Supporting Security Operations with Technology
Security operations and security technology now indivisible.
How important is security technology when it comes to security operations? When you take a walk around a modern security operations centre, it’s hard to argue that technology is at the heart of things, empowering staff, enhancing safety, facilitating security.
TECHNOLOGY’s central role in security operations isn’t always recognised but you don’t have to look too closely at any end user security department before you find a control room that brings together multifarious technologies into an operational nerve centre. A security control room is likely to incorporate management solutions for alarms, access control, video surveillance, fire management and control, building management, HVAC, lift control and more.
Depending on the level of integration between these subsystems, the complexity of the interfaces between these systems and their operators is going to be variable. In some applications, operators will themselves provide a measure of connectivity while serious integrations are going to merge inputs and outputs in the background and present them to operators via a unified and federated security management system.
According to Matryx Consulting’s Luke Percy-Dove, without security technologies, responsibility for the security of property and the safety of people would ultimately rely on people alone.
This would be impractical to do and ultimately a flawed strategy,” argues Percy-Dove. “People are fallible whereas technology is generally very reliable. Ultimately, whatever security technologies are deployed need to be fit for purpose. Considerations will be the type of technology to be used, if it can be easily integrated into their local environment and if it is cost effective. Amenity is also an important consideration. You must be mindful of the environment and maintaining the look and feel of it wherever possible.
“Access control and intrusion detection should be the first security technology deployed in almost any property. These set the rules for who can come and go and when and also provide alerts for when the rules are broken. Without it, you are almost flying blind. CCTV would closely follow in importance which then provides visibility of what is unfolding at any given time.”
How important is planning and process when it comes to applying security solutions? According to Percy-Dove it’s integral.
“This is something that is so often overlooked but is actually a key element of security,” he says. “As an example, duress buttons are installed widely across a variety of industries, but the response mechanisms are rarely properly considered. Business often doesn’t appreciate that a response could take 45 minutes or more which in most instances will be far too long. Planning and process is critically important in any security strategy.
“Speaking from the perspective of a security consultant, I think we play a very important role. We act as an extension of our client’s team and only ever act in their interests. We bring knowledge and experience when it is needed. Project managers need to implement and get systems to work as designed so their role is equally important. Meanwhile, security integrators must always work in the best interests of the security manager. If the product that they are resellers or agents for is not a good fit, then they need to be able to recognise that and suggest an alternative. The other element is that whatever systems are being implemented need to be manageable and easily operated. Systems that are complex will rarely be fully embraced which usually means risk or failings in other areas. It must be about the client.”
When it comes to new technologies, Percy-Dove says he wants to see the old technologies done properly, first.
“Sorry to be boring, but I am still waiting for the industry to do basic systems integration well,” he says. “At an enterprise level, integration is common but less so in the broader commercial market. I see systems integration as a fundamental of good security risk management. Without it, there will be gaps that will be too reliant on humans to manage. I don’t think there is any one technology that should be top of mind right now because every application is so different.”
According to Simon Pollack, who has recently re-located to Canberra after many years with Scentre Group, there’s a joke about a farmer who was unhappy with the cost of feeding his horse so decided that he’d train it to eat less.
“Gradually cutting its food back further and further, the horse dies,” Pollack says. “The farmer complains to his neighbour ‘I finally have the horse trained to eat nothing at all and it goes and dies – what poor luck’. I’ve been observing a similar trend, particularly in recent years of organisations wanting to replace manpower with technology.
“Technology absolutely has a role to play in security operations, however it is crucial to understand that technology is a force multiplier, not a replacement for security guarding. Organisations have a duty of care to ensure they have adequate resources available to manage any reasonably foreseeable situation.
It’s all well and good to have a guard observe a situation on a bank of CCTV cameras, but if they don’t have the ability to do anything about the situation, is there still a security capability. Security technology invaluable for investigations, access control, and making security operations more efficient. The art is in striking the right balance between people, process, and technology.”
According to Pollack, there are a number of new technologies security managers should be looking at.
“Technology is undergoing a period of rapid evolution, and I suspect it will be a couple of years before the current raft of products mature,” he says. “My advice would be to design systems to form the foundations on which these evolving technologies can sit. The major trends we are likely to see in the near future include mobile access, computer vision, expanded use of video for operational intelligence, integration between IT security system and physical security systems, and a migration from appliance style security products to IOT style security products.”
Pollack argues that whether they are internal or external resources, consultants and project managers can significantly improve the outcome and delivery of a security project.
“Typically, security managers are employed because of their security capability – this does not necessarily equate to a technology capability,” he says. “Consultants deliver value by extrapolating a client’s security and business requirements into a clear technical scope, then ensuring the system is delivered according to that scope.
“With regards to project management, there are 2 considerations. In the first instance, existing capability, in the second demand on resources. While a security manager may be capable of project management, will doing so compromise their core security responsibilities. If an organisation already has extensive security technology and project management capability, then external resources may add less value.”
According to Stuart Rawlings, Pelco by Schneider Electric Security, technology that can alert a human operator of a potential incident delivers by far the most valuable action that can be offered.
“The use of a system for forensic investigation is always after an incident has occurred and invariably such an incident has had some intrinsic cost already,” Rawlings explain. “Having a system detect and highlight potential incidents or suspicious activity before they result in anything negative is ultimately what we all want to see as an operator. The reality is that human operators cannot always successfully review hundreds of camera feeds with the concentration and spatial awareness required to protect an entire site. That’s why having a system that helps direct the operators’ attention improves overall security.
According to Rawlings, at the top of the list of things security managers must bear in mind when assessing technology fixes for their applications comes cybersecurity.
“Cybersecurity is a top concern for many involved in the physical safety and security industry,” Rawlings says. “This includes Pelco and its customers, distributors, and system integrator partners. The Australian Government is one of the most demanding customers when it comes to the cybersecurity of its own deployments, namely video surveillance systems used for critical infrastructure and public safety. Being aware of trends, rules, and regulations in this area is important for security managers to keep in mind.”
When it comes to foundational security technologies, Rawlings believes the term ‘security technology’ is overloaded.
“Those of us in the physical security industry would interpret this to be the technologies being applied in our industry, but I would hazard a guess that the majority would think of technology applied to securing ourselves against cyber-attacks,” he says.
“However, today’s cameras and video management systems are much more than devices that protect property and people. A camera is the richest data sensor available, and we are starting to see some very creative and focused uses of the cameras as a data source. In terms of VMS, certain markets are no longer focused on showing the video as a primary viewpoint, but instead showing an aggregation of the data gathered by intelligent cameras and other systems. The information gathered by these cameras are the oil to the management systems combustion engine. The only question that remains is how fast can we get this engine to take us.”
As technology becomes more capable and the expectations placed on it become greater, planning and process has an increasing role when it comes to applying security solutions.
“The technologies of today are ever increasing in their complexity, and while there is a huge focus on ease of install and use, the enemy of those concepts is the rush job,” Rawlings says. “When it comes to maintaining and optimizing technologies, a sound rational process can be the difference between a smooth deployment and one that puts people and property at risk.
“A successful security strategy is a combination of people, processes, and technology. These days, we see much more direct marketing and connections between manufacturers and technology vendors with the end user market. However, it is critical to realize the development of processes and trained people is not part of that equation. This is where having a good consultant on retainer to provide guidance and recommendations is critical. A project manager that oversees the deployment of the solution will also be paramount.”
When working with security managers, Rawlings says integrators need to be focused on features as well as price.
“In sensitive markets, there will always be a demand for the most value, but the levers we pull to provide value are really in two areas – price and features,” Rawlings explains. “As more industry and cyber standards become available for manufacturers to conform to, the concept of security as a feature will (unfortunately, in my opinion) become the norm.
“End-users will often make a trade-off between security and price, and often unknowingly. However, the risks are less tied to the price of the hardware, and more to the fact that end-users with tight budgets may also be constrained in their maintenance and operational support funds. Since a successful cybersecurity strategy is a combination of people, processes, and technology, a lack of focus in any one of these areas creates risks.”
What key new technologies does Rawlings think security managers should be looking at right now?
“One of the main emerging technologies is the advancement in artificial intelligence,” he says. “As we delve into the world of AI, we need to avoid the mistake of bucketing this into video content analysis only. As the world is an ever-expanding melting pot of data points, AI can be used to not only vastly improve data generation, but also play a critical role in the consumption and processing of all the various data points.
“The first generation of video content analysis was initially all about alert generation, which eventually resulted in the improvement of forensic search capabilities. That said, there was always the challenge of false alerts and missed results. Applying AI technology such as deep neural networks to computer vision will significantly improve performance, providing that the DNN model is properly trained. This will generate much higher quality data in the form of alerts and descriptive metadata.
“A more interesting fact is that when we take lots of data points over time and use AI to observe and learn the environment’s ‘normal’, we can then look across a range of data points and flag when a series of events appears abnormal. That’s true intelligence helping us on our mission of protecting communities on a global scale.
Meanwhile Rusty Blake of Inner Range believes technology is integral to security operations.
“It’s 2018. Trying to imagine security operations without the use of security technology would be difficult without dusting off an ancient spy novel and being reminded of yonder years,” Blake says. “In today’s world, we have a plethora of diverse technologies that come together and form the entire structure of security operations. Think CCTV, access control, perimeter defence, incident reporting, real-time notifications, drones, intruder alarms and so on.
“Security technology differs based on the application. Talking boots on the ground, a security team cannot function without communication and co-ordination. CB radios, real-time notifications and CCTV are 3 examples of audible and visual communication that facilitates co-ordination. At the control room, incident reporting and automation between technology systems (CCTV, access control, PA systems, etc) plays a vital role.”
According to Geutebruck’s Anthony Brooks, security technology can either make or break a security operation.
“In recent years, there has been a disproportionate amount of over-hyped analytics that often create more noise through false positives and distract operators more than helping them,” Brooks says.
“A perfect security solution should be the most popular team member in the control room, providing automated alarm actions and events – delivering meaningful and actionable information in a timely fashion. It’s all about creating operational efficiencies that help to save valuable time and support the security personnel.
“Security managers who understand their risks and threats are better positioned to mitigate the threat with technology. Defining the operational outcomes is a key to success. The use of a skilled, reliable and trustworthy security integrator (and/or consultant) who consults according to the needs of the customer and understands their individual pain points will further assist in delivering solid outcomes.
“For instance, any considered technology/solution should be flexible and easy to integrate/connect to existing third-party systems. It’s also important to consider the true cost of ownership over the long run. A greater RIO will be realised when using systems that are well supported and backed by a manufacture who delivers on long lifecycles and backward compatibility.
Which security technology is foundational, when it comes to supporting security teams, in Brooks’ opinion?
“There is no one silver bullet technology; but rather a lot of moving parts all of which, must deliver on the fundamentals of reliability, reliability, reliability,” Brooks explains. “For instance, Geutebruck are very committed to delivering failsafe and redundant solutions that minimise risks and losses while maximising operational efficiencies – and profits in retail/logistics environments. Our open platform and free SDK support a wide range of interfaces enabling connectivity to third-party systems which is crucial in delivering utmost efficiency.
“I would argue the planning and process when it comes to applying security solutions is crucial and you need a combination of progress, foresight and prudence. We advise clients to do the same. Comprehensive design and consulting are the best guarantees of success and will help ensure a 100 per cent functional delivery while saving time, money and problems.
“For many customers, getting what they need requires the expertise (and independence) that a consultant brings to the table. Good consultancy drives the better outcomes and often innovation – especially so when in combination of an expert manufacturer,” Brooks explains.
“While many smaller jobs may be simple to execute; the investment in project management to drive planning, execution, control, commissioning and handover for larger projects is a proven strategy to meet the specific outcomes on time and within budget.”
When it comes to the key new technologies that security managers should be looking at right now, Brooks says there are plenty of candidates.
“Artificial intelligence is an area of great interest,” he says. “Apply this to the logistics market – we have new visualisation technologies that enable the scan and count of multiple objects/items via the camera in your everyday smart phone. By leveraging our core security engine and combining them with these new data sets we expose new insights within the framework of logistical processes and supply chain. Intelligent interface technology makes it possible to immediately detect and eliminate errors in the process sequence (e.g. in package conveyor belts or in the material flow).
“Additionally, we believe it is critical that managers consider the security of security – ensuring protection against vulnerabilities, data theft and hacks. Geutebruck solutions offer the advantage of high-security system integrity and high-performance and convenience. Users enjoy the flexibility of ultra-fast search, review, sharing and dissemination of video whilst still maintaining a very granular level of control.
“Finally, never forget people and relationships,” says Brooks. “Trust and experience are extremely important. Managers should continue to seek out the security integrators/installers and manufacturers that have a proven track-record for reliability, trustworthiness and high-quality security solutions.”
According to Michael Kosaros at Mobotix, technology is the very crux of security operations.
“Without security technology security operations will not be able to function effectively,” he says. “Technology can help a business in many ways and security managers need to plan technology deployments based on a holistic business approach that take into account work flow and processes.
“In my opinion, communications is key to all effective security teams when it comes to technology. Without the ability to communicate a team becomes many individuals which can cause vulnerabilities. All communication technologies become imperative, including mobile phones, 2-way radios, CCTV and VMS. This said, important technologies of the future include data capture from the images and events to action, as well as creating better processes with the technology that has been presented. Also of value is analytics to proactively capture pre and post-event incidents and minimise time consuming work tasks.
“Planning and process is the single most important agenda when designing any security solution. The most common point of failure in any technology solution will occur within the planning phase. Without a process to the procedure, a point of failure cannot be determined.”
Kosaros believes consultants and project managers are an asset to the process. All security vendors and systems integrators find themselves consulting and project managing daily. What consultants and projects managers provide is a single point of contact to an end user swimming in an ocean of technology, he says.
“Security integrators must never lose sight of the process and work flow, either,” Kosaros says. “The technology deployment must be suitable for the level of monitoring. Without collaboration between the 2 parties a great security deployment could turn into a problematic one. The technology should be fit for purpose but so should the solution.”