This is the 29th article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
While hype and misunderstanding surround what The API Economy is about, the fact is that it will have a significant impact on the physical security industry moving forward.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#56 IoT and IoT Native: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#57 Cloud Native IoT: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#58 Bluetooth vs. Bluetooth LE: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
More to come about every other week.
But despite the realities behind the term, enough misunderstanding and foggy thinking has entered the picture, resulting in business initiatives that didn’t achieve their intended results. It prompted Ed Anuff, then senior vice president of strategy at Apigee (a company providing an API platform and tools, now part of Google), to write an article for TechCrunch titled, “Almost everyone is doing the API economy wrong.”
So, given past history, what are the chances that we’ll get it right in the physical security industry?
You probably already know that API stands for “application programming interface.” It’s a way that applications can talk to each other. APIs have been around for decades. We use them for integrating various components of physical security systems. So, it’s nothing really new, right? Then, why all the hype? Is it just marketing departments rebranding SDKs (software development kits) and making a big deal out of them? Is it just a cloud application term that’s getting over-hyped up like other things in IT?
In the Preface to the IBM Redpaper™ titled, Getting Started with IBM API Connect, the authors state:
Application programming interfaces (API) act as the digital glue that links services, applications, and systems together to create compelling customer experiences. Using APIs you can create interfaces between back-end systems and applications that can help you bring new digital services to market, open revenue channels, and exceed customer expectations.
There has been enough hype around APIs that, in his Forbes article titled, “2017 is Quickly Becoming the Year Of The API Economy”, Louis Columbus was prompted to write, “Senior management teams need to de-hype the entire issue of APIs.” So, at the same time that The API Economy is reaching its highest peak to date, many people are getting it wrong and hype abounds.
Origin of “The API Economy”
The term came about as a way to label the real-world phenomenon that the success of some entire businesses evolves around the APIs they use to conduct business. Decades ago, you had to walk into a store or have a sales representative come to visit you. Nowadays, we pick up our phone or tablet computer and click on a few buttons.
Those few button-clicks use APIs to initiate actions in the company’s information systems. The company’s web pages use an API to take your order. The company’s “order department”, which has been virtualized into software, accepts the order, and sends the information to other business applications to ship the product. The company’s business applications arrange the shipping via the APIs of UPS or another shipper, and notify the customer by text message or email, using another set of APIs, that the order is being shipped and provides a link to the shipper’s web page that will display the real-time status of the shipment (the link uses the shipper’s APIs). All of this you already know about and have experienced, except perhaps for thinking about the APIs that do the work behind the scenes.
Using APIs, Boeing and General Electric jet engine systems send real-time engine status and diagnostics information to their databases, and the set of applications analyze the data. The companies notify their airline customers’ service departments of service required so that service technicians can be ready and waiting with the right parts and tools to perform service the instant the plane lands. This is all accomplished by the use of APIs.
There are various types of APIs and some standards around them, but the point of this article is not about the technical bits and pieces of APIs. (That’s mostly what you find on the Web on this subject.) The point is that large parts of our global and local economies are API-driven.
What The API Economy Means
The term The API Economy came to mean several things:
- That part of the economy whose business and financial transactions are enabled by APIs.
- The way that APIs can positively affect an organization’s profitability.
- A perspective for thinking about application interaction from a business-value perspective rather than a technical perspective.
I haven’t seen the third definition written anywhere else, but it’s a critical one for the physical security industry, and we’ll circle back to it in a moment.
Some businesses do business together without humans having to talk to one another. It’s all handled through their business system APIs instantly, anytime.
“Getting one’s API Economy act together” means figuring out how APIs can be used to further the purposes of the business, accomplish more transactions at high speeds and scales, and either directly drive revenue or drive results that support expanded or continued revenue generation. These can be customer service improvements, for example. I’ll be touching on this theme again in two upcoming articles in Security Dealer & Integrator magazine, on Total Cost of Ownership and Total Cost to Serve. Believe it or not, there are API Economy factors at work impacting both types of costs for security industry manufacturers, service providers, and customers.
Mexico City’s Use of APIs for Citizen Protection Systems
[2020 Update:] An excellent example of the use of APIs is the 2019 Mexico City My Streets security initiative, which by the end of 2020 will have installed 49,000 outdoor security cameras, each with a citizen warning light and a panic button to summon emergency response, in the 333 highest crime areas in Mexico City. The devices connect back to the city’s Center for Emergency Attention and Citizen Protection (police and emergency services command center).
The first 13,270 cameras were installed by the cloud services provider OmniCloud, based in Mexico, whose cloud-based OmniView PSIM provides the user interface for the emergency center’s personnel. The cameras utilize 4G LTE wireless Internet connections to the cloud-based Eagle Eye Video Platform. OmniCloud used the Eagle Eye Video API Platform to integrate video functionality into OmniView.
The OmniView integration to the Eagle Eye Video API Platform and the city’s citizen mobile app was easily performed in just four weeks. Using cloud systems eliminated the need to add any new electronic physical security infrastructure into the C5 operations center.
Mexico City’s existing 12,000 cameras had been installed throughout the city using fiber optic cable networking, a lengthy and costly approach. OmniCloud proposed that the city shift to cloud-based systems and use existing telecom Internet and wireless connectivity, to reduce the hefty application and communications infrastructure costs by 80% to 90%. This approach enabled the city to deploy 10 to 15 times more cameras for the same cost as previous solutions, with much simpler deployments.
Security Business magazine’s July 2020 issue cover story (when released) closely examines the success factors for this smart city project.
The API Economy and the Security Industry
The danger for the security industry is that we’ll think we already know all about APIs and thus nothing will change. The problem is that our thinking around SDKs and APIs has been limited to the very narrow scope of traditional security systems integration, such as having an access alarm trigger the display of a video image. There is nothing wrong with that idea. But it’s a decades old thought and commonplace now.
In keeping with definition #3 above, the most important question we can ask ourselves about APIs is this: How can we use APIs to interface with other applications in ways that bring these kinds of added value:
- Enhanced security risk mitigation
- Security operations improvements
- Business operations improvements
- Actionable business insights
Who in your company will be the chief sponsor of API Economy thinking and strategy? Who will foster those discussions and gather all the ideas for consideration and follow-up action?
There are two important questions to be asking:
- What value can other applications bring to our applications?
- What value can our applications provide to other applications?
This is about enablement. What can other applications enable your application to do that they can’t do now? And vice versa.
I understand that we’re talking about systems integration, but discussions about systems integration in the past have always been narrowly focused, as I said earlier. We need to think beyond our previous thoughts and maybe break a few of our own rules.
Ilissa Miller, CEO of iMiller Public Relations, defined the term “coopetition” this way:
“Coopetition” is a term used to describe unconventional collaboration and cooperation within an otherwise competitive field of players.
For decades in the security industry, competitors would not interface with each other’s products. They just wouldn’t use or support in any way products made by a competing company.
Yet, for example, look at the business that Cox Cable does by using APIs to provide Netflix movies to its cable customers. Cox is now providing more value to its customers, by adding value to their investment in TV big screen hardware, making it simpler and easier for customers to manage a wider range of movies on the TV using the Cox remote control. Why make it hard on customers to do what they want to do and will probably do anyway, but dislike you for making it hard to do? I’m sure you can find other examples.
Coopetition is the term that I thought of when I learned this week that S2 Security Corporation’s NetBox 4.10 new release supports Bosch intrusion detection panels. What? Bosch is a competitor to S2! Yet John Moss and others at S2 realized that their integrator partners install many Bosch intrusion systems, and this would simplify things for those partners, contributing to a lower Total Cost to Serve. This is an example of some of the things I’m seeing that give me hope for the security industry in the 21st century.
Hope for the Security Industry
About a year ago Steven Van Till, president & CEO at Brivo, wrote an article titled, “Physical Security and the API Economy.” Out of the hundreds of pages I’ve read about The API Economy, Van Till’s statement is the simplest and best summary I have seen: “Call it the sharing economy for applications.” When you read his article, you’ll get an idea of how Brivo is participating in The API Economy.
Some other companies who have open APIs and are similarly benefiting from the API Economy are Milestone Systems, and Eagle Eye Networks, and now Lenel Systems as well. What is interesting to me is that fact that the founders of S2, Milestone, Eagle Eye, Brivo and Lenel: (a) originally came from outside of the security industry and (b) had strong backgrounds in IT. I apologize for leaving out a few companies in this category, but these are enough to make my point: Their leaders are focusing on how to create more value for their integration partners and their end user customers.
There is a lot happening in the business world resulting from the strong IT focus on adding value through “the sharing economy for applications.” Thus, I can safely say that the future of the physical security industry will be determined in large part by what drives the designs of industry company APIs. How many new capabilities for integrators and end-user customers will be enabled by application integration?
Security’s API Economy Picture
I put together a reminder illustration (below) of the key factors of The API Economy for physical security. I intended to provide a list of action words relating to security and business value, but found I ran out of space at just over two dozen words, with more than a hundred left over!
In applying this illustration, make a list of whatever functionality you’d like to have your application provide, and include a short statement of the additional value the integration will then bring to security integrators, end users, and end user customer companies. For example, see how Ticto (ticto.com) is using access control system APIs to establish real-time presence control for critical asset areas and for people protection. Think even further how this could be extended to other types of personnel and customer security, such as for home health care providers giving customers the Ticto app. Ticto is just getting started, and coming from outside the security industry, their founders’ thinking is not limited by legacy industry constraints.
Your thinking shouldn’t be limited either, because The API Economy and the technologies behind it are making things possible that were never possible before. Let’s make the most of it!
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.