The Increasing Pace of Technology Advancement

March 23, 2015
Will we see 100 years of security solutions advancement in the next decade?

The trouble with thinking about technology advancements is that the rate of past progress does not predict the rate of future progress. Prices go down, while capabilities go up—but not at an even rate of progress. It’s a continual acceleration of the rate of progress.

It is a little known, but provable fact, that all information technology advances follow the same type of growth curve. It starts out slow, starts to build, and then takes off like a rocket.

A number of individuals have closely examined these technology trends. Chief among them is Ray Kurzweil, a highly accomplished inventor; futurist and author. In 2012, Kurzweil became the Director of Engineering at Google, heading up a team developing machine intelligence and natural language understanding (i.e. applications you can talk to in a conversational way). About technology advancement, Kurzweil says, “. . . if a technology is an information technology, the basic measures of price/performance and capacity (per unit of time or cost, or other resource) follow amazingly precise exponential trajectories.”

For example, Martin Cooper, an American engineer who is considered to be the “father of the cell phone”, discovered that the amount of information that can be transmitted over a given amount of radio spectrum has been doubling every 2.5 years since Marconi's first radio transmissions in 1895. This fact is known as Cooper’s Law.

Additional technology “laws”, which are really observations, are:

  • Moore's Law: "Processing powers doubles about every 2 years while prices are halved."
  • Gilder's Law: "Network bandwidth doubles every six months."
  • Less's Law: "The cost of storage is falling by half every 12 months, while capacity doubles."

An information technology’s growth will double at some specific rate, typically ranging from annually to every five years. What is important to note is that regardless of how fast the doubling occurs the shape of the trend curve is essentially identical from technology to technology. The classic shape of such a trend curve, known as an exponential curve, is clearly visible in Figure 1, which tracks the growth of money value for a hypothetical bank account whose balance begins at $1, and doubles every year.

These trends apply to all information technologies. While the success or failure of any particular company or product is not predictable, the rate of advancement for any particular information technology is certainly predictable.

This is what makes it possible to predict the rate of advancement for physical security systems technology. There is a natural security industry technology adoption lag—it’s the time it takes for manufacturers to understand new technology, identify its security uses and incorporate the technology in their product lines. By keeping an eye on the IT trends it’s possible to see the advances coming well before they appear as new or upgraded security products. 

Figure 1 (above) provides an example of the kind of growth curve that characterizes information technology advancement. Initially progress is very slow. In the first 10 years the dollar has grown to $512. In the second 10 years, it grows by more than $500,000. But in the following 11 years, the account the balance surpasses $1 billion.

The Figure 1 graph illustrates an important point about exponential trends: at no time in the trend line does the previous five or 10 years of growth give a clear indication of the next five or 10 years’ worth of growth -- unless one already knew that the growth rate is exponential. It’s the same with information technology advances. The results of accelerating growth rates are not intuitive. One of the reasons is that when we humans experience this type of technology trend, we tend to project the future based upon the recent growth experience (the last five or 10 years) rather than the actual exponential growth curve coming up. 

Figure 2 (above) is a good example of information technology’s price/performance and capacity curves. It depicts the Drive Capacity and Cost per Gigabyte trends of computer hard drives.  The graph shows how the common pace of technology advancement increases at an ever-accelerating rate, starting out slowly and then ramping up dramatically. Typically the cost trends are almost the mirror opposite of the capabilities trend -- dropping steeply at first, and then leveling out.

100 Years of Advancement in Less Than a Decade

Because electronic physical security systems are based on information technology, physical security systems will follow the same advancement curve of information technologies. The pace will explode from its current state at an accelerated pace to include security operations not even yet considered. While most security professionals believe technology “convergence” has already happened for the security industry—in truth it is just barely begun.

That steep upward climb on the right-hand side of the technology advancement curve represents what happens when convergence starts to take hold and industries, as well as products, embrace information technology advancement trends (computing, networking, software, analytics, miniaturization, virtualization, consumerization, etc.). If companies embrace only the current technology advancements, they fall behind. That’s been the state of things in the security industry for the past decade. An industry’s companies have to embrace the trends and become part of them. That’s how industry-specific technology advances.  It’s hard for people to envision a pace of technology advancement that is 10 times faster than it is today. That’s why the forward look has to stretch into “futuristic” thinking, because the future is almost here.

The Position of the Security Industry

It is important to realize that most Information technologies have already rounded the corner of their technology advancement curve and are on their way to extremely high rates of advancement, as can be seen in Figure 3. Security technology will advance through the up-swinging curve, and in the next 10 years it will seem like more than 100 years of progress is occurring when compared to the previous decade. The pace of advancement will pick up slowly, round the speed corner, and after that take off like a rocket.

It is hard to envision this much advancement now, partly because of the constraints that handcuff the security industry. Yet the visionaries will have to look past these constraints, as technology advancement figures to eliminate them in short order. Technology companies must design for or around constraints or they will in essence be designing obsolete products and services.

Individual illustrations of the growth trends of the technologies depicted in Figure 3 (below) are available online at: www.go-rbcs.com/tech-growth-curves.

Two Constraints Changing: Internet Bandwidth and Internet Security

The Internet bandwidth constraint is already eroding, as evidenced by home networking speeds that are now 60 times what they were 10 years ago (120 times what they were 15 years ago. Nelsen’s Law of Internet Bandwidth states that a high-end user's connection speed grows by 50 percent per year. That law fits data from 1983 to 2014.

Many initiatives are in place to secure the Internet, the most notable being the Electronic Frontier Foundation’s project to encrypt the entire Internet. By mid-year 2015 they are launching a security certificate authority (an organization that issues the digital certificates used to make secure Internet connections) named Let’s Encrypt (go to http://bit.ly/lets-encrypt), whose purpose is to secure the entire Internet by automating free web security. This effort is led by the Electronic Frontier Foundation, which includes Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan.

 This initiative only secures the Internet connections themselves. It does not secure the web applications, which has its own trend of advancement. These aligned trends will all combine to drastically reduce the risk involved with internet transactions.

When the Internet bandwidth constraints are lifted and web-based security services drastically improve, cloud-based security services will make a lot more sense. Cloud-based services are poised to be as big a part of the security services landscape as are other service-based applications beyond security.

Changing Coming to the Security Industry

What changes will take place within the security industry? We can look to Silicon Valley for examples of what and what not to do. These insights will encourage security industry companies and help them to make moves that they previously would not have considered.

A lot of Internet and Web innovation came from small companies who developed breakthrough technologies of one kind or another and were then acquired by Cisco, Yahoo!, Google, Amazon and others. At one point recently, Cisco was acquiring five or six companies a week. Technology advancement creates opportunities that many bright young professionals embrace, and this will feed new life into traditional security companies who are not yet positioned to move at the fast pace required to stay competitive.

Technology Advancement and Your Security Program

Looking back just 20 years ago, the process of deploying security technology involved compromise with security operations objectives, usually due to high costs or to shortcomings in technology functionality. Today, however, the two overall information technology trends—increasing capabilities and decreasing prices—mean that if you can’t already do everything that you want to do with your security systems deployments, you’ll be able to very soon. And it won’t be long before Star Trek-like command and control capabilities can be put to work for you.

However, most Security departments are not prepared for advanced technology—and the state of their current technology practices are at least a decade behind the successful practices of IT.

For many security departments, to embrace the coming technology wave requires transitioning from old-school technology precepts that focused on standalone and closed-network systems, to current-day thinking that includes successful IT practices. Physical security departments must mirror the best practices of their IT counterparts.

Figures 4 and 5 depict the difference between the IT approach to monitoring IT infrastructure and the infrastructure monitoring practiced by many security departments. In fact, most security departments don’t know that IT-style monitoring technology for video infrastructure exists. It can be easily found by an Internet search for “Video Path Uptime” or “Video Retention Compliance”.

Seven Steps You Can Take to Start Getting Ready

A future article will elaborate on the bullet points below. Carry out these actions in whatever order makes the most sense for your organization.

One: Get your security system documentation current -- Things move fast in the IT world, and one of the reasons they can move quickly and effectively is the attention paid to systems documentation.

Two: Update your facility risk assessments -- This refers to a formal assessment where critical assets and their threats and vulnerabilities are identified; the likelihood of incidents is worked out along with potential business impacts. The end result should be a risk treatment plan that brings the security risks down to acceptable levels at acceptable costs.

Three: Develop a Security Concept of Operations -- A Security Concept of Operations document establishes the context within which security technology will support security operations. (See: http://bit.ly/security-conops)

Four: Understand IT’s Technology Roadmap and Managed Infrastructure -- Have someone in IT explain their Technology Roadmap to you, or read the document yourself if you are up to the task. Learn what it means to have an infrastructure that is managed in real time.

Five: Join your local ASIS chapter if you are not already a member -- As a chapter member, you can influence the topics selected for lunch presentations, and include emerging technology in the list.

Six: Check out the ASIS Member Councils and their Newsletters -- ASIS has launched a new member council that actively keeps an eye on emerging technologies, called the Security Applied Sciences Ad Hoc Council (SASC). The SASC will be monitoring security technology developments and actively engaging with security professionals who are end-users, engineers, vendors, testers, and subject matter experts in the field of security technology applied sciences.  The Physical Security Council offers workshops on several security technology topics, and other business sector councils offer workshops specific to security for banking, healthcare, pharmaceutical manufacturing, and other facilities.

Seven: Start a Written Technology Wish List -- In whatever document format suits you, create a wish list of all future security technology ideas you would like your “next generation” security technology systems to encompass. Date your entries. There are two categories of security improvements: security-effectiveness and cost-effectiveness. Identify which category each wish list item is in.

Getting Current with Existing Technology

Getting current with your existing security systems deployment is a solid step in preparing for the coming technology changes. While performing the steps above, you will become aware of any technology shortcomings, get a sound idea of the current state of things, and probably have some good thoughts regarding how you want to evolve your security technology capabilities.

About the Author:

Ray Bernard, PSP, CHS-III, has been writing for Security Technology Executive for more than 20 years and is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides services for public and private facilities. Follow Ray on Twitter: @RayBearnardRBSC.

About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com), a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).

Follow him on LinkedIn: www.linkedin.com/in/raybernard

Follow him on Twitter: @RayBernardRBCS.