by Ray Bernard PSP, CHS-III
IT has practiced technology lifecycle management for decades, under various names like product lifecycle management and systems lifecycle management. Compared to IT, the physical security industry has paid little attention to the management of deployed products and systems, which is why security practitioners are periodically asked questions like this one by their organization’s IT group.
Q: Our IT department is upgrading their technology lifecycle management and they want to include our networked security systems in their program. How do we do that?
A: Your IT departments has approached you at the ideal time. They are redefining their program, and should easily be able to include support for your systems to the extent that your security systems technology will allow.
The IT departments of many organizations have successfully included electronic security systems in their technology lifecycle management programs. Up to now, this was mainly by exception—exempting many products (like network cameras) from IT requirements and including only servers, workstations and laptops (like those used with the access control and video management systems). IT departments are used to managing servers, printers, workstations and laptops. And although network cameras are essentially servers (most with Linux operating systems but some with embedded Windows), to date they have not been designed to participate in automated patch management (a typical part of a technology management program) or meaningfully support networked infrastructure monitoring. The management of most physical security systems equipment still must be dealt with manually. But that is changing.
IT learned long ago that manual management of networked computing devices is too costly and error-prone, and can’t be relied upon to keep large-device-count networked systems current—especially given the rise of cyber security threats. That’s why a part of the IT industry is dedicated to automated systems infrastructure management.
Technology lifecycle management is the beginning to end process of acquiring, installing and commissioning, maintaining and supporting, tracking and eventually retiring a technology asset. It is asset management for technology systems, which include many assets that are co-dependent and are required to work together to delivery an agreed upon level of functionality and service. Total cost of ownership and cost-effectiveness are two of the concepts involved.
A technology asset may be retired for many reasons: it doesn’t well enough function anymore, it’s cost of service is too high, it is becoming obsolete and newer products or systems would provide more value for the investment or would better fit operational needs. Traditionally security departments don’t practice asset management for their security systems, but they should—especially given the amount of money invested in them. Therefore, including them in an IT lifecycle management program can be of significant value to the organization as well as to the security department itself.
Automation Comes to the Physical Security Industry
Fortunately, the physical security industry has come to realize that IT infrastructure management practices must be applied to networked electronic physical security systems. Over the next two years, I expect that we’ll see a significant change in the industry as manufacturers make serious effects to get fully on-board with information technology management practices. For example, in early 2018 industry leader Axis Communications (www.axis.com) will be rolling out a managed services platform that includes automated patch management for cameras and other Axis components, which integrates with alarm central station software for fast high-resolution video verification.
Just a few years ago, Viakoo (www.viakoo.com) introduced a subscription-based cloud solution that provides service and maintenance automation for networked physical security systems, with a special focus on camera and video system uptime assurance, including retention compliance management and video system performance metrics. Viakoo issues alerts and service tickets (including to IT) when a network-related issue is affecting security system communications.
Collaborating with IT on Technology Management
Axis, Viakoo and other companies that provide support for infrastructure monitoring and management are evidence that the physical security industry is improving its adoption of information technologies. IT departments will understand what this means, as the IT world has seen a rapid evolution in software and systems for automating technology infrastructure service management.
Here are some practical steps to follow for productively collaborating with IT on technology lifecycle management.
Initiate. Let IT know that you want to collaborate, and that you would like IT to brief you on their objectives for Technology Lifecycle Management, and what people, systems and processes are involved.
Get Briefed. Find out IT’s initial expectations are for including electronic physical security systems in their lifecycle management program. Tell them that you need to better document your security technology (or update existing documentation) so that you can provide them with the information they need. Let them know this may take some time. Documentation should include how you manage device passwords (such as for cameras) and user access control to the security systems, and how you maintain backups of device configurations. An updated network diagram for the security systems is important. Let them know that you would like to improve your technology management to be more in line with what IT does, and that you may need guidance from them.
Involve Your Systems Integrator. Include your integrator’s lead servicing technician in the IT briefing, as you are likely to need support from your integrator, and a good technical person will be able to translate the IT aspects of the discussion that are unfamiliar.
Get Your Documentation to IT. Update your documentation and get the information to IT. This is not just what products you have; it includes warranty information, when purchased, how long until it needs replacement, and what the cost to maintain it is. What is the expected useful life of the product? How long will the manufacturer support it? Should you retain it past its supported lifetime? Request a meeting to work out how the management of the networked security systems will be improved. Use software tools to automatically discover and diagram your network and the devices on it. Consider using System Surveyor (www.systemsurveyor.com) if you don’t have the level of documentation that you’d like to have, especially if you expect to make system improvements in the near future.
Meet with IT and Make a Plan. This could be a small project plan or a large one, depending upon the size of your security systems deployment, and its current state of lifecycle management. Determine what technology lifecycle management responsibilities IT will take on, what part Security will handle, and what support will be needed from your integrator. IT should have a management process that Security will participate in, that will include cyber security audits, ongoing reporting, periodic reviews and change management.
Many companies have already engaged in project-based collaboration with IT. Substantial benefits can be obtained by including physical security systems in an ongoing technology lifecycle management program.
Write to Ray about this column at ConvergenceQA@go-rbcs.com. Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty member of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS
© 2017 Ray Bernard