Since 2006, the LUSAX research program at Lund University in Sweden has investigated the effects of digitisation on the physical security industry

Since 2006, the LUSAX research program at Lund University in Sweden has investigated the effects of digitisation on the physical security industry. This article will look into the forces driving digitisation, and how those forces broadly translate and impacts the physical security industry.

Historically, physical security systems have moved from purely mechanical systems into systems holding both mechanical and electronic low-voltage circuit-based components. Development was pushed further forward when digital components emerged in the late 1980’s with the introduction of Digital Video Recorders (DVRs). And from 1996, when Sweden-based Axis Communications claims to have introduced the first network-enabled surveillance camera, digital components were further introduced into physical security systems. From a strategic business point of view, the digital shift most importantly brought with it new ways of doing business. Currently it is more common to observe novel and potentially more efficient business models challenging the proprietary and integrated one-brand manufacturer-distributor-integrator model historically associated with the industry.

However, from an end-user point of view, the primary objective of a security system is still to protect organisational assets from harmful action. Preferably this is achieved by means of pro-active deterrence, and secondarily by direct prevention. Any change in the underlying technology – mechanical or digital – needs to be evaluated against these objectives. In order for technological advancements to be value adding, it needs to either strengthen the overall performance – both in terms of functional and non-functional requirements – of the current system, or lower costs for the same performance.

In the case of a video surveillance system, the purpose of the system could be to decrease the number of shoplifting incidents at a store by means of temporarily storing the snapshots or shorter video sequences of customers visiting the store. Two examples of advancements associated with digital surveillance cameras may for example be superior performance in terms of picture quality and ease of access to the recorded material compared to previous generations of surveillance cameras. But, it could also be to protect assets against unintended harmful actions, for example in protecting co-workers from exiting areas with sensitive business information. Furthermore, digital systems have been suggested to have potential value in improving core value-adding operations. A prime example of this feature is the track-and-trace functionality in parcel shipment. Finally, the potential of pre-programmed self-diagnostics is another example of feature associated with future digital systems.

Why digitisation happens

When Sweden-based Axis Communications claims to have introduced the first network-enabled surveillance camera, digital components were further introduced into physical security systems

More broadly, digitisation is tightly coupled to what is referred to as Moore’s Law within the computing industry. First formulated by Gordon Moore at Intel in the early 1960’s, it proposed that computing capacity doubles every 12 months. Put in other terms, if we enter a computer store to buy computing power in June 2013 for one dollar, we would receive double the amount of computing power in June 2014 for the same amount of dollar. Gordon Moore was proven right, although slight modifications to the law have been added. The current doubling-speed in terms of computing power happens every 24 months. While this is merely a computational law, the business-consequences are important. Assuming a doubling of computing power every 24 months creates business opportunities for entrepreneurs that can translate the computing power into business-serving concepts at a low cost. This creates a strong cost-pressure on firms to consider digitising and even automating parts of the value-adding process. Examples of professional categories that have been affected by automation are for example secretaries, travel agents and bank tellers.

Moore’s law may impact industries in mainly two distinct manners: The first being digitisation that enhances the physical and manual activities – referred to as a kind of digital overlay to the current activities. The second one having more fundamental impact on an industry in the form of automation – simply substituting manual labour with (digital) machines, like in the case of the professions mentioned earlier.

Reasons for a slower pace of digitisation

Consequently, the key decision is not to ignore digitisation as a mere ‘gadget shift’, but rather to ask the question - in what way will Moore´s law impact my industry sector? Will Moore’s Law digitally reinforce and complement current work-practices according to the digital overlay-scenario, or will it simply substitute manual security labour gradually? The evidence the LUSAX-team has collected the past 9 years suggests a slower than expected, gradual and complementary development compared to other industries. We see three main reasons to a slower development speed.

The first (1) being the nature of security systems, they are to deter harmful action that is based on non-standardised behaviour. The intruder is actively attempting to outsmart the system. Routine business tasks, like registering invoices is a routine that once established may easily be duplicated and lends itself easily to digitisation and automation. Quite the opposite – and due to the variation in the intruder’s behaviour –duplication of the external qualities of a security system across an organisation would represent a risk in itself.

In the case of the physical security industry, the evidence collected by the LUSAX group suggests a more slow-moving digitisation more associated with the digitally enhancing scenario

Secondly (2), the service-level of security systems should be near fail-safe. Everyday use of IT-based services is associated with a higher degree of acceptance to operational disruptions, meaning users and organisations tolerate a lower than fail-safe performance-level compared to security systems. This is sometimes refereed to as the Beta-culture of the IT-industry. In turn, this generates a more conservative approach to experimentation with new technologies among security practitioners that makes digitisation a slower-moving process compared to other sectors.

Third (3) and finally, while it is true that security management has increased in importance from a corporate point of view the past decades, security management still is redundancy and contingency-centric. This in turn hampers a rapid diffusion of digital security innovations. On the other hand, strategic management more generally concerns itself with achieving organisational goals by actively taking risks in a lean and non-redundancy direction. This orientation lends itself more compatible with the automation scenario, for example reducing the need to keep parts of the corporate accounting, marketing or R&D staff internally.

Summary

In this article we have briefly introduced Moore’s Law as a broad driver of digitisation. The effects of digitisation may impact industries differently. Either disruptively - basically gradually reducing the need for manual execution of current work practices, or enhance activities by means of digitisation. In the case of the physical security industry, the evidence collected by the LUSAX group suggests a more slow-moving digitisation more associated with the digitally enhancing scenario.

Download PDF version

Author Profile

Markus Lahtinen Researcher and Lecturer at Lund University, LUSAX Security Informatics

Markus Lahtinen holds a Master’s degree in Informatics (2001) and a Bachelor's degree in Business Administration and Economics (2006). The past ten years he has been active as lecturer at the Department of Informatics at the School of Economics and Management, teaching mainly Interaction Design but also given classes on Decision Support Systems, UML, IT and organisation, and supervising theses work for students at Bachelor and Master level.

In case you missed it

Has the gap closed between security fiction and security reality?
Has the gap closed between security fiction and security reality?

Among its many uses and benefits, technology is a handy tool in the fantasy world of movie and television thrillers. We all know the scene: a vital plot point depends on having just the right super-duper gadget to locate a suspect or to get past a locked door. In movies and TV, face recognition is more a super power than a technical function. Video footage can be magically enhanced to provide a perfect image of a license plate number. We have all shaken our heads in disbelief, and yet, our industry’s technical capabilities are improving every day. Are we approaching a day when the “enhanced” view of technology in movies and TV is closer to the truth? We asked this week’s Expert Panel Roundtable: How much has the gap closed between the reality of security system capabilities and what you see on TV (or at the movies)?

BCDVideo signs OEM deal with Dell EMC: positive impact for surveillance storage
BCDVideo signs OEM deal with Dell EMC: positive impact for surveillance storage

In a significant move for the video security market, BCDVideo has announced that it is set to become Dell EMC’s OEM partner in the video surveillance space. For nearly a decade, the Chicago-based company has been known as a key OEM partner of Hewlett Packard Enterprise (HPE), providing storage and networking technology to security integrators on a global scale. This latest partnership will allow BCDVideo to take their offerings to the next level. BCDVideo Vice President Tom Larson spoke to SourceSecurity.com to discuss the reasoning behind the deal, and how the programme will benefit partners, integrators, and end-users alike. Expanding BCDVideo's product offering For BCDVideo, the HPE OEM programme has been widely acknowledged as a success, allowing the company to leverage a globally recognised brand and provide high-quality, reliable solutions across video networking and access control. Nevertheless, explains Larson, HPE server solutions are primarily suited to large-scale enterprise projects, and are therefore unable to accommodate for the growth in small- and medium-sized surveillance applications. The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering, building on success in the larger enterprise market to offer tailored solutions to SMEs. Our aim is to look at all best of breed technology to serve the video surveillance marketplace, and that means multiple partnerships” Support for integrators By leveraging Dell EMC’s sophisticated digital storage platforms, BCDVideo will now be able to offer a more cost-effective solution to integrators, without sacrificing the resilience and IT-level service that BCDVideo is known for. With access to Dell EMC’s expansive global sales and technical teams, the company hopes to expand its reach, all-the-while providing partners with around-the-clock technical support and a five-year on-site warranty. Customers should be reassured that BCDVideo will continue to offer HPE platforms, service, and support. “Our aim is to look at all best-of-breed technology to serve the video surveillance marketplace, and that means multiple partnerships,” says Larson.  “The addition of Dell EMC to our portfolio is a major win for BCDVideo, for Dell EMC, and for our integrators.” The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering Meeting surveillance market demands At the technology level, assures Larson, Dell EMC’s server offering is well suited to handle the increasing video resolution and growing camera count demanded by the surveillance industry. At the larger end of the spectrum, the company’s Isilon Scale-Out NAS solution can handle tens of petabytes of data, making it ideal for large-scale security applications such as city-wide surveillance and airport security. Dell EMC storage solutions are already proving successful at major international airports including Dubai and Abu Dhabi, each with a camera count in the 1000s.Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market” For Dell EMC, the new partnership means the ability to expand on this success in the enterprise market, leveraging BCDVideo’s surveillance expertise and high-level customer service to offer tailored solutions for lower-volume applications. Since its inception, BCDVideo has differentiated itself in the security space by providing a high level of IT service to integrators making the transition to IP systems. By combining resources, the partners will be able to service VMS and analytics companies, software vendors, and access control providers, as well as traditional business integrators. Ken Mills, General Manager Dell EMC Surveillance, explains: “Surveillance storage is not just about capacity, it is also about performance and reliability. Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market.” Accomodating for growth BCDVideo is well placed to accommodate this anticipated growth. Last year, the company opened a new 51,000-square-foot global headquarters in Illinois, home to 90 separate stations within their Innovation Center where each system is customised according to integrator needs. The new facility allows for expanding business with new and existing partners in the security market.

How to manage physical security data in compliance with EU GDPR
How to manage physical security data in compliance with EU GDPR

Until recently, data laws have differed from one country to the next. This meant that for those organisations conducting business or protecting assets abroad, they needed to localise both their infrastructure and policies dependant on the country they were operating in. However, with the impending arrival of the EU GDPR (General Data Protection Regulation), which comes in to force on the 25th May this year, all of that will need to change. Data management in CCTV surveillance Surprisingly, despite the fact that much has been written about the impending EU GDPR, very little attention has been devoted to the process of ensuring compliance for the operation of video surveillance, access control and other physical security systems. The EU GDPR dictates that businesses adhere to specific governance and accountability standards with regards to the processing of all data. As this includes such a large scope of data, any public or even private organisation using CCTV to monitor publicly-accessible areas must pay attention, as monitoring the public on a large scale is by default considered a high-risk activity. This includes information that shows who a person is, where they are and any other specifics about them.We have seen organisations defining corporate standards for their physical security systems based around IT standards and technologies According to numerous market research studies, many organisations are yet to take the necessary steps in order to review the new regulations and ensure the necessary changes are made to meet these obligations. To date, we have seen organisations defining corporate standards for their physical security systems based around IT standards and technologies. With the implementation deadline of the new regulations fast approaching, these should be in a better state of readiness, with standardised processes, common organisational approach and technology. Enhancing industry awareness of compliance  What’s more, a lot of legacy systems or disparate systems are still out there, and these may still have been entirely commissioned and operated by location-specific security teams. Regardless as to where your organisation stands in terms of technology, it is important to participate in the GDPR review with a greater sense of urgency.  The EU GDPR dictates that businesses adhere to specific governance and accountability standards with regards to the processing of all data Tony Porter, the UK’s Surveillance Camera Commissioner, has been incredibly vocal in recent months with regards to making security system operators aware that their activities will be subject to the GDPR and to signpost them to relevant guidance from the ICO. For those actively seeking to ensure their businesses are compliant, his organisation’s independent third-party certification is a great place to start. However, with just a few months until the regulation comes into force, it is unfortunate that his organisation is not yet in a position to confirm this will be sufficient to demonstrate compliance with the EU GDPR. Ensuring regulatory preparedness With this being said, there are still a number of steps organisations can take to ensure they are well-prepared when the law comes into play: Get involved in the GDPR discussion If you haven’t already, proactively initiate a GDPR discussion with your legal team and ask for their guidance. Conduct a gap analysis to identify what works and what might require improvement in accordance with the new regulation. Then engage your consultants, integrators and manufacturers who should be able to advise on appropriate solutions. In the vast majority of cases, it should be possible to upgrade the existing system rather than ‘rip out and replace’.The appropriate use of encryption and automated privacy tools is a logical step Adopt privacy by design Under the terms of the EU GDPR, data that is anonymised or pseudonymised is likely to be low-risk. The appropriate use of encryption and automated privacy tools is therefore a logical step. For example, video redaction that blurs out people’s faces in video unless there is a legitimate reason to reveal their identity can minimise the dangers of having security cameras deployed in public spaces. Seek out certified and sanctioned organisations, such as the European Privacy Seal group ‘EuroPriSe’, a professional organisation whose purpose is to ensure companies meet the ‘GDPR-ready’ privacy compliance standards. Consider cloud-based services Owners of on-premises video surveillance, access control or ANPR systems are responsible for all aspects of EU GDPR compliance, including securing access to the systems and servers storing the information. However, by working with an approved cloud provider it is possible to offload some of these responsibilities. For example, we partner with Microsoft Azure to offer these systems ‘as a service’. This pathway significantly reduces the customer’s scope of activities required to ensure compliance and is highly cost-effective. Yet it is important to realise it isn’t a full abdication of responsibility. You remain accountable for ensuring data is classified correctly and share responsibility for managing users and end-point devices.  With data laws changing around the world, businesses need to seriously consider how their security technology investments will help them manage risks in order to keep pace. With the GDPR deadline approaching, it is the ideal time to re-evaluate practices, partner with forward-thinking vendors and adopt technologies that will help meet privacy and data protection laws. This way, businesses can minimise risk, avoid costly penalties and be ready for anything.