situation response may be limited to “help myself and those around me get safe,” but even then, that often requires situational awareness of factors outside of one’s immediate observation.
In the 20th century, physical security was siloed off from other organizational functions, and so a lot of security industry software and systems – including those that inform situational awareness – took a narrow view of their scopes and intended users, to match the narrow scope of security. Today, in the 21st century, a growing number of organizations expect security to be aligned with other business functions. Thus, the situational awareness aspects of security industry products are expanding beyond physical security’s traditional scope.
Mobile Devices Expand Situational Awareness Capabilities
Mobile devices such as smartphones and tablets have also changed the technology landscape, and in doing so have expanded the number of users for security applications. Consequently, to serve this new users group, traditional security applications have expanded their functionality and new applications have arrived to support them. One such application is ambit™, which expands the scope of security situational awareness for individual personnel (such as employees or students).
Another example of application is Octopus®, which integrates with and collects data from multiple physical security, cyber security, safety, data, and sensory systems, prioritizes incidents from the gathered data, and enables making more informed security decisions faster. The software is divided into two main interfaces:
- Security management system for the organization’s command & control center
- Mobile application for: security forces, patrols, employees, operational staff, and users
Such applications address the fact that there are two new situational awareness factors involved in responding to risk situations:
- Security command & control centers now know the exact locations of at-risk personnel and can communicate with them instantly – individually, in groups or altogether.
- Personnel on-site or in the field can be kept aware of risk situations, to avoid them or to help assist others who are impacted by them.
Personnel responding to situations on-site or in the field can be kept updated in real time, with photographic information as well as descriptive data. Situational awareness is no longer limited to command & control center personnel, and status updates are no longer limited to radio or telephone conversations. The extent of situational awareness is vastly expanded. This is an important resilience factor for many organizations.
Addressing Administrative Risks
For decades, identity and access management (IAM) for physical security has difficult been to manage, in direct proportion to the size of the managed personnel population. It has also lagged behind the IAM capabilities in the IT world. That’s changing now, due to advancements in software applications that are providing new capabilities.
Historically, at least in physical security, IAM was not included in situational awareness thinking. However, many security incidents occur due to physical access vulnerabilities. Thus, real-time access management should include addressing vulnerabilities as they occur. Personnel responsible for access management would rather respond to a vulnerability occurrence (such as a door propped open or nowadays an access policy violation) rather than a resulting security incident.
For example, two applications deal directly with policy violations: AlertEnterprise® and OnGuard® Policies. Both can issue alerts or alarms when an access policy is violated, such as by an access privilege assignment to an individual not authorized by policy, or where access assignments violate an access management principle, such as separation of duties. Correctly setting policies means that access control privileges (access levels or clearances) must conform to the established policies, for the sake of corporate governance as well as regulatory compliance.
Situational Awareness Planning
We must expand our situational awareness thinking beyond its former constraints. That is the only way we will be able to plan for and achieve enough situational awareness at the strategic, operational and tactical levels that today’s technologies can provide. The next and final article on this topic introduces the Hospital Incident Command System, and uses it to provide a detailed explanation of how situational awareness should be considered in incident response planning and incident resolution.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.