A holistic approach to security

Security is at the forefront of many executives’ minds, and to compound the issues the industry is undergoing a transformation - or what the industry pundits term as convergence. This article discusses the challenges presented by the convergence of physical security and IT and the benefits of a holistic approach.

What is meant by convergence? A quick Google search will give you a plethora of explanations, one of which fits the security convergence topic quite well:

“A coming together from different directions, especially a uniting or merging of groups or tendencies that were originally opposed or very different.”

There is now a need to think of security as an integral component of risk management, as a business imperative, not just a ‘have to have’, or a sunk cost. This means that business owners need to think laterally about the investment in security; how can the investment be leveraged in other areas such as employee benefits or occupational health and safety improvements. Businesses need to think about ownership and accountability - where before there were silos, now there needs to be a holistic approach.

Design of a security solution to address these issues requires a balancing act between safety and service, duty of care and regulatory compliance. No longer is security viewed as the sole responsibility of the security manager; it now warrants a more integrated approach incorporating more contemporary functions of planning, management and people-focused services. Security, along with safety and emergency management, should be a key consideration during the initial planning process to ensure that workflows are seamlessly integrated with technology to deliver the most cost-effective outcomes for the facility. It is important to work with organisations capable of delivering comprehensive and best-of-breed security solutions. This provides the benefits of accountability, risk mitigation and knowledge transfer not typically available from a multivendor approach.

From a technology perspective this has certain implications; where once it was common practice to purchase security systems based on their individual functionality - access control, CCTV, intrusion detection, perimeter detection, fire detection etc - without too much concern about their level of interoperability, there is now more of a need than ever to have these systems sharing data and integrating with the organisation’s standard operating procedures. The widespread adoption of internet protocol (IP) is helping deliver these outcome-based security solutions, both from an implementation standpoint where there is more of a ‘plug and play’ environment that often utilises the corporate network and from a process standpoint where backup, restoration and data storage now falls in line with IT practices. This convergence with IT can also simplify the installation process by removing the need to put in place disparate systems that each require their own dedicated infrastructure, instead taking advantage of the enterprise network, consolidating hardware and utilising open systems protocols to provide interoperability between systems.

This move towards security convergence is delivering some real benefits such as improved operational efficiencies, better risk management and reduced costs, and the investment is slowly becoming shared across the business as technologies such as number plate recognition and crowd monitoring are being used to enhance the customer experience.

• Centralised monitoring and control provides an enterprise view of the facility, simplifying incident management and reducing response times.
• Event-based automated workflows reduce the need for manual intervention, freeing up valuable resources.
• Early detection and notification of events enables the appropriate response to be taken in a time of crisis.
• Automated incident response enables fast restoration of normal business operations.
• Reduced capital costs are achieved through a converged ICT infrastructure resulting in lower hardware and cabling requirements.
• An open, futureproof system through the use of IP networking.
• Early identification of customers enables a personalised customer experience.

Prior to the onslaught of convergence, our technical experts also fell into their respective silos; network specialists, server specialists, application specialists, security installers, security guards, and the list goes on … Convergence means we need to revisit this traditional approach - we are now looking for technical experts with well-rounded experience that can demonstrate an appreciation of all aspects of security and how they impact the business. This requirement is recognised by our educational institutions with qualifications such as BSc Internetworking & Security Degree; Bachelor of Security Analysis being on offer. This, however, presents its own set of challenges.

Firstly, there is a time lag between school-leavers attending university and being employable. This means that we may need to upskill the workforce we currently have or look to engage specialist organisations capable of providing the broad range of skills required; many of the traditional physical security organisations have developed these skills as part of the rapid growth opportunities in their industry.

Then there is the remuneration debate. Again, our two ends of the security spectrum have historically had very disparate working conditions and pay structures. How does a company retain all the required skill sets and at the same time maintain equitable conditions for all involved. Creating a culture in which physical security and IT personnel work well together can be difficult; these staff often have different perspectives, priorities and reporting relationships. This factor alone suggests that a culture of corporate security management needs to be driven from the highest levels within the organisation, ideally with visibility and representation at board level.

For the individuals involved in, or looking to get involved in, the security industry, it is an exciting time. There are opportunities aplenty on the employment scene; there are new skills to learn and some large projects in the wind. The traditional physical security organisations have broadened their horizons and now look to include IT-skilled people when doing their recruitment; conversely, IT organisations are including what were traditionally physical security solutions such as IP CCTV in their portfolio.

All in all, there are clear benefits to be derived from an active, strategic approach to corporate security management and the implementation of a converged security infrastructure. Organisations can take a holistic view towards risk management and compliance while reaping the rewards of systems that have lower costs of administration and support. Those seeking to embark on such a strategy need to be clear on the outcomes expected and ensure that buy-in is gained at all levels; these strategies need to be closely aligned with business objectives and not be viewed as simply a security project. A phased approach should be taken and appropriate time allocated to the process. Key objectives should be set to measure the benefits of each stage as it is rolled out.

Security convergence is here, with all of its challenges and benefits as we have seen with other technologies like voice over IP (VoIP). How we reap the rewards both organisationally and individually is up to us.

*Michael Brookes is the Regional Leader of Marketing and Strategic Development for Honeywell Building Solutions in Australia and New Zealand. In this role, Brookes spends time analysing customers’ critical business requirements to ensure that Honeywell’s products and services are aligned to customer needs. In his 10 years at Honeywell, Brookes has covered a broad range of industries such as healthcare, industrial plants, airports, correctional and government facilities, and stadiums, where he has seen the application of integrated security solutions deliver demonstrable results to business. He has written a number of published thought leadership articles on security and has presented at various trade shows and conferences.