Previously access control and alarm monitoring systems were the default base security monitoring operations application
 “Winners” in 2015 will be multinational security solutions companies and recruiters for mid-to senior-level employment placement

ASIS International 2014/2015 Review and Forecast:

Spending on security systems was up in 2014: In general, it seems that there was an increase in capital projects for 2014. Two likely contributing factors are a slightly better economic outlook, and the previous capex holding patterns of many organisations wanting to move out of that position. World events such as ISIS, Ebola, the Israel-Gaza conflict, Ukraine/Russia, the disappearance of Malaysia Airlines 370, and multiple active shooter incidents resulted in the lifting of spending restrictions. There were significant investments made in personnel, training, and emergency preparedness. The general 2014 increase in M&A activity has been part of the picture as well, with physical security (access control, video, and intrusion) for the acquired properties getting attention.

Video systems seem to be greatest category of expenditure

Part of the access control spending increase was to replace end-of-life access control systems—in particular, Casi-Rusco. Many of the major access control companies (Lenel, Honeywell, and AMAG, for example) released upgrade kits or conversion programs that allow upgrades of the front-end servers, and in some cases field control panels, without having to rip and replace door control hardware and readers.

Analogue product demand is dropping

Many integrators dropped key analogue product lines due to increased customer demand for IP-based products. Video products constitute the bulk of this change.

There was an increase in security system purchases for U.S. healthcare and college campuses

(not noticeably so for K-12), to establish higher levels of security. There was also an increase in security system expenditures across U.S. pharmaceutical companies.

There is also an expanded interest in security management academic and course curriculums at colleges and universities

Diversity of security personnel within the industry continued to grow

There is also an expanded interest in security management academic and course curriculums at colleges and universities.

Integrators heighten interest in security assessments

There seems to be a higher level of interest in security assessments on the part of security integrators. I believe this is due to both the availability of more educational sessions designed for integrators and an increased requirement for security practitioners to relate their security investments to the risk picture. While this probably relates to a minority of integrators, it’s a trend in the right direction that will be an important as a differentiating competitive factor. I know of several integrators that hired personnel with assessment experience, and some who sent personnel for training. The availability of online training in the future may be a factor supporting this trend, as it’s hard for integrators to take personnel out of the field for extended out-of-town training. For the most part, these are threat and vulnerability assessments, light on the threat part and heavy on the vulnerability aspect (i.e. not full-blown risk assessments). This is the state that IT security was in a little over a decade ago. However, it’s a start and certainly better than no assessment at all.

Using Advanced Video Management Systems (VMS) as “Basic PSIMs”

Previously access control and alarm monitoring systems were the default base security monitoring operations application. Then along came PSIM (Physical Security Information Management) as a new name for security operations and response software that integrates the many system components of a security technology infrastructure. However, PSIM is complicated to deploy and expensive (typically over $500K), making it feasible for only the largest organisations and critical infrastructure. This year, high-end VMS manufacturers have increased their claims about serving as a light PSIM application, and at 10 percent of the cost of the big-name PSIM applications. Support for mobile devices both for video, text, and voice communications is a contributing factor. Now that megapixel video has improved the quality of video, and now that petabyte capacity storage is affordable for large systems, this trend may well continue.

International security breaches call for protocol review

Unexpected events including a breach at the White House and Canadian parliament buildings gave way for review of protocols.

Interest in cloud solutions is increasing

Integrators and consultants both report a high level of interest in cloud solutions. Cloud solutions are viewed as an alternate approach to huge capital reinvestment for aging systems, and as a way to establish standardization across the enterprise at a reasonable cost.

Previously access control and alarm monitoring systems were the default base security monitoring operations application

Cloud security is a very high and real concern

I know of two organisations (one integrator group, one large end-user company) who engaged a team of cybersecurity experts to evaluate cloud-based video storage solutions. In both cases, a large number of relatively small, but important, video applications were involved; all of the cloud services evaluated could be seriously compromised within 15 minutes of the first attempt (i.e. hackers could view customer video). Some of these were “big name” services. A failure on the part of physical security cloud service businesses to address security for their offerings could be a significant stumbling block for those companies, bringing the risk that a serious incident could set back the business development efforts for security industry cloud services in general.

The reason that these two organisations invested significantly in their cybersecurity teams is that cloud-based services have the potential to let them significantly expand and improve the value of their technology deployments at a fraction of the cost.

Increase in cybersecurity spending

Increases in cybersecurity spending are on a trend to quickly outpace spending on traditional security (corporate, physical). This feedback comes from large and small integrators who have CSO/Corporate Security Director practitioners as customers. The high level of media coverage for the many large-scale data security breaches has elevated cybersecurity concerns over those of traditional security concerns.

It is completely unlikely that companies will start publicising the extent and impacts of their physical security breaches, just to help the traditional security industry get media coverage!

There seems to be a higher level of interest in security assessments on the part of security integrators

Cybersecurity vulnerabilities of critical infrastructure, especially the electrical power grid, are also overshadowing traditional security concerns.

Large integrators, in particular, are concerned about the implications for traditional security spending going forward. Key question are: if the economy begins to significantly improve, what portion of security spending will go to cybersecurity over traditional security? And, could traditional security spending remain weak if there is a strategic shift in security investments over to cybersecurity?

How will the business change over the next year?

Businesses will need to prepare employees to be resilient as the incidents of home-grown terrorists, hate crimes, and protests will continue to rise in 2015. Organisations are encouraged to engage in public-private partnerships, if they have not already done so. It will be a necessity.

As noted in my previous comments, threats to customer information will continue to be a trend in the New Year, requiring businesses to reevaluate their internal processes and systems. Social media will be a tool that organisations can use in their security operations, from investigations to real-time update on occurring events.

Increased interest by countries to develop more pervasive monitoring could put companies’ proprietary information at risk. A number of countries have either passed or are reviewing legislation that gives them more legal rights domestically to review and assess electronic communication on telecommunication networks, whether public or private.

Who will be the “winners” and who will be the “losers”?

I predict the “winners” in 2015 will be multinational security solutions companies and recruiters for mid-to senior-level employment placement.

Heightened areas of concern will remain the security of personal information and travel risks.

See the full coverage of 2014/2015 Review and Forecast articles here

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

In case you missed it

COVID-19 worries boost prospects of touchless biometric systems
COVID-19 worries boost prospects of touchless biometric systems

Spread of the novel coronavirus has jolted awareness of hygiene as it relates to touching surfaces such as keypads. No longer in favour are contact-based modalities including use of personal identification numbers (PINs) and keypads, and the shift has been sudden and long-term. Both customers and manufacturers were taken by surprise by this aspect of the virus’s impact and are therefore scrambling for solutions. Immediate impact of the change includes suspension of time and attendance systems that are touch-based. Some two-factor authentication systems are being downgraded to RFID-only, abandoning the keypad and/or biometric components that contributed to higher security, but are now unacceptable because they involve touching. Touchless biometric systems in demand The trend has translated into a sharp decline in purchase of touch modality and a sharp increase in the demand for touchless systems, says Alex Zarrabi, President of Touchless Biometrics Systems (TBS). Biometrics solutions are being affected unequally, depending on whether they involve touch sensing, he says. Spread of the novel coronavirus has jolted awareness of hygiene as it relates to touching surfaces such as keypads “Users do not want to touch anything anymore,” says Zarrabi. “From our company’s experience, we see it as a huge catalyst for touchless suppliers. We have projects being accelerated for touchless demand and have closed a number of large contracts very fast. I’m sure it’s true for anyone who is supplying touchless solutions.” Biometric systems are also seeing the addition of thermal sensors to measure body temperature in addition to the other sensors driving the system. Fingerscans and hybrid face systems TBS offers 2D and 3D systems, including both fingerscans and hybrid face/iris systems to provide touchless identification at access control points. Contactless and hygienic, the 2D Eye system is a hybrid system that combines the convenience of facial technology with the higher security of iris recognition. The system recognises the face and then detects the iris from the face image and zeros in to scan the iris. The user experiences the system as any other face recognition system. The facial aspect quickens the process, and the iris scan heightens accuracy. TBS also offers the 2D Eye Thermo system that combines face, iris and temperature measurement using a thermal sensor module. TBS's 2D Eye Thermo system combines face, iris and temperature measurement using a thermal sensor module Another TBS system is a 3D Touchless Fingerscan system that provides accuracy and tolerance, anti-spoofing, and is resilient to water, oil, dust and dirt. The 2D+ Multispectral for fingerprints combines 2D sensing with “multispectral” subsurface identification, which is resilient to contaminants and can read fingerprints that are oily, wet, dry or damaged – or even through a latex glove. In addition, the 3D+ system by TBS provides frictionless, no-contact readings even for people going through the system in a queue. The system fills the market gap for consent-based true on-the-fly systems, says Zarrabi. The system captures properties of the hand and has applications in the COVID environment, he says. The higher accuracy and security ratings are suitable for critical infrastructure applications, and there is no contact; the system is fully hygienic. Integration with access control systems Integration of TBS biometrics with a variety of third-party access control systems is easy. A “middleware” subsystem is connected to the network. Readers are connected to the subsystem and also to the corporate access control system. An interface with the TBS subsystem coordinates with the access control system. For example, a thermal camera used as part of the biometric reader can override the green light of the access control system if a high temperature (suggesting COVID-19 infection, for example) is detected. The enrollment process is convenient and flexible and can occur at an enrollment station or at an administration desk. Remote enrollment can also be accomplished using images from a CCTV camera. All templates are encrypted. Remotely enrolled employees can have access to any location they need within minutes. The 3D+ system by TBS provides frictionless, no-contact readings even for people going through the system in a queue Although there are other touchless technologies available, they cannot effectively replace biometrics, says Zarrabi. For example, a centrally managed system that uses a Bluetooth signal from a smart phone could provide convenience, is “touchless,” and could suffice for some sites. However, the system only confirms the presence and “identity” of a smart phone – not the person who should be carrying it. “There has been a lot of curiosity about touchless, but this change is strong, and there is fear of a possible second wave of COVID-19 or a return in two or three years,” says Zarrabi. “We really are seeing customers seriously shifting to touchless.”

How to maximise your body temperature detection systems
How to maximise your body temperature detection systems

There are many companies jumping into selling temperature detection systems to the state, local governments, hospitals, airports and local businesses, but do they know how to drive one? Anyone can get behind a car and drive it into a wall by accident. The same can happen with a temperature detection system.  The first thing you should ask is “does my firm have a certified thermographer?”. If not, the firm are at risk of getting a low quality system that is being resold to make quick cash. Businesses that are doing this do not know how to operate it properly. Asking the right questions Secondly, you should ask whether the system is NDAA compliant. NDAA compliance means that your temperature detection equipment is protected by U.S. law. Does your system have a HSRP device (blackbody)? HSRP (Heat Source Reference Point) is a device that will allow the camera to detect the correct temperature a distance. Even if the room temperature does change throughout the day, treat it as a reference point for the camera to know the temperature at that distance. Can your system scan mutliple people at once? Can your system scan mutliple people at once? This is a bad question but often asked since most systems will say yes. For ease, everyone wants to scan many people at once, but the best practice according to FDA and CDC guidelines is to run one person at a time for best accuracy. Why? The HSRP (blackbody) device tells the camera what the correct temperature is at a given distance away from the camera. Every foot you are away from the HSRP device will be off by 0.1 degrees roughly. If you are in a room full of people, let's say 6, in view of the camera, every person that is not next to the HSRP device (5) will be given an inaccurate reading. Hence why it is so important to run the system correctly with just one person at a time. You will also need to follow the 6 feet rule. If you take that into consideration, one at a time at 6 feet apart, the device should tell you how you need to run the system. Sensitivity of thermal imaging Is your system’s sensor accurate enough? The FDA recommends an error of ±0.5°C or better. When looking for a system, make sure it is better than what they recommend. I would recommend ±0.3°C or better. Do not purchase a system over ±-.5°C degrees as you are doing yourself and your customers or employees an injustice.  Another thing to look at is how many pixels it can determine the temperature from. Some cameras can only tell the temperature of 6 points on the screen, whilst others can take a temperature reading from each pixel. Take a 384x288 camera, for example, which would be over 110,000 points of temperature taking on a single image.      Thermal cameras are very sensitive, so there are a lot of do’s and don’ts. For example, the system cannot see through glasses or hats. On the below image you can see a person with the visual camera on the right, whilst on the left side is through a thermal camera.  Both are pointing at the same area. It is clear the person on the left side is “invisible” to the thermal imaging camera. Demonstrating the sensitivity of thermal imaging If you are a company who wants to detect the temperature of customers or employees though the front door, window or a car window, the answer would be no. You need a clear line of sight without any interference to scan for temperatures. Other things you need to look out for is wind and distance away from the HSRP (blackbody) device. Air and distance away from the HSRP device will make the system less and less accurate the more space between the device. Air and distance away from the HSRP device will make the system less and less accurate Thermal imaging and COVID-19 If you have a clear line of sight, is there anything I need to know? The answer is yes. Reflective materials such as metal can interfere with your temperature readings. Reflective materials are easily picked up from the thermal side so pointing at a medal, glass or anything reflective can cause inaccuracies within the system. In the age of COVID-19, temperature detection systems are more important than ever. Organisations must get a system in place to help scan for high temperatures in order to reduce the spread of the virus.

What are the security challenges of the oil and gas market?
What are the security challenges of the oil and gas market?

Protecting the oil and gas market is key to a thriving economy. The list of security challenges for oil and gas requires the best technology solutions our industry has to offer, from physical barriers to video systems to cybersecurity. We asked this week’s Expert Panel Roundtable: what are the security challenges of the oil and gas market?