Real Words or Buzzwords?: Physical Security Watershed Moment

Oct. 20, 2022
We have reached a juncture in physical security technology that is making most of our past thinking irrelevant

Editor’s note: This is the 63rd article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.

The Global Security Operations event (www.gsoevents.com) is fast upon us and this is the kind of pivotal technology information that this powerful event covers.

The term “watershed moment” is an idiom that refers to an important event that changes the direction of history. (ProWritingAid)

A watershed moment is a turning point, the exact moment that changes the direction of an activity or situation. A watershed moment is a dividing point, from which things will never be the same. It is considered momentous, though a watershed moment is often recognized in hindsight. (Grammarist).

Physical Security Watershed Moment

We have now reached a physical security industry watershed moment, in which we are making a complete break in security technology capabilities from the products and deployments of the past. It has been hard to see but now the evidence is appearing. The next 10 years of physical security will be a radical transformation from the previous 50 years.

Take video surveillance, for example. Security video deployments have always been compromised for several reasons, and the two primary reasons have been low technology capabilities (compared to actual needs) and high technology costs.

Cameras were only so capable. The cost of putting cameras everywhere you wanted them made sufficient video coverage unaffordable. As camera capabilities increased (megapixel coverage) and cameras became more affordable in terms of coverage per camera field of view, we encountered the scale problem.

We now have more camera views than even multiple staff can utilize effectively in many types of incident response situations. Even if we filter out false alarms and identify an incident in real time, our ability to track the real time activity can’t keep up with the scale of action as events unfold.

Security Industry’s #1 Failure

This number one failure in the physical security industry has been: we keep claiming that products achieve “situational awareness” but that’s only if the situation is evolving at a snail’s pace. Otherwise, we fall minutes and hours behind what’s going on in real time.

Security operations centers are almost always playing catch-up from the moment we detect an incident, which is usually minutes to hours after the fact. Rarely are the security responders called to action when they are first needed, and even then, they can’t keep up.

If you don’t agree with me, then visit the website of Liquid360 and see what true situational awareness looks like. Is this emerging technology a result of an advancement from within the security industry? No. It was the result of a mother being separated from her 5-year old daughter, who disappeared in a New York hotel.

Her daughter had been missing for less than 5 minutes when she confirmed her absence. She called the security control room operator using her cell phone and ran throughout the floors checking stairwells and calling her name, always continuing to speak to the control room operator by phone, hoping to hear some new of the security staff locating her on video.

After working her way down from the hotel club floor to the first floor, she was riding the escalator to the street level – just in time to see her daughter pushing open the heavy glass door to the street.

She called her name and ran down the escalator as her daughter flew in her arms. Had she waited in the control room for a video search, her daughter would have walked out into the city alone, and the police would have been called.

The security video cameras, whose primary purpose apparently was recording, were of no help. She found the situation so reprehensible that she searched for and found the right people to help her design and develop a true solution to the problem.

Liquid360 makes security surveillance useful at any scale, regardless of how many cameras there are or how many buildings or building floors there are.

It takes charge of the camera fields of view and lets you navigate them using a transparent (i.e. see-through wall) visual digital twin of your facility. It will point your PTZ cameras where you need them to be looking during incident response, and you can jump from one point of view to another – inside or outside of buildings – and the camera views will show you exactly what’s going on at that moment.

How bad is an industry failing when the people we’re trying to protect have to take security technology design into their own hands, because we’re simply not taking true advantage of available technology?

Security Industry Technology Lag

For years I’ve been saying and writing that the physical security industry lags 5 to 15 years behind the advances of information technology. I should have also included gaming technology.

Look closely at the clip at the top of the Liquid360 home page. It looks like a video game, doesn’t it? The bad news is that for years our own kids have been using visual technology that’s more advanced and more highly usable in time-critical situations than the best that we’re making and selling now. The good news is that groundbreaking technologies are changing that situation.

This is the watershed moment in physical security: technology has now advanced exponentially as has its affordability, to the point where low technology capabilities, high costs and other factors will no longer constrain our physical security system deployments going forward. Only our own thinking will! See Figure 1 below. 

The security industry has been building up to this moment for over a decade, but it’s been too hard to see. That’s why I created the Global Security Operations event, which James Connor helped me launch. He also co-hosted the initial events with me when it got started.

The GSO event takes a 3- to 5‑year look ahead at the future of security leadership and physical security technology. This event is as different from typical security conferences and trade shows as you can get. Figure 1 above is one slide from a GSO Event work session about the state of technology today.

If you think a 5-year look ahead is future-oriented, think again. Our industry is far behind because we’re nowhere near as forward-thinking as we could be and need to be.

In a recent white paper about Autonomous Compute Infrastructure, Dell Technologies gave profuse thanks to the Society of Automotive Engineers (SAE) for its contributions to Dell’s thinking about automation, which is reflected in the Autonomous Compute Infrastructure Framework that Dell developed.

A Truly Useful IT Convergence Perspective  

I originally came to the IT world from the automotive industry, which is one of the reasons why I have tracked that industry’s progress over the years.

Computer chips found their way into automobiles in the late 1960s and early 1970s to manage simple things like fuel injection and transmission shifting. Now they handle everything from locking doors and calculating fuel efficiency to emergency braking, traction control, autonomous parking and several types of self-driving vehicles.

It’s a challenging computing environment. Imagine a tire pressure sensor that has to communicate wirelessly to a dashboard receiver while bouncing up and down on the roadway at 60 miles per hour – which is about 14 revolutions per second. And we think that connecting a wireless camera is a challenge?

It is the automotive industry that had its first convergence conference in the U.S. back in 1974. That’s right: 300 engineers converged on Detroit for that conference, which at last check had over 8,000 engineers attending – mostly young engineers.

Why do I mention all this? Over a decade ago, the SAE convergence conference announced that they were focused on taking a 40-year look ahead at where technology is taking mobility.

No wonder we’ve started seeing autonomous vehicles. Technology advances exponentially fast, and that 40-year look ahead has been showing up in 15 years, and now 10 years, due to ever-accelerating technology progress. Who do you think, for years, has been designing vehicles for the moon and mars?

Can you see why we need to recalibrate our security technology thinking so that we finally quit disappointing our largest and best customers?

Security Industry’s #2 Failure

The number two failure of the security industry is the proliferation of products and systems that aren’t manageable at any but the smallest scales of deployment.

Managing Technology at Scale

Our industry makes and sells products that can’t be managed at scale. If you don’t think so, consider this. Let’s say the FBI said there was a credible cyber threat in a specific business sector that’s targeting security cameras; and the FBI advised that sector to immediately update all security camera firmware and digital certificates (due to the vulnerabilities being exploited) and change all camera passwords due to the number of compromises that had already occurred.

How long it would take to make those changes to 1,200 cameras? Days? No. Weeks? Maybe. A month or more? Most likely “more,” whether via a service request to an integrator or an assigned task to internal staff.

Which is why Viakoo designed an automated solution that lets you perform all those actions in a matter of days for 1,200 cameras or more, because every site with cameras can be updated simultaneously.

However, it’s not just devices that can’t be managed at scale.

Managing Physical Access at Scale

When you have thousands or tens of thousands of employees that need physical access privileges, the larger that population is the harder it is to actually ensure that all access privileges are correct and stay that way.

But we’ve lived with that situation for decades, and surely what we do now is better than what we did decades ago, right? But is it an acceptable situation?

Well, let’s think more specifically about that. How many unauthorized people is an acceptable number to have in areas where you don’t want them? We really want to say, “zero.” But we know we can’t assure that. There are significant insider threat risks involved that are very hard to measure exactly but definitely exist.

I don’t want to belabor this point because finally, after 50 years (when physical access cards were first introduced), there is a solution that not only encompasses all forms of physical access control – including locks and keys – but even logical access control for information systems and computer applications.

I’m talking about Access Analytics from RightCrowd. These are the folks who for over a decade, have been helping the largest Fortune companies deal with the access privilege management problem.

Using an earlier generation of information technology, they were able to solve the problem with customized integrations across a plethora of large enterprise systems, including visitor management, HR and identity management systems, logical access directories, and so on – so that things like safety training and contractor insurance requirements can be fully accounted for and auditable.

Due to the scale and complexity involved, until now such deployments were only affordable for the very largest of end user companies.

However, advances in technology – combined with some brilliant thinking at RightCrowd – have now made it possible for all elements of access privileges, physical and logical, to be managed at any scale by taking utilizing the same processes and procedures that companies already have in place and providing every access decision-maker with a tool that lets them instantly see the access privilege landscape from any perspective needed, with views by individuals, groups, access requirements (like training) and even combinations of physical access that are prohibited or required (as per separation of duties and two-person rules). It’s all viewable instantly with just a few clicks or selections.

The secret to doing this is similar to Liquid360’s approach. Access Analytics provides visualization into the access privilege landscape from any needed perspective, with individual, group or overall views. It’s situational awareness from an administrative perspective, and we’ve never had anything like this before. This is groundbreaking technology.

Changing Our Thinking

Although I’ve used a few new technologies to provide some insight into physical security’s watershed moment, the focus of this article is not about products, but about our own thinking.

We need to update our thinking, because we can now effectively address major security technology weaknesses – which also means security operations weaknesses – that we’ve had to live with for decades.

However, we can no longer rip and replace all our systems like we used to. They’re just too big. And that’s the genius factor in the design of Liquid360 and Access Analytics. Those products work now with whatever technologies and systems are in place, and they are instantly usable with only minutes of training. Their technology deployments take a fraction of the time compared to what we’ve been used to.

This article has touched on just two aspects of the physical security watershed moment. There is also a watershed moment occurring in IT as well.  They both have profound effects on the future of physical security system deployments.

That’s why at our GSO Event which is filling up fast and is only two weeks away we’re looking closely at technology strategies to (a) maximize the value of still-working technologies and (b) evolve existing physical security infrastructure to make it future-ready.

We’re also demonstrating these and other advanced technologies in our Hands-On Technology Lab, so you can take a very close look, explore the use cases and discuss what a technology deployment would look like given your own technology landscape.

Ray Bernard is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders.He is the author of the Elsevier book Security Technology Convergence Insightsavailable on Amazon. Follow Ray on Twitter: @RayBernardRBCS.
About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com), a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).

Follow him on LinkedIn: www.linkedin.com/in/raybernard

Follow him on Twitter: @RayBernardRBCS.