A major shift has occurred in security technology development, and nothing in the security industry’s history to date has prepared practitioners to deal with it. Approaching today’s and tomorrow’s technology with yesterday’s thinking results in wasted money, wasted effort and an inadequate response to the changing risk picture. Especially in today’s economic and business climates, that’s an unacceptable situation for any company’s security function.
An informal survey of security practitioners about this article’s title — System Life Cycle Planning — found most practitioners asking how this differed from what they already do for annual maintenance planning. That difference — and it is major — is the subject of this article.
The shift in technology development is the result of digital computing, networking and communications technologies being incorporated into physical security systems, and new systems being developed based on technology capabilities that did not exist even five years ago. Some product life cycles are becoming as short as two years. New technologies are being developed every year and digital technology trends continue to shorten the pace of new product introductions. This accelerating trend, of which security technology is now a part, is depicted in the Technology Timeline.
To maintain effective security, security practitioners must radically alter their approaches to procuring and managing technology, starting now. It is not a matter of choice, unless the choice is to choose another profession, or to delegate technology planning and management.
Note the significant change in the Figure 1 timeline as of the year 2000. The Y2K projects of many companies included widespread upgrades and expansions to corporate networks, and the globalization of separated local area networks. This enabled a major acceleration of network-related technology development and adoption from this point on. Security technology advancement is part of this trend.
There is one caveat: this is not “just an IT thing.” It is not solely a matter of getting up to speed on IP-based technologies and networking. Effective deployment of security technology now requires:
• previous technical knowledge;
• previous risk and security operations knowledge;
• new IT technical knowledge;
• a deeper understanding of your organization’s security risk picture; and
• new perspectives, strategies and practices for technology planning and adoption.
The last two elements are new and must be obtained relative to the new technology shift.
Security, computer and network technology can do far more than they used to. But to obtain their beneficial use requires both a deeper understanding of the security risk picture of the business, and a technology approach that enables you to adapt your security technology to the risk picture on an ongoing basis.
The basic situation is that all technology is changing more rapidly. The world — and that includes business — is changing more rapidly as a result. This means that the security function has to be far more aware and adaptable that it has been in the past. New technology can help the security function in its advancement; thus, for practitioners, understanding the role of system life cycle planning is vital.
System life cycle planning is technology planning that takes into account the requirements for purchasing, installing, managing, operating and retiring products and systems throughout their useful life, as well as the technology value relative to current organizational needs and opportunities, and newer technology.
Research for this article found that some leading practitioners, who were more advanced in their implementations of digital security technology, had collaborated with IT and implemented life cycle planning according to existing IT standards. (See our example IT policy: Example PC Life Cycle Management Policy (PDF file)).