Those who specify and purchase applications, including VMS, PSIM and access control, need to have a thorough understanding of the steps vendors are taking to maintain the integrity of their applications. Are these applications as robust as the devices they access and manage? Further, security features of an end-device may be rendered less useful, or even useless, without tight integration with the head-end software managing them. That's a challenge when systems are provisioned from different manufacturers and selected solely on feature sets related to physical security. Vendors who integrate well with others to provide robust end-to-end security are acting in the best interest of their customers and doing the industry a valuable service. They deserve to win.
If applications and services such as remote storage are being provisioned through the cloud, do not take security as a given. Cloud computing providers expose their own Application Programming Interfaces (APIs) for clients to interface with their services and may have security vulnerabilities.
The Cloud Security Alliance recommends strong compartmentalization to "ensure that individual customers do not impact the operations of other tenants running on the same cloud provider." Ask tough questions of your application provider, including security requirements for network access. Also, a disaster recovery plan should be in place to allow critical applications and services to continue in a transparent fashion. Adequate back-up server capacity and bandwidth should also be provided.
Although choices are extremely limited in networking certifications for physical security, the CISSP (Certified Information Systems Security Professional) is one to consider. It hits on many of the topics I have mentioned here and provides a basis for providing network security for physical security, and vice versa.
Ray Coulombe is founder of SecuritySpecifiers.com, the industry's largest searchable database of specifiers in the physical security and ITS markets. He is also Principal Consultant for Gilwell Technology Services. He can be reached at firstname.lastname@example.org or through LinkedIn.