Security system interoperability to become standard in 2018

Download PDF version

At ONVIF, we believe our perspective for 2017 turned out to be reasonably accurate. We did see an increasing interest for interoperability all the way to system-to-system level; not only within the security industry, but also in neighbouring industries where the prospects for IoT have drastically improved.

I believe the industry as such has matured in its relation to IoT and today we can imagine how IoT will play a part of smarter and safer system deployments.

Increased cybersecurity threat

The industry responded well to the sudden increase of cybersecurity issues and many companies already have well-defined processes in place. I think the user community is learning quickly that cyber security is not an isolated technical challenge or threat and it is crucial to have security processes and policies in place and up to date.

For ONVIF, as a technical alliance working for effective interoperability, 2017 was a good year. Interoperability is now really becoming the base line for systems in the security industry.

International standardisation for the security industry is progressing with implementation for both Video Security Systems and Electronic Access Control, both based on ONVIF’s specifications Profile A and Profile T.

2018 security predictions

It is always exiting to predict what next year will bring. ONVIF is of course inspired to notice the increasing demand for interoperability and we are confident that the need for effective interoperability in multi-vendor deployments will also continue to grow during 2018. Businesses will have to adapt to the increasing interoperability demands and market conditions or they risk losing out. That’s true within the physical security industry and in most technology-based markets.

Nothing fundamental has changed since 2017. ONVIF still maintain its position as the de-facto standard for interoperability between IP-based physical security devices. The acceptance for ONVIF is very well established in the market and accepted by the global standards community and we will continue our efforts to meet the expectations of the security industry.

Download PDF version

Author profile

Per Björkdahl Chairman, ONVIF

Per Björkdahl is Chairman of the ONVIF Steering Committee and leads standardization activities. He also serves as Director of Business Development at Axis Communications AB. Mr. Björkdahl is responsible for the development of new areas of business based on the Axis product portfolio, including identifying new vertical markets and developing strategic plans for the sales organization. Mr. Björkdahl joined Axis in 1999 as Global Sales Director with responsibility for sales development of the Axis new product group, Network Video.

Related companies
ONVIF

View all news from
ONVIF

In case you missed it

Why moving to a risk-based approach helps business

Today’s security leaders encounter many challenges. They have to operate with reduced budgets and face challenging and evolving risks on a daily basis. Security leaders are often ignored and only called upon when needed or in disaster situations. Many don’t have an ongoing relationship with the C-suite because the C-suite doesn’t understand the value they bring to the whole business. In order to resolve these challenges, a security leader can apply a risk-based approach to their security program. According to dictionary.com, risk is “exposure to the chance of injury or loss; a hazard or dangerous chance”. Risk is broader than a security concern and involves the entire business. Through utilising a 3R model - considering resources, risks and resolutions - a security leader can evaluate the output from the model to build the foundation of a strong plan. This allows the leader to make security decisions based on a quantified risk measure. A business determines what resources it wants to protect, what risks it needs to protect the resources from and what resolutions it can put in place to mitigate the risk. Decisions are based on measurable evidence. Free online risk assessment tools are available to provide a fast, easy way to determine an organisation's basic security risks through an investigative approach The 3 Rs The first step in the 3R model is to figure out what resources need protection. This could be physical - such as buildings, critical infrastructure or valuable equipment, knowledge-based - such as intellectual property, or organisational - such as people or governance structure. Understanding the business will help the security leader develop a list of critical elements. Look for tangible resources such as buildings and machinery, and intangible resources like reputation, knowledge and processes. Second, determine what the resources need to be protected from. Anything that threatens harm to the organisation, its mission, its employees, customers, partners, its operations or its reputation could be at risk. These can include contextual risks (workplace safety or natural disasters), criminal risks (theft or cybercrime) or business risks (compliance or legal issues). Anything that threatens harm to the organisation, its mission, its employees, customers, partners, its operations or its reputation could be at riskFree online risk assessment tools are available to provide a fast, easy way to determine an organisation's basic security risks through an investigative approach. The tools ask several questions and determine risk based on an organisation’s location and the answers provided. Security leaders can also work with security companies and consultants that offer risk assessments to determine their company’s needs, and then offer solutions based on that assessment. The third objective is to determine how businesses can best protect the identified resource. The last of the 3 Rs - resolutions - are those security activities that enable the business to mitigate the impact of security risks. Resolutions can potentially prevent a security incident from occurring, contain the impact to resources if an event does occur and also assist the organisation in recovering from an impact more quickly or easily. The first step in the 3R model is to figure out what resources need protection, this could physical such as buildings or critical infrastructure The path forward Understanding what risks a business faces in totality provides an opportunity for the security leader to collaborate with other department heads. This gives security leaders an opportunity to engage with functions outside their norm as well as a chance to demonstrate their subject matter expertise. A risk-based approach also helps security leaders fully understand an organisation’s needs and concerns, which they can communicate to the C-suite to help them make better business decisions. Metrics can also help business leaders understand the cost/benefit of resolutions C-suite and executives help define an acceptable level of security risk tolerance to resources and make quality, educated decisions about mitigating security risks. Through collaborating with security leaders using a risk-based approach and the 3R model, metrics and reports show the impact of security expenses, and there is a transparent view of security risk. The final decision about how to mitigate and resolve risks is up to the business owner of the resource and the risk stakeholders. To obtain funding, show the risk and value of resources exposed to potential impact. Then present the recommended resolution that reduces the potential level of impact and the associated cost benefit savings. By providing this information, security leaders can ensure that the business owners can make an educated decision. Measuring success A risk-based approach aligns the security mission with the organisation’s mission. Security leaders should have these conversations with their business leaders on a regular basis. Understanding the thresholds of risk tolerance and showing when incidents or activities are trending outside of acceptable boundaries will help business leaders make educated decisions. The 3R model also helps a business to track occurrences, quantify the direct and ancillary impact and make continuous adjustments to the security program Determining a baseline of acceptance gives a foundation for security leaders to point out when the organisation is not meeting its own requirements. Metrics can also help business leaders understand the cost/benefit of resolutions and demonstrate when costs may be trending outside of acceptable boundaries. The 3R model also helps a business to track occurrences, quantify the direct and ancillary impact and make continuous adjustments to the security program. It is important to note that this process is not stagnant, and needs to be constantly revisited. Examining risks, resources and resolutions in a systematic way will help security leaders understand what they are protecting Defining risks and vulnerabilities Continuous conversations using the 3R model also help business leaders understand what security risks could interfere with meeting business objectives. It also aligns the total cost of ownership for the security program with the business value of the resources at risk.The approach puts the security risk decisions in the hands of the ones impacted by those risks And it defines the security role as risk management, not just task management. The approach puts the security risk decisions in the hands of the ones impacted by those risks…the “owners” of the resources. Examining risks, resources and resolutions in a systematic way will help security leaders understand what they are protecting, what they are protecting it from, and how they can help prevent, contain or recover against a specific risk. Followers of this approach are in a better position to ask for funding because they can clearly define and quantify risks and vulnerabilities. Applying these principles will equip security leaders with the knowledge needed to have better dialogue with colleagues in other departments, encouraging more proactive discussions about security.

Why regional? Inside ADT's mergers and acquisitions of US security integrators

ADT Inc.’s acquisition of Red Hawk Fire & Security, Boca Raton, Fla., is the latest move in ADT Commercial’s strategy to buy up security integrator firms around the country and grow their footprint. In addition to the Red Hawk acquisition, announced in mid-October, ADT has acquired more than a half-dozen security system integration firms in the last year or so. Here’s a quick rundown of integrator companies acquired by ADT: Protec, a Pacific Northwest commercial integrator (Aug. 2017); MSE Security, the USA’s 27th largest commercial integrator (Sept 2017); Gaston Security, founded in 1994 as a video surveillance integration company and whose services have since expanded to include intrusion, access control, and perimeter protection (Oct. 2017); Aronson Security Group (ASG), which delivers risk and security program consultants and offers advanced integration services, consulting and design engineers and a National Program Management team (March 2018); Acme Security Systems, among the largest privately held security systems integrators in the Bay Area, focusing on electronic security systems, access control, video networks and more (March 2018); Access Security Integration, a regional systems integrator specialising in design, delivery, installation and servicing of electronic security systems including enterprise-level access control, video and visitor management solutions, perimeter security and security operation command centers (Aug. 2018); In addition to their moves in the commercial integrator space, ADT has also sought to expand their presence in cybersecurity with the following two acquisitions: Datashield, specialising in Managed Detection and Response Services (Nov 2017); Secure Designs, Inc., specialising in design, implementation, monitoring, and managing network defense systems, including firewall services and intrusion prevention, to protect small business networks from a diverse and challenging set of global cyber threats (Aug. 2018). ADT has acquired more than a half-dozen security system integration firms in the last year or so For additional insights into ADT’s game plan and the strategy behind these acquisitions, we presented the following questions to Chris BenVau, ADT’s Senior Vice President of Enterprise Solutions. Q: ADT has been actively acquiring regional integrators this year – more than a half a dozen to date. Please describe the history of how ADT came to embrace a strategy of acquiring regional integrators as a route to growth? ADT's acquisition of Red Hawk is set to close in December, and brings premiere fire and life/safety solutions BenVau: Our acquisition strategy started at Protection 1 when we embarked on our journey to build out our commercial and national account business and add enhanced integration capabilities to our portfolio. The merger of Protection 1 and ADT brought that foundation to ADT which up to that point was primarily a residentially and SMB-focused company. After the merger, we set out to identify and acquire additional regional integrators that would continue to build on that foundation and deliver enhanced technical solutions, advanced technologies and an expanded service, install and support footprint. Through our acquisitions we now operate two Network Operations Centers and three Centers of Excellence. We are also unique in the industry with the number and variety of certifications, like Cisco and Meraki, our engineers hold which ultimately allows us to offer Managed Security as a Service. They have also enhanced our operational capabilities. Q: What criteria do you use to evaluate whether an integrator is a good “fit” for ADT? BenVau: First and foremost, we look at the culture of the companies. The companies that we target for acquisition must be metrics- and customer service-driven. Secondly, we look at the leadership teams. ADT view their acquisitions more like mergers and take a patient approach to integrating them into their business We have been fortunate in the fact the leadership of the companies we acquired remain with us today in key management and executive positions helping to drive continued growth within their organisations. We also evaluate their current customer base, unique solutions and their ability to complement and enhance our portfolio with the goal of becoming a leading full-service, enterprise commercial provider. Our acquisitions have bolstered our network capabilities, brought enterprise risk management services, and a broader solution set in high-end video and access control solutions. Our most recent acquisition – Red Hawk, set to close in December – brings us premiere fire and life/safety solutions. Q: What changes are typically needed after an integrator is acquired in order to adapt it to the ADT corporate model? BenVau: We view our acquisitions more like mergers and take a patient approach to integrating them into ADT while taking into account their culture. We want to ensure that we find the right positions for their people, embrace the right messaging and put the right processes in place. We acquire these companies because they are the best in their respective businesses and geographies and bring their knowledge and experience in markets or with solutions that we may not have had previous access to. ADT can support clients with their own in-house technicians which helps to ensure a consistent security program Q: How can regional integrators benefit from the ADT brand? Have your newly acquired integrators realised additional growth? BenVau: The companies we have acquired, generally, have exceeded expectations and surpassed initial goals. ADT brings expanded opportunities for these companies as well with our national footprint. Our National Account Sales Team has seen impressive growth over the years and are only limited by our ability to deliver. These integrators help to deliver on that. In the past, the regional players may have had to rely on sub-contractors to service their larger clients. With ADT, we can now support those clients with our own in-house technicians which helps to ensure a consistent security program across multiple locations.Our National Account Sales Team has seen impressive growth over the years and are only limited by our ability to deliver" Q: Are additional integrator acquisitions planned this year and into 2019? How much is enough and when will it end (or slow down significantly)? BenVau: We expect to close on our latest acquisition, Red Hawk, before the end of 2018. Red Hawk brings a national footprint focused on fire/life safety and security to ADT. While ADT already had a robust security offering, Red Hawk will contribute significantly to the fire side of the business. In addition, we will continue to evaluate the companies in the industry to determine if additional acquisitions make sense. Q: Do you expect greater consolidation of the integrator channel in the industry as a whole? Why is this a good time for consolidation? Is it a good M&A market for buyers like ADT? BenVau: We will continue to evaluate companies in the industry to determine if further acquisitions make sense. As for the industry, we can only speak for ourselves. Our focus is on investing in our field organisation, in particular our service technicians, engineers and project management teams" Q: What other trend(s) do you see in the industry that will impact ADT (on the commercial side) in the next year or so, and how? BenVau: In addition to their moves in the commercial integrator space, ADT has also sought to expand their presence in cybersecurity Networking is a big one. As we continue to drive integration of devices and services, from AI, “the cloud,” machine learning and even analytics, there will be more focus on the network they ride on. A deeper knowledge of network design, bandwidth impact, and system integration will be critical. As part of our acquisition strategy, we focused on talent to add to the team and have been able to add to our bench strength in this area. Q: Any other comments/insights you wish to share about ADT’s strategy, future, and role in the larger physical security marketplace? BenVau: Our focus is on investing in our field organisation, in particular our service technicians, engineers and project management teams. The cornerstone of our success lies in our ability to deliver outstanding customer support and service. It starts with sales and the ability to deliver security and life safety technologies, but it ends with a delighted customer who partners with us to help secure the things that matter most to them. Our recent acquisitions have more than doubled our commercial field operations teams and are key to establishing the ADT Commercial brand as a leading full-service provider of enterprise solutions to the marketplace.

Does “security technology” cover the broader application possibilities of today’s systems?

The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?