We are part of an era of technical innovation. After the wave of IP connectivity introductions in our industry which started around twenty years ago, it seems that we are surrounded by new technological possibilities that are impacting our industry already or may do so quite soon. Let’s review some of the ones that are mentioned often and that seem most relevant.
Believers and skeptics
If you hear about something new. Something great that will change the world for the better. If you hear many apparent reliable sources talk about it and endorsing the expected change. What do you do? Most people follow the progress that is made and expect big things to happen. And sometimes they do. And sometimes things just stay the same.
No, this is not about religion. It is rather about the religion of technological innovation. About how it promises to change the face of our industry. Any innovation needs believers. People that put their faith in that new technology. They initiate innovation and pursue it. They usually are confronted with counter-arguments by skeptics. People that do not see the value of the innovation that is presented.
The security industry by nature is a fairly conservative industry. Professionals whose job it is to mitigate security risks, are usually not the first ones to gamble on a new development. On the other hand, it is clear that our generation has to deal with security threats at a global and sometimes very sophisticated level. Innovation may be needed to deal with modern security threats. Let’s look at some current innovation themes from the perspective of believers and skeptics. Which innovation will disrupt or at least impact the security industry?
Cloud based security
Many companies today already use cloud based services to host office and line-of-business applications. They offer their staff access to data and applications from virtually any location with internet connectivity. Quite a few security vendors are offering cloud based access control and cloud based video surveillance systems that follow that same idea.
Believers say that these systems are easier to deploy and install. They require less maintenance. And the centralized service is more easily kept updated with security upgrades, which makes the topology also more secure and scalable than having a bunch of on-premise servers that are locally managed and hardly integrated.
Skeptics say that these topologies in general facilitate one massive single point of failure (the online security service) that is in addition controlled by one or more third parties. They also fear that the open nature makes their system more vulnerable to attacks.
Our prediction: the idea is not new and there are already a lot of successful installations. It looks like chances of continuity risks are less but the impact of incidents is much bigger. Conventional and cloud based topologies will co-exist but after a decade more than half of new security installations will follow a cloud based topology in one form or another.
IoT security topologies
The Internet of Things idea has been around for ages. It was predicted over a decade ago that billions of device will connect to the Internet. Sensors all around us will deliver data to the cloud. Feeding data into ‘big data’ processing applications that will give us acces to a wealth of information. Devices also connect the cloud. To be part of applications that can be used and managed from virtually any location.
The problem with IoT is that it certainly is happening. But probably not in the one type or form that people expected. Millions of smartphones connect to the Internet. Apps are used to build global communication and information and media sharing platforms. Loads of devices use 3G or 4G modems to deliver data to cloud based applications. Also battery operated sensors connect to cloud services using LoRA or NB-IoT networks to support sensor application in smart cities for parking guidance and enforcement. IoT is not one big magic IP network that connects all these billions of sensors and devices. It is a collection of hundreds of thousands of applications that all have one thing in common: devices or sensors somehow connect to a cloud based service that essentially can be accessed by its users with more or less standard Internet technology.
For security it would mean that it very much is related to cloud based security applications. The additional step here would be that camera’s, readers, intercoms, intrusion detection sensors and biometric stations would connect directly to the cloud based service. SecIndGroup.com vendor Akuvox for example is offering cloud based intercom solutions where the intercom stations and door phones would connect to the cloud directly. This topology is also already seen in video surveillance and access control. The middle layer of controllers and panels is no longer needed. Well designed devices can be used out-of-the-box and are pre-configured to connect to the cloud service. In some cases battery operated of self-charging devices may be used to get rid even of power cabling. Devices like door locks with integrated readers could be connecting to the cloud service using 5G networking.
Believers will say that we now finally can get rid of archaic networking protocols which are difficult and costly to install and have limited security measures. Installations would be easier and more scalable. Access control systems could be deployed at any door and still be real online access control systems. Video surveillance would be available at any location that would require security monitoring. Security sensors and devices can be rolled out everywhere.
Skeptics will say that there are bandwidth issues to be expected with serious video surveillance systems. They will also point out that hacking into one device would be sufficient to compromise security in all other devices. Dependency on network and cloud computing capacity providers does also seem undesirable. Especially in cases of incidents it may be unclear who is reponsible and liable for finding a solution quickly and limit consequential damages,
We predict that IoT topologies will become more and more popular. The perceived uptime ratio of network and software must be high enough and bandwidth must be sufficient. And, preferably, devices like RFID readers in the field must be capable to operate standalone (in a simplified mode) when their job is to provide access and the connection to the server is temporarily unavailable. In installations where security demands are high or where the required functionality is very specific (like for high secure entrances in banks), a layer of controllers will be necessary. Hybrid topologies might be the answer in these situations.
Converging information security and physical security seems a logical step in a time where security has become an important theme in corporate environments and physical security has a software layer available that is following IT standards to integrate with other systems. Physical Security Information Management Systems (PSIM) systems already combine several physical security systems (usually acces control, video surveillance and intrusion detection) in one user interface for common monitoring, administering and alarm handling tasks. Converging that with systems that deal with information security or hardware security systems seems logical. Vendors with solutions for this are available and have reported successful implementations, especially in large corporate environments.
Believers say that this integrated approach is what is needed to deal with modern security threats in organisations. Merging IT security and information security into one enterprise security system and organisation will be more effective from a security viewing point, it may also save costs.
Skeptics say that convergence is too complicated and time consuming and that physical security as an industry and profession is still very different from IT security.
We expect that for years to come IT security and physical security will be separate silos in most corporate environments. The biggest challenge here is not of a technical nature, but more of an organisational nature.
Smartphones and wearables
Using smartphones or other wearable devices in security has been a popular idea for many years. Smartphones and tablets often can be used to access the administration Interface (GUI) of the access control, video management or PSIM systems. That hardly is considered an innovation. Smartphones can also be used as virtual access control and identity cards in mobile acess systems. In addition it appears that also biometrics like facial recognition and fingerprint identification are now available on smartphones. It appears logical that smartphones with their native connectivity features are an interesting extension of security systems.
Believers say that people prefer carrying around their smartphone over additional cards. They refer to the technical possibilities that smartphones offer in areas like user convenience and integration of systems.
Skeptics claim that smartphones bring additional security threats and that smartphones require constant updating of firmware and software on devices and the phones to keep up with the latest models and technical standards (like BLE for example).
We expect smartphones will become part of security systems in many different forms. Mobile access is here to stay and more possibilites and features will become available for both users and administrators. Mobile access may bridge the gap between offline and online access control.
Video analytics and AI
Processing and analyzing video footage for security purposes has been popular for many years. It appears that in recent years the accuracy and reliability of video content analysis (VCA) software is much increased. Many vendors claim to utilize artificial intelligence to detect undesirable human behavior, identify faces and vehicles or profile people or situations. These applications are widely used in many situations, including cities and football stadiums.
Video cameras that are capable to identify people and vehicles (with ANPR) could replace other identification technology like RFID readers that are used to identify people and UHF readers that are used to identify vehicles.
Believers say that video analytics are offering all kinds of possibities to monitor situations and identify people, objects and vehicles. Video surveillance is already very popular in security. Video analytics can greatly increase safety and security in situations where many people or objects need to be followed. SecIndGroup.com vendor Tattile specializes in ANPR cameras and has released software onto its cameras that can identify and classify vehicles, but also can detect if a car is changing lane, driving in the wrong direction or stopping in a zone where it should keep moving. Systems like these help people actively monitor situations with many people or other objects.
Skeptics worry about accuracy and privacy. They claim that these systems intrude the lives of people too much and that abuse is hard to prevent. For that reason some city governments even self-imposed a ban on the use of facial recognition.
We expect video analytics to become the dominant technology in security. Video surveillance was already very popular. The enormous amounts of cameras that surround us are the undisputed proof of that. Viewing and interpreting all the footage that is generated is impossible to do well. Automated analytics will bring relief and increase safety amd security. Incident detection possibilities are endless and we predict impressive features will become available. But we also are certain about the continuation of the public privacy debate related to this technology.
Identity analytics and AI
A relatively new field in security is identity analytics. Seeing through identity and security related data in an automated way. To monitor use of access priviliges and consequently alter those access rights. The idea comes from the IT industry and that is where you will see it deployed mostly now. Recent research indicates that this is an emerging market with high anticipated growth potential. It would make sense to include physical security into these applications.
Believers will say that, like with video analytics, many more security related events can be actively monitored, more incidents can be detected and a tighter security regime can be implemented without hindering users unnecessarily.
Skeptics will say that implementation of these systems are costly and complicated. They may say this is another example of an IT-concept that promises much but delivers little.
It remains to be seen what the future will bring exactly. But intelligent security related data analytics certainly will have a place in modern enterprise security management applications.
One of the more recent hypes in technology is blockchain. Blockchain technology of course is used as the foundation for Bitcoin and other digital currency. The basic idea is that there is a public ledger that guarantees secure transactions. In essence it means that information about assets can be stored in a distributed wallet that can be accessed from anywhere. Assets can move from one wallet to another but transactions are always completed and secure, safeguarding the integrity of data. It is an alternative for traditional transactional database where information always is stored in one database that is managed by one authority. Current database applications are able to support large applications and support large volumes of database inserts, queries and events. But is impossible to guarantee that assets travel from one database to another while maintaining control over where the information is and who can acces it. Which is what is enabled by blockchain technology.
Believers think that blockchain can help put the users back in control over their personal data and who can access it. Users maintain their own personal with identity and security applications. Information is only shared with security systems with the consent of users. Access rights can be granted to users only when needed in locations and at times when needed. A very different approach from what we are used to today in security, identity management and access control.
Skeptics will say that the topology appears complicated and that it remains the question whether the security of blockchain technology will not be compromised. It is also the question whether users will be supportive of the app-based approach of most blockchain applications.
It seems certain however that privacy concerns will force us in the security industry to condider another model to store and process user related data. Maybe blockchain will bring us the model that will help het users back in control over their data.
So where do you stand?
So what is your position on these developments? Are you a believer or more of a skeptic? Which of these potentially change the face of our industry? Is there another innovative trend that deserves our attention?
Share your view underneath!