Technology Blinders

Many security practitioners have been asking if there are any special technologies that they should be paying attention to given the current economic climate and its impacts on corporate budgets, including security budgets. The answer is “Yes” — and includes both technologies and approaches to technology (including the February Convergence Q&A column on physical security infrastructure, and the related article in the March issue of STE). I will discuss some of technologies in the May column, after some in-depth ISC West follow-up. There are technologies, for instance, that can extend the useful life of existing systems and cabling infrastructure. Some technologies are force multipliers, allowing fewer people to do more. Some let you bridge from analog to IP on a very affordable, step-by-step basis.

However, before presenting answers of this variety, I think it is important to step back and take a look at the bigger picture. In an earlier issue of Security Technology & Design magazine, I wrote the following paragraph about technology blinders:

“It’s very important when engaging in security analysis, and when discussing security with people outside of Security and IT, that enthusiasm for new high-tech security systems and products doesn’t create blinders that keep low-tech solutions out of view. This is a risk for those in both IT and Security who are immersed in technology on a daily basis.”

Emil Marone, Chief Technology Officer of Henry Bros. Electronics, a large integrator headquartered in Fair Lawn, N.H., relates one situation where a client called him in to discuss a problem they were having with night intruders onto their property. The intruders would dress in black, and could not easily be seen against the black asphalt and dark grounds of the perimeter under the existing lighting. They were considering a new CCTV system that could “see in the dark,” and were also considering a complete renovation of their outdoor lighting. Both measures would be expensive and disruptive, but these improvements seemed to be needed to solve their problem.

“Once I had an understanding of the situation,” Marone says, “I advised against making either change. Cameras that can see in the dark won’t help the security officers on foot patrol, and there was a better solution available.” Marone suggested that they simply paint the grounds white on both sides of the perimeter fencing. Intruders dressed in black would be clearly visible. Even in white clothes they would still create obvious shadows under the existing lighting. It was a very inexpensive solution and was implemented immediately with great success. This approach enabled both the foot patrols and the personnel monitoring the CCTV images to see what they needed to see.

A broader aspect of technology blinders is the focus on technology solutions, while neglecting people and process solutions — which are often more quickly and easily implemented for little or no budgetary expense. With risks increasing due to the current economic situation, security programs must be updated using whatever resources can be put to use.

Impacts of Today’s Economics

Many companies are making reductions in head count in response to the need to cut expenses. This creates additional risks, including for property and information loss. Are exit and perimeter door cameras still functioning as intended, or has cleaning crew activity accidentally changed any fields of view? A quick review of camera focus, fields of view and scene lighting can identify issues that are easily corrected. Are property passes given the full scrutiny that they should receive, and checked against items being removed? What is the policy for the loss of company-owned laptop computers? Do exit interviews remind the departing employee of confidentiality requirements (with signature required)?

Can and does IT alert the Security department of an unusually high level of material copying activity? Is remote computer system access and after hours physical access suspended upon notice of termination, rather than after the employee has left? Are other appropriate security measures put in place?

IT departments are typically not set up to interview or brief employees, but Security and HR departments are. When the data access of departing employees is restricted, departing employees can ask colleagues to copy information for them. The favor is likely to be granted if the excuse for doing so seems reasonable — unless employees are briefed about this potential situation.

An updated protection strategy is required for both information systems and physical security during downsizing. A recent survey, conducted by the Ponemon Institute and sponsored by Symantec Corp., reveals that more than half of departing employees will steal corporate data. The study’s 24-page report, entitled “Data Loss Risks During Downsizing,” was published in February and is available at http://www.vontu.com/downloads/ponemon_09.asp (registration required). Security and HR practitioners, as well as management, need to be aware of this report’s contents and follow up to address the relevant risks.

New Question:

How is the current economic situation affecting your security budgets?

If you have experience that relates to this question, or have other convergence experience you want to share, e-mail your answer to me at [email protected] or call me at 949-831-6788. If you have a question you would like answered, I’d like to see it. We don’t need to reveal your name or company name in the column. I look forward to hearing from you!

Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities. Mr. Bernard has also provided pivotal strategic and technical advice in the security and building automation industries for more than 18 years. He is founder and publisher of The Security Minute 60-second newsletter (www.TheSecurityMinute.com). For more information about Ray Bernard and RBCS go to www.go-rbcs.com or call 949-831-6788.