Leveraging PSIM to address security growing pains
Some companies grow the old fashioned way- organically. Others expand their footprint through mergers and acquisitions. Either way, companies can face "growing pains" when it comes to managing security operations. For example, companies that grow organically tend to add physical security systems with each changing of the guard. More often than not, acquired companies arrive with their own set of preferred security systems, policies and procedures, making for a less than harmonious union with their new parent company.
While some would advocate for standardizing on one preferred solution over another, the full rip-and-replace approach is not always practical from a pure dollars and sense standpoint. Thankfully, there is a middle ground. Physical security information management (PSIM) software enables organizations to integrate multiple access control, intrusion detection, video management systems and other security sub-systems together to form a common operating picture.
If your expanding company is facing security growing pains, here are nine ways that PSIM can help:
1. Seamless migration: PSIM is one of the strongest migration strategies an organization can employ, because the organization can continue to leverage its existing security systems while transitioning to new solutions as budget allows. Regardless of of M&A activity, there are a host of other reasons an organization may elect to gradually phase out one system in favor of another, including poor product support, declining features, prohibitive pricing, end-of-life product decisions, etc. Whatever the case, PSIM allows for a seamless, gradual migration.
2. Situational awareness: Non-integrated security systems can create so much competing noise that critical details are drowned out. For command and control centers that need to monitor thousands of sensor feeds and systems this static can be overwhelming. By bringing all systems and sensors together, PSIM can correlate structured and unstructured information in time, space, and severity, to create rich situational awareness that cannot be replicated in a non-integrated way.
3. Consistent response: Maintaining consistent, compliant responses to situations can be especially difficult for large organizations whose command and control centers span the globe. Frequent organizational restructuring, variances in employee tenures and experience levels, and cultural differences can all have an impact. On top of this, response plans, escalation procedures and reporting requirements constantly change. By using PSIM’s adaptive workflows to standardize and automate policies and procedures, companies can remove the inherent variations and ensure consistent compliant responses anytime, anywhere.
4. Complete oversight: When a company acquires another, it has limited visibility into the acquired firm’s security operations. With the aid of PSIM, the acquiring company can have oversight over all remote command centers, whether pre-existing or newly acquired, and no matter what brand of security solutions they use. PSIM also provides extensive back-end reporting capabilities so an organization can centrally monitor how well compliance objectives are being met, track the severity and types of incidents by location, and identify opportunities for continuously improving security operations across the enterprise.
5. Follow-the-sun model: PSIM’s automated procedures, escalation mechanisms, and integration with GIS means that operators get complete situational awareness of an incident, including what’s happening, where it’s happening, and what to do next. Alarms are overlaid on a map-based interface complete with building graphics, and supplemented by structured and easy-to-follow action plans. Operators can direct response personnel to the exact location of an alarm, quickly pinpointing the precise spot on a campus or even in a very large building. This makes it possible for a large organization with multiple command and control centers in different time zones to implement a follow-the-sun command center model, where remote operators can handle incidents regardless of their location. The organization could also more readily leverage the excess bandwidth of a fully staffed command center in the event another center was operating with a skeleton staff.
6. Command center consolidation: PSIM also makes it easier for a company to consolidate multiple control centers. This is made possible through PSIM’s integration capabilities. Even if the companies have standardized on different access control systems, video management systems, etc., all of these systems can be seamlessly unified through the PSIM interface. The underlying complexities are totally transparent to the security operator. It all looks the same to him, and that means a shorter learning curve and less training. Additionally, experience shows that PSIM can reduce response time (the time it takes handle an incident) by as much as 75 percent, which means that all else being equal, a command center can monitor more sites without having to add staff or space.
7. Centralized management of critical security functions: For industries that have undergone extensive consolidation, commercial banking being one example, there is a heightened need to centralize and simplify management of critical security functions. According to the FDIC, the number of commercial bank brands declined from roughly 12,000 in 1990 to 6,000 in 2011. During the same period, total bank branches grew (from about 51,000 to 83,000). Simply put, that means there are many more branches per bank to monitor and manage. Empowered by PSIM, a bank security control center can become the focal point for managing critical security functions. For example, this can include monitoring panic buttons across every bank branch in the network. In the event a branch is robbed and a panic button is pushed, an alert would automatically be generated in the control center. A map would immediately pop up on the operator’s screen showing the exact location of the alarm, along with the surveillance video associated with the specific panic button pressed and step-by-step emergency procedures. Information would instantly be routed to bank security management, local law enforcement or other responders. Depending on the situation, the PSIM system could also automatically secure doors or contact key personnel by phone, text or email.
8. Regulatory compliance challenges: PSIM also address challenges that extend far beyond day-to-day security operations, such as regulatory compliance issues. Electric utilities are a good example as they may have dozens of critical and regulated sites that need to be monitored across a multi-state footprint. For example, a standard of the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) program stipulates that unauthorized access attempts to CIP locations must be reviewed immediately and handled in accordance with the utility’s CIP-compliant incident response plan. PSIM can help to ensure compliance with this specific aspect of CIP. Compliance with NERC CIP is enforced through NERC audits and utilities found to be in violation can be subjected to large fines. The burden is on the utility to provide documentation and proof of compliance. PSIM can help minimize this compliance reporting burden because reports can be generated automatically in a fraction of the time it would take to manually pull the information together.
9. Operational uses: Large organizations have broad needs beyond security that require situational awareness and situation management. For example, a utility could integrate grid devices into a PSIM solution, so error messages or device alerts could be sent automatically to operations personnel when maintenance was required. This could in turn initiate work orders, or instruct personnel to follow-up or escalate situations if work was not completed on time. There might be a need to monitor water levels in a river, temperature or oil level sensors in a transformer, vibrations in a turbine generator unit — all of these things are possible. In a bank setting, security operators could be alerted to equipment issues, such as an ATM video camera failure or ATM failure, for fast troubleshooting. This is critical because in some states, such as New York, ATM security regulations require that a surveillance camera be installed and properly maintained for every ATM. Failure to meet such regulations could result in costly fines. Asset tracking is another banking application for PSIM. Because of the portability of bank bags, financial institutions are faced with the constant threat of money theft. According to the FBI’s Bank Crime Statistics, thousands of bank bags are stolen each year and less than half of the stolen funds are ever recovered. By integrating with location tracking systems such as GPS, RFID and blue force tracking, PSIM technology can help track and monitor infinite numbers of far-flung and movable bank assets, including armored vehicles and bank bags.
So, if you’re responsible for security in a company that has an expansive and growing geographical footprint, will you always need PSIM? Not necessarily. But in the right set of circumstances, PSIM can help you manage the growing pains with ease
About the Author: Dr. Bob Banerjee is senior director of training and development for NICE Systems’ security division. He can be reached at at [email protected].