• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Security Executives

    How Security Product Lifecycle Management is Changing

    Aug. 12, 2020
    Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
    Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.

    Many physical security system products have very long lifecycles – such as cameras, card readers, access system controllers, intrusion detection panels and sensors, which typically function well for 10 to 15 years. However, especially in this age of exponential technological advancement, software lifecycles are a different story.

    Q:        Our IT department asked what our security system software product lifecycles are, and we’ve never thought of it like that. We try to avoid major upgrades if possible. What should we tell them?
    A:        Once you define what the security product lifecycle picture is for yourself, you can explain it to IT and to management – as that will be very beneficial.

    The security industry is in a phase where it is transitioning out of painful rip-and-replace scenarios, in part due to cloud and hybrid cloud deployments but also due to the improved quality and longevity of many security devices. Due to increased product interoperability, whole system replacements are now rarely a necessity.

    Security Product Lifecycle

    Product lifecycle planning – from the end customer’s not the manufacturer’s perspective – has several aspects, each of which needs close examination. Let’s quickly define each aspect of product life.

    • Product Sales Life. This is the period of time when the product is offered for sale.
    • Product Warranty Life. This is the length of the manufacturer’s product replacement warranty.
    • Product Support Life. The length of time that technical support is available.
    • Product Operational Life. How long the product remains fully working.
    • Product Depreciation Life. Equipment purchased as part of a capital expense project is typically depreciated over several years. Companies often have a practice of not replacing equipment that hasn’t fully depreciated.
    • Product Affordable Life. Considering maintenance and extended warranty costs, how long the product remains affordable compared to the alternatives.
    • Product Useful Life. How long the product continues to provide operational value.

    While all of these are important to Security and to non-security decision-makers, the most important aspects of IT’s product lifecycle planning are support life and useful life.

    Product Support Life

    Once an intelligent security device or software application is longer supported, it no longer receives security updates. The product then becomes a cybersecurity liability and is no longer qualified to be connected to corporate networks or other devices. Cyber liability insurance can exempt cyber incidents involving such devices from its coverage. Thus, this is a high-interest item for IT.

    Product Useful Life

    One purpose of product lifecycle planning is to enable financial planning to account for products that will need replacing. That’s a simple matter when it comes to hardware items like network switches or server computers. It’s much more complicated for the components of security systems.

    When a product is on a par with the best of its class, it provides the greatest security operational value available. When technology advances and provide more operational capabilities – even though a product is still working, it can become outdated because it no longer provides the security operations capabilities that are available to the organization. The product can then become a detriment and constitute a risk-mitigation deficiency, especially if there are operational costs involved in compensating for the product's deficiencies.

    Technology Investment

    The following are good product lifecycle management practices and are elements of a sound security technology investment approach. Among other benefits, they increase the return on investment (ROI) for the products. These can be especially relevant for high device-count deployments.

    • Reuse. When a device’s operational life exceeds its useful life as deployed, redeploy it elsewhere to improve security and increase its (ROI).
    • Enhancement. When the useful life of a software or hardware product can be extended or enhanced by the acquisition of a new type of product, do so when it makes financial sense.
    • Force-Multipliers. Pay attention to technology force-multiplier effects, as these not only increase security operations capabilities, they increase the ROI for existing security operations expenses, a factor that should be made known to security investment decision-makers.
    • Product Roadmaps. Pay attention to manufacturer product roadmaps, as software and firmware upgrades can also increase the operational value of products in significant ways. This is product evaluation factor.
    • AI-Enabled Products. Some AI-enabled devices and software increase their effectiveness over time thanks to machine learning and are typically designed to also have their feature sets expanded over time. Thus, they extend their useful product life in ways never before possible. Consider this factor when evaluating product costs.
    • Cloud Services. Cloud-bases services typically advance continually by plan and design, using a software engineering approach called continuous delivery. This allows customers to influence the product roadmap. When evaluating manufacturers, find out about their history of encouraging and adapting their roadmap to support customer requests and preferences.

    Enhancements and Force-Multipliers

    I recently learned about two products, explained below, that are examples of enhancing an existing product’s useful life by providing force-multiplier capabilities. One of the challenges for many security operations centers (SOCs) and monitoring rooms is using security cameras to track suspects and offenders in real-time through a facility. This is a challenge because many camera rooms and hallway scenes are similar to other scenes, and it can be difficult to determine where a particular camera’s field of view is within a facility when dealing with multiple buildings and multiple facilities. Typically, a VMS’s camera view group contains a set of high-interest cameras, not necessarily those cameras in the connected hallway paths or building areas. Thus, it can be a challenging operator task to track an individual across cameras in real-time. The VMS interaction required makes it hard to perform other actions, such as locking down facility areas and talking with responding officers.

    The GeoView feature in Salient Systems’ (www.salientsys.com) CompleteView 20/20 VMS directly addresses this challenge. See the two-minute video at https://bit.ly/GeoView. The VMS application screen contains both a camera view group and a facility map. When there is a motion or other alarm associated with a camera in the view group, on the map, the camera’s field of view cone alternates its colors. The operator can make a rectangular selection area that includes flashing camera cones and the cones from cameras that surround it. This instantly creates a new camera view group containing the related cameras.

    In the video, when the subject moves off the first camera’s field of view, you can immediately see him in the neighboring camera’s field of view – no operator action required. This allows SOC operators to take other actions all the while continuing to track the subject. This type of feature reduces minutes of operator VMS interaction down to seconds, enabling faster response and continuing situational awareness throughout the response. It’s definitely a force multiplier for risk situation evaluation and incident response.

    However, such a feature may not be sufficient for facilities with multiple subjects to track in real-time, such as airports or retail facilities. AnyVision (www.anyvision.co), a computer vision company,  provides a Real-Time Route feature that automatically performs this kind of subject tracking using a combination of facial and body profile characteristics. See the two-minute video here: https://bit.ly/real-time-route. Through API integration with several brands of VMS system including Salient’s CompleteView, automatic tracking can be performed both in real-time and in recorded video.

    Product Lifecycle Stakeholders

    IT is an important product lifecycle stakeholder for any product or system that goes on a network. But don’t forget to inform and educate the other organizational product lifecycle stakeholders, including financial decision-makers.

    About the author: Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.

    © 2020 RBCS

    About the Author

    Ray Bernard, PSP, CHS-III

    Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com), a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).

    Follow him on LinkedIn: www.linkedin.com/in/raybernard

    Follow him on Twitter: @RayBernardRBCS.