Security industry technologies continue their rapidly accelerating advancement. This is not new news. Most of us expected an increase in AI-enabled features, but in addition to that many manufacturers have expanded their product lines and also their “out-of-the-box” integrations and technology partnerships. This prompts this year’s first question, a variation on a continuing theme.
1. Cybersecurity. Is cybersecurity baked into new products and new product capabilities? Or do design consultants, integrators and end-users have to plan it out based on good written guidance, or work it out without guidance?
Vendors should be able to point you specifically to such guidance, not just answer, “We have it.” I have updated the list of key companies who provide guidance on security product deployments, "Physical Security Hardening Guides in 2022." At the end of last year, I had to remove several vendors from that list, because they took down their online guidance. I’m hoping that this year we can instead expand the list.
2. Privacy and Data Governance. What support do your products provide for GDPR compliance?
The toughest privacy and security law in the world is the European Union’s General Data Protection Regulation. Privacy and data governance are business issues whose importance to security system deployments is increasing significantly, because of the rise in non-security business operations data generated by security system analytics. Some leading manufacturers have begun providing features that facilitate the proper handling of system data that has privacy considerations.
3. Security Operations Improvement. What product capabilities will help vastly improve a key aspect of security operations?
Once again, you probably already had this question in mind, but for vendors the talk is usually about features and new things. They are only relevant if they help you improve the security picture, and the improvement is worth more than the time, effort and cost to do it. As I have said before, by “vastly improve security operations” I mean orders of magnitude of improvement. But that doesn’t mean a massive change to the whole security program. It does mean that certain parts of it will be much more effective or efficient. The story of AI-based analytics includes more than just improvement of previous capabilities, but also the addition of new kinds of data providing enhanced security intelligence and business intelligence. Thus, business operations value is a key factor in evaluating technology.
4. Infrastructure Management. What new features to you have that improve management and administration for large-scale deployments?
Today’s technologies are broadly networked to a much greater scale than a decade ago. If you have a regionally, nationally or globally network security system, ask about features that facilitate the management of large-scale deployments.
5. Cloud Characteristics. How specifically does your cloud-based offering make use of the six key characteristics of cloud computing?
In 2022, it is still surprising to me how many cloud services sales people can’t answer that question! This can also have some application to on-premises equipment that is cloud-managed.
6. Risk Scenarios. What types of end user risk scenarios do your new or improved features address?
Vendors should be able to describe the risk situations that new or improved features were designed to address. Before the new feature, how did things work? Now how will they work using the new feature?
7. Open Platform. Does the platform have an Open API, meaning that it’s published online and freely available? What are some examples of its use?
Integration is emerging as a strong source of security systems value. Some platforms are more “open” than others, and some APIs are more mature than others (a function of time and product advancement). Ask to hear about examples of how the API is used for systems integration.
8. Artificial Intelligence (AI) and Deep Learning (DL). Where does the AI software reside? Who develops and improves the AI? How does the product get updated for AI improvements? Does it build a data model? Where does the data model reside? How it is backed up? Who owns the data model that is built with your company’s or your facility’s data? Under what conditions could an on-premises data model be lost, resulting in AI learning having to start all over again.
AI is a rapidly advancing technology field. What plans does the vendor have to keep its AI implementation current with the trends for AI improvement and advancement.
9. Digital Certificates. What use do you make of digital certificates, for encryption and/or device identity?
An increasing number of IT departments are requiring that encryption and system device authentication utilize digital certificates. Few non-cloud security system software applications use certificate-based encryption. When it comes to device authentication, few vendors make on-premises hardware devices that use digital certificates to authenticate themselves to their cloud data center. The first cloud-based physical security systems to do so are the Eagle Eye Cloud VMS and the Brivo cloud access control system. This level of system security should be industry standard.
10. Body-worn Technology. How can we pilot the technology to understand the impacts of any system complexities, manual process or procedure requirements and the do’s and don’ts for individuals wearing the technology? How is data privacy accounted for? What are the care and maintenance requirements?
One pizza franchise implemented body cameras because of an increase in negative customer reports about the pizza delivery experience. One surprising result shortly thereafter was a 20%-plus increase in sales, due to delivery personnel being on their “best behavior,” in some cases going beyond their training requirements to provide high quality of service. Body worn technologies of all types can have beneficial impacts above and beyond the initial security or oversight driver for adoption.
About the Author:
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Follow Ray on Twitter: @RayBernardRBCS.
