Howard J. Belfor
Articles by Howard J. Belfor
Systems may be reliable and performing as originally intended, but can also beoutdated in comparison to current technology offerings Let’s start by defining what a legacy system is in the context of a security control system. Legacy refers to an installed and operating security control system made up of numerous components, both hardware and software, that have been eclipsed by newer technologies. A shortage of parts and pieces may be creeping in, and it’s also likely the older stuff has a service tech scratching his head when faced with a configuration setting or data entry protocol. The newer technologies, however, may still be providing much of the desired functionality required by the legacy system user. Legacy in this context then is not necessarily a pejorative term. The system may be both reliable and performing as originally intended but is outdated in comparison to current technology offerings both from a communications standpoint and as it relates to applications and data mining. So what to do? For openers, as my dad would day, do a Ben Franklin list of do’s and don’ts. Naturally you’d love to move to a new, bigger or smaller, better and faster system. But, first, what does that list look like? I for one think is might begin to look like this: Things to do when managing legacy systems Do you have a handle on your current technology capabilities? Many legacy systems are underutilised and have features that are not used. Revisit your systems capabilities: You are likely to make some pleasant discoveries. Do you have a handle on your current technology capabilities? Many legacy systems are underutilised and have features that are not used Do you currently know how all of the pieces and parts in your system are currently communicating? A great start for planning the next steps is to understand the “plumbing.” Associated with that is the location of communication; specifically, how are things wired and where are they terminated, recorded and catalogued? What does your power distribution for the system components look like? Do you have backup and other means of maintaining operations during a loss of power, and where is that stuff? If not done recently, this step provides an opportunity to ensure you are ready for things that don’t happen and also to revisit codes. It’s always worthwhile if a maintenance provider is available to a system test in this area, or it can be self-conducted. What is the state of your record management, and when was the last time you did some basic housekeeping, such as backup and the like? If you don’t remember when you did it last, stop reading and go do some housekeeping — it’s clearly due now! What works for you and your organisation, and what have you developed a work-around for? If your “super users” have found ways to manage desired system outcomes by some clever workaround, are there other desired features? Do you have a relationship with an authorised service provider or an on-staff trained first responder? Do you have attic stock (stuff you own) to support those older components? I like to think of it like making a road trip with a spare tire and basics in the trunk in case an extended unplanned stop on the side of the road interrupts your trip. Have you developed a plan for an eventual upgrade? What’s first, what does it cost and whom will I let provide pricing to do so? Rip-and-replace isn't your only option. There are many products and servicesavailable to migrate from a legacy to next steps utilising embedded infrastructure Planning and management What are my/your basic functional requirements, and where are the gaps now you must fill for enterprise sustainability? That legacy system likely has paid its way and now needs to be retired; I’m not ready either. Do you have a business case for this refresh – applications, data mining, new and reporting and risk mitigation strategies? If not, you are missing this first step of legacy migration planning and management. Managing the age includes a system exit strategy. Getting C suite, namely your CFO’s, attention is key; sustainability of your enterprise is 101, so functionality as it relates to risk mitigation is essential to keeping your entity flourishing. So what are the DON’T’s? Don’t trivialise the migration or response to the Do’s or you’ll end up in a big To Do. Don’t minimise the relationship with existing integration resources you have worked with, old and new. Organisations evolve, some for the best, some not so. Refresh these relationships as well; resources are like bridges – you never know when a crossing is needed. Don’t rush into the latest and greatest; be wary of who’s definition you subscribe to. There’s a reason they call it the “cutting” edge. Don’t believe that rip-and-replace is your only option. There are many legacy systems in our industry, and many well-made and well-thought-out products and services are available to migrate from a legacy to next steps utilising embedded infrastructure. The bottom line: Define your parameters, select your partners and engage companies with a history of legacy migration and thought leadership. If your legacy includes some products with forward-thinking engineering thought leadership, you may be able to manage your needs with security control board-level replacements or the flashing of new firmware and upgrades to software. I‘m aware of several companies whose products elegantly move through time, adding new applications and functionality without wholesale rip-and-replace. These legacies carry on. The market has responded to you and others eager to know their options. There are many ingenious and clever ways to upgrade communications and transport of data, reliable mainstream products designed to meet this challenge head-on. There are solutions aimed at allowing you to use current IT and Internet of Things (IoT) apps and functionality. However, there are also quite a number of technology partners able help make the leap from analogue to digital using existing pathways. The bottom line: Define your parameters, select your partners and engage companies with a history of legacy migration and thought leadership. They are most likely to produce the best results and allow you to leave behind the legacy you want to be associated with.
ASIS International, the world’s largest association for security management professionals, has announced that Richard E. Chase, CPP, PCI, PSP, will serve as its 2018 president. Chase will be the Society’s 63rd president, succeeding Thomas J. Langer, CPP, who will serve as 2018 chairman of the board. In addition, at the society’s annual conference, Sept. 25-28 in Dallas, TX, the results of the recent board election were announced. Members re-elected incumbents Jaime P. Owens, CPP, and John A. Petruzzi, CPP, and elected Ann Trinca, CPP, PCI, PSP and Darren Nielsen, CPP, PCI, PSP to the 17-member board. “These individuals bring a deep commitment to the Society, as well as diverse professional expertise to their leadership roles” said Peter J. O’Neil, CAE, chief executive officer, ASIS International. “Their varied perspectives will ensure ASIS is well-positioned to meet the needs of our global membership.” The 2018 ASIS International Board of Directors President: Richard E. Chase, CPP, PCI, PSP, Vice President Security, General Atomics, San Diego, California President-Elect: Christina Duffey, CPP, Senior Vice President-Regional Director, Midwest Operations, SOS Security, LLC, Phoenix, Arizona Treasurer: Godfried Hendriks, CPP, Managing Consultant, GOING Consultancy B.V., Alkmaar, Netherlands Secretary: John A. Petruzzi, Jr., CPP, Vice President, Integrated Security Solutions, G4S North America and Technology, New York, New York Chairman of the Board: Thomas J. Langer, CPP, Vice President Security, BAE Systems, Arlington, Virginia Charles E. “Chuck” Andrews, CPP, Chairman of the Board, Friends of Chuck, Houston, Texas Howard J. Belfor, CPP, President, Belfor & Associates, Black Mountain, NC Michael R. Bouchard, CPP, Chief Security Officer, Janus Global Operations, Inc., Vienna, Virginia Gail M. Essen, CPP, PSP, President, Professional Security Advisors, Andover, Minnesota Radek Havlis, CPP, Central and Eastern Europe Regional Security Director, PricewaterhouseCoopers, Prague, Czech Republic Jeffrey J. Lee, CPP, Principal Consultant, Industrial Security Operations, Saudi Aramco, Dhahran, Saudi Arabia Richard F. “Rik” Lisko, CPP, Security Manager, North America & Latin America, Willis Watson Towers, Dallas, Texas Timothy McCreight, CPP, Director, Strategic Alliances, Hitachi Systems Security, Calgary, Canada Darren T. Nielsen, CPP, PCI, PSP, Manager, Physical & Cyber Security Audits & Investigations, Western Electricity Coordinating Council (WECC), Salt Lake City, Utah Jaime P. Owens, CPP, Security Branch Manager, Panama Canal, Panama City, Panama Malcolm C. Smith, CPP, Head of Risk Management, Qatar Museums Authority, Doha, Qatar Ann Trinca, CPP, PCI, PSP, Senior Vice President, SecTek, Reston, Virginia The office of the Secretary was filled through an election by the Board of Directors on September 25 at the ASIS International 63rd Annual Seminar and Exhibits in Dallas. The newly elected Board will assume their positions on January 1, 2018.
Observers say improved analytic technology and better support technologies are making video analytics effective Video analytics and biometrics entered the security technology market some years ago accompanied by great expectations. Both generally disappointed security directors and end users. Manufacturers oversold video analytics as a tool that could monitor video for hours on end without losing concentration — something human security officers couldn’t do. Analytics, they said, would detect and alarm on abandoned packages, a person running, a group chasing a person, the presence of people at locations where and when no one should be present and many other scenarios. Analytics, of course, didn’t perform as advertised. Today that is changing. Observers say improved analytic technology and, more importantly, better support technologies are making video analytics effective. The market has been slow to accept biometrics as well. Why would a security director spend the money when access cards and passwords could protect people and assets in an office building and information on a network? “Today, we’re seeing more and more end-users accept biometrics as a way of combatting widespread identity and verification fraud,” said consultant Howard J. Belfor, CPP, president of Belfor & Associates, LLC, Black Mountain, N.C. The video analytics comeback While manufacturers say that the algorithms that recognise activity patterns have improved in recent years, the key to the recent comeback of video analytics is improved supporting technology. “Video analytics did disappoint users for a while,” said Belfor. “Problems included camera limitations, inadequate memory, storage capacity and processing speed — the quality of the overall system. "We’re seeing more and more end-users accept biometrics as a way of combatting widespreadidentity and verification fraud" “Today, sophisticated megapixel cameras produce exceptionally clear images with detailed data that analytics can process more accurately. In addition, the processing and communications speed available in today’s networks are also helping to improve performance. “As a result of these improvements, I believe that we’ll see more rapid adoption of video analytics,” he said. Office buildings, business parks, educational campuses and other facilities that need to monitor hundreds of cameras may find that newly improved video analytics can provide valuable assistance. What about biometrics? The threat of identity theft and the arrival of new technologies that require ironclad identity verification have also increased acceptance of biometric technology by end users. “Take Apple Pay on your iPhone,” Belfor said. “By entering an iCloud password and your fingerprint, you can enroll in Apple Pay. Then you register your credit cards in the app. Now you can use your phone to charge purchases and leave your credit cards at home.” Belfor also noted that while biometric technologies have already moved into widespread use in global markets, the U.S. has been slow to accept the technology because of privacy concerns. It would seem that people don’t want the police or their employers to have copies of their fingerprints, handprints or other biometric identifiers. “The cultural aversion to privacy invasion is holding back the adoption of biometrics in the U.S.,” Belfor said. “It isn’t the technology. The technology is fine and getting better.” Some problems remain. Belfor noted that fingerprint biometric technology still suffers from misreads and a certain rejection rate. Hand recognition does work reliably, but the equipment is big and bulky. In addition, some people fear that touching handprint readers risks spreading germs. Finally, people don’t like looking into readers that use some eye-based biometrics. "The cultural aversion to privacy invasion is holding back the adoption of biometrics in the U.S" Emerging biometric technologies may solve some of these problems. Zwipe, a Norwegian company with U.S. offices in Palo Alto, Calif., has developed an access card that stores the user’s thumbprint. A user presents the card to a proximity reader, holding it with thumb and forefinger. The thumb rests on a reader in the card. A chip in the card compares the stored print with the one grasping the card. If they match, the door opens. It provides dual ID verification. There is no database of fingerprints to hack, and no one else can use the card if it is lost or stolen. Other new ideas include reader technology that measures blood flow through a finger and patterns of veins in the head. Of course, not everyone needs biometrics. Still the technology can improve access control for facilities that need to boost protections for people — perhaps the offices of a well-known but controversial company. Biometric technology can also tighten security for facilities that need to protect intellectual property — such as pharmaceutical research. According to Belfor, digital technology in general is improving across the board today. Security users are beginning to reap benefits from that in the form of more secure facilities and information networks — and there’s a lot more to come.