SecurityInfoWatch.com Blogs

Last week Warren Simonsen, vice president operations, SimonsVoss Inc., came down from Milwaukee to visit our office here in Chicagoland.  SimonsVoss makes door handles with electronic locks.  The company is based out of Germany and has solid roots in the European market. (For example, the impressive Allianz Arena in Munich, Germany, where many World Cup soccer games and festivities were held, uses SimonsVoss products throughout).  Now the company is trying to get established in the U.S.

Simonsen gave a demo and presentation of the SimonsVoss SV1 lock that they hope to introduce to the U.S. market in October.  He explained the product as being the middle ground between mechanical door handle locks and full-fledged access control systems.  The SV1 would be more secure than mechanical locks and look nicer than having an external smart card reader.  As he puts it, “We actually have a door handle that looks nice and functions well.”   

There will be two different types of active transponders available for the SV1.  One will be a push-button and the other will be biometric.  Simonsen says that one challenge he faces is getting locksmiths and security dealers to see that the product really is as simple as it looks.  The locking mechanism is inside the handle, and there are “no holes to drill, no wires to pull, no switches to set.”  Believe it or not, it’s all in the handle.

In Europe, Simonsen says that SimonsVoss products have sold much better to locksmiths than to security dealers.  So far in the U.S. he has found that dealers are still hesitant to sell SV1 because it’s less money than the access control systems they’re already installing.  However, Simonsen is working to help them find untapped “new markets” of people who aren’t willing to pay for a top-of-the-line access control system but still want something better than mechanical locks.

You can read more about SV1 here.  As a security dealer or integrator, what’s your take?  Do you see a potentially profitable market for you here? 

-Greg

Earlier this week we published an interview with Steve Collen of Cisco, and judging by the number of your fellow readers who have loaded this article, we really struck a chord. Interestingly enough, just a day after we published that, we got wind that IBM had acquired Internet Security Systems. Now while the ISS acquisition may seem a bit unrelated to those of you selling and working with physical security systems, a side note to the whole IBM acquisition story was that about a month ago, IBM slipped under the radar of the news media and acquired a company called MRO Software.

Now, don’t be puzzled if you haven’t heard much about MRO Software; neither had many in the industry. A little research into MRO explains that they are a company that creates enterprise asset management software which works for both physical assets and IT assets. IBM obviously isn’t brand new to security. As IBM’s Val Rahmani, general manager of infrastructure management services, the acquisition of ISS was an IBM security expansion, not a new initiative. However, now that IBM has pulled together an asset management company and a full-fledged IT security managed security services company, it’s pretty clear that IBM could be well positioned to be a player in converged security. That convergence may be focused on network security and risk management and compliance, but it’s interesting to see similarities to Cisco, which has gone after a converged security approach, albeit more of a hardware-focused solution.

(The above section was excerpted from my weekly column/newsletter - “The Security Week that Was” — to read more of the column, use this link: http://www.securityinfowatch.com/online/The-Latest/The-Security-Week-That-Was–A-Recap—Aug.-19-25–2006/9090SIW306.

Thanks for popping in to read the first post on my blog. I’m the behind-the-scenes gal on Security Technology & Design. Many of you know Steve Lasky, our editor, from his monthly editorial, The Front Page. I’m hoping to use this space as my own little Front Page, a place to discuss thoughts about security and the industry that don’t always fit in the pages of the magazine. For my inaugural post, a brief observation about retail security in practice.

Not far from my house, there’s a box store—one of those giants of retail industry that sells peanuts by the gallon and toilet paper by the cartful. Recently, this store implemented self checkout stations where its “10 or less” aisles used to be. I was ecstatic. I do a lot of shopping at this place, often stopping in for just a couple of things, and I’d always seen the self checkout as a way to turbo charge an otherwise boring and irritating trip through the cashier’s line.

At first, it was like a honeymoon. I’d pop into the store on a whim, pick up an item or two, whiz through the line and be on my way. But it wasn’t long before things began to change. I got to the store one Friday evening and the lines for self checkout extended out into the main aisle. I wondered if Friday was the universal night for technophobes to slowly and deliberately face their fears, but then I looked around and noticed that only two of the normal cashier lines were open, and their lines were also winding out into the aisles.

It took nearly 20 minutes to get through the self checkout. When I finally turned to leave, with my three items in their bag, I noticed that there was only one employee stationed in the entire self checkout bank. Eight registers, one employee.

The store only had to pay three cashiers for the evening. But they lost some customers who decided they would rather go someplace else than wait in these lines. And they certainly compromised their security.

The single employee supervising the self checkout lines was overwhelmed—running this way and that to check an ID for an alcohol purchase here, help a confused customer over there, log in to override a purchase here, call a manager for assistance over there. This employee had no time to watch for customers who may be leaving items in their carts without scanning them. Even if she hadn’t been overwhelmed, she couldn’t have easily kept track of the motions of all the people at eight registers. What’s more, the employees who man the door of the store to check receipts against cart contents were nowhere to be seen.

There are great technologies out there for every industry that can help a business save plenty of money. It’s smart business to use self checkout to decrease manpower costs. But in every industry, common sense has to play a part in technology implementations. We’ve said it again and again: Technology will not do its job unless it’s followed up with solid process and training. This is true specifically in security as well. The shiny new surveillance system isn’t worth a dime if no one’s paying attention to the monitors, or if you can’t locate an incident in your recorded archives. The smart card reader alone doesn’t stand a chance against a door prop.

Heading into the office this morning I had the radio tuned to my favorite Atlanta talk show. Since I don’t drink coffee, talk radio is my system’s morning jolt. Lo and behold half way up GA 400 the lightening struck.

New Orleans Mayor Ray Nagin was in the house, which is always entertaining since everytime he speaks he steps in a pile of it. The station was replaying his comments from a national TV show where Nagin was asked about delays in rebuilding New Orleans during the year following Hurricane Katrina. Nagin immediately goes on the defensive and attacks efforts to redevelop the World Trade Center site.

When a correspondent for the CBS news show “60 Minutes” chided Nagin about all the flood-damaged cars abandoned on New Orleans city streets, the witty Nagin quickly retorted, “You guys in New York can’t get a hole in the ground fixed, and it’s five years later. So let’s be fair.”

OK, so you tell me where the connect is here. One has nothing to do with the other. The fact that a large portion of the disaster and lack of prepardedness for the New Orleans tragedy can be directly laid at the feet of the Nagin’s inept city government seems to be washed under the levee as so many tons of silt. The fact that Nagin’s “chocolate city” is still mostly residing in other areas around the South like Atlanta, Houston and Memphis, should clue Nagin in to how much confidence his former citizens have in his leadership.

I lived in the New Orleans area for close to 3 years when I was going to grad school back in the late 1970s. It was a fun and lively place to be. What was New Orleans has turned into a cesspool of crime and corruption that has to be, in some part, blamed on the city government’s incompetence or worse. Everyone knew the levees would not hold. Everyone knew Nagin had no gameplan for a major hurricane. Everyone knew that this city was a disaster waiting to happen.

Now it seems every time Nagin opens his mouth New Orleans relives another embarrassing chapter. The people who reelected Nagin earlier this year are getting just what they deserve. Unfortunately, like the tragedy that was Katrina, his verbal fallout is claiming innocent victims. Every word he utters diminishes the greatness that was once New Orleans. How long are the people of the Crecent City keep to give Nagin a free pass?

Here in the metro Atlanta area where the SecurityInfoWatch.com offices are, we’ve got a few big security players, like Videolarm and Vistacape, but on the IT security side, none are bigger than Internet Security Systems, better known as ISS.

This morning, as I walked in the door, I took a call from IBM’s public relations department asking me to join them on a call discussing how they plan to acquire ISS. Three hours later, I was on the call with Tom Newnan of ISS and IBM’s Val Rahmani, plus a pack of other news hounds.

Now, our industry, being largely focused on physical security systems (but with obvious overtures to IT security), may not pay great attention to the buys and sells of the IT world, but it should, and her’s why:

–For one, IBM earlier bought a company called MRO Software. While MRO’s website makes it difficult to understand what the company does, the best way to summarize is that the company develops systems to help businesses protect and track physical assets as well as information assets.

–Secondly, IBM quietly has created the S3 architecture for managing video surveillance and video analytics.

–Thirdly, the insights of people like ISS’s Tom Noonan on security are applicable to our industry as well. During this morning’s press conference, Tom spoke about how security is often considered by the appliances and hardware devices on the network that filter traffic and threats. But with a hardware approach to security, says Tom, “How do you manage that?”

Instead of this hardware approach, he says, the model ISS and IBM are promoting is one of managed services, where businesses pay for IT security protection much like they pay for alarm system monitoring from the central station. Noonan also stressed how the IT security arena has — just like our physical security industry — been plagued by proprietary systems for security. His goal, he says, and IBM’s is to move to open systems and open platforms.

And the reason for this focus on IT security that businesses must make? Tom says that as the Internet developed, the number one promise to businesses is that it would help increase productivity. But today, says Noonan, “Productivity gains are being subsumed by today’s well-targeted attacks.” Yet again, it sounds a lot like the lessons that have to be learned in physical security and anti-terror we’re facing today.

See the full news story from the AP news service on our homepage or at this link.

Let’s get ready to rumble! As a huge boxing fan that still remains one of my favorite opening lines. I thought it only appropriate to use it as I launch my first blog. As a 20 year veteran of the security industry I have seen an evolution of both technology and culture. Today we are at a cross road that is not only influenced by the rapid progression of widgets, but increasingly by the myopic view of our nation’s politicians. In the coming weeks and months I will be sharing my opinions, views of the world and even some humorous insight into myriad topics not exclusive to security.

The bottom line here is we are looking to open an interactive discussion on issues and events that are shaping security policy and political agendas. You might not always like my views, but I will guarantee you an honest give-and-take and hope to get you talking back! We may not be able to solve all the world’s problems, but at least for me, I’ll feel a whole lot better just being able to shoot off my mouth in an open forum. Join the party and bring an opinion!

I spoke this morning with Steve Collen, the director of product marketing for Cisco. One of the things Steve and I spoke about was about “defragging the industry.”

Defragging is a term that computers use may know… it refers to the process of defragmenting a hard drive such that data storage is used optimally. The end result is that your hard drive spins to the data point in less time and space can be freed up.

 Cisco’s Collen and I were talking about how Cisco has between 60 and 80 percent of the networking solutions market, and how the physical security industry could use some of this defragging. One thing’s for sure, Cisco is not a sleeping giant in our industry. I anticipate some big news out of Cisco around ASIS…they were kind of quiet at ISC West, but Collen says not to expect that in the future. The company is poised to shake things up.

I just came across a great resource for those of you who are high-level end users needing to share information and receive information with your counterparts at the FBI — https://seern.usp3.org/

One of the cool things here is that with your membership you can receive a daily update of world situations…very useful if you’re overseeing security for a global or semi-global corporation. Today, for example, I see the note that in the Philippines, an organized gang has dressed as airport staff and been involved in on-airport-property robberies of travelers…Isn’t that something you’d want your employees to be aware of?

from last Friday…my column that appears as The Security Week That Was…

I was on the phone yesterday with Henri Nolin, CPP, who is one of the assistant chairpersons to ASIS International’s Transportation Security Council. Nolin, who works primarily with K-9 protection deployments for cruise ship screenings, is well connected in all areas of transportation security, and was telling me about an ASIS education conference he has planned for Chicago on Dec. 11-13 addressing “Trends in Transportation Security.” Nolin mentioned that one of the aspects that the conference addresses is suicide bombers.

“It’s not a question of whether suicide bombers will hit us in our own nation,” said Nolin, “because we already know they’re coming.”

Indeed they are coming, and maybe in stronger numbers than before. In the September 11th attacks, 19 men trained by Al Qaeda were believed to be directly involved, and yet in the plot that was unveiled yesterday from the UK, they’ve already arrested some 24 persons. Many experts are saying that this plot, which was uncovered based on arrests in Pakistan, would have been the next 9/11, and when you look at the scope and the seeming sophistication involved, that seems about right.

I also was on the phone yesterday with Lynn Mattice, the director of corporate security for Boston Scientific. Boston Scientific is in a unique position to feel the effects of global terrorism, said Mattice, because the healthcare products company is truly global in its operations; he estimated that some 30 percent of the company’s employees are outside of the U.S.

Mattice was discussing the company’s corporate travel security policies in light of the thwarted terror plot, and one thing he stressed was that security may mean some initial inconvenience to employees or customers, but that once people become accustomed to security measures, most are actually appreciative.

One aspect of the Boston Scientific security program is that employees traveling to at-risk areas will need to coordinate travel plans through senior managers and the security department, which means they can’t simply buy a ticket, jump on a plane and go. For the company’s business travelers, variations are not allowed from approved travel schedules to high-risk areas without additional review. And while that may seem to outsiders to be anything but convenient, Mattice says the company employees see it entirely differently.

“I have employees and spouses that come up to me when I’m at their locations or at company events, and they tell me how appreciative they are of the security program,” said Mattice. “They say thank you for protecting me, or thank you for protecting my spouse.”

Indeed, says William McGuire, an aviation security consultant and executive protection specialist, in today’s column on SecurityInfoWatch.com, some air security policies are outdated. In fact, you only have to look back to 1994 (12 years is really not that long ago) to find an earlier instance when a liquid explosive was used aboard an airliner. The flight was aboard a Philippine Airlines flight on Dec. 11 of that year, and a very small amount of liquid explosives was detonated under the seat of a passenger, killing the passenger. Fortunately the plane stayed aloft — it had 287 persons aboard.

For what do we owe the ability to carry liquids aboard planes in unchecked luggage since 1994? I’d venture to say it was “convenience” (and perhaps some lobbying that such a move would have hurt the air travel business). On this topic of convenience, I’m reminded of a discussion with Richard Raisler, the director of community-wide security for the Jewish Federation of Greater Atlanta following the attacks on the Seattle Federation. Raisler lamented that the easiest time to implement additional security is after an attack or the threat of attack. Indeed, he’s right — as yesterday’s ban of bottles from jets so acutely illustrates.

And maybe that points to a goal that all security managers should create — a goal to create higher levels of security (and to educate the customers or employees as to why you’re doing that) before the threat becomes real. In fact, to go back to the discussion with Boston Scientific CSO Lynn Mattice, the duty of a security director isn’t just protection from risk, but to educate employees and customers so they don’t put themselves at risk.

And once your employees and customers are educated about what security really is, they understand that they’re not losing convenience, they’re gaining freedom…like the freedom to move about on airlines that won’t blow up because a terrorist with liquid explosive made his way on board.

As a journalist, I’ve always been a bit perplexed by the idea of a blog. In the world of media, we called such things “columns” and we wrote them to fill the blank spots on the editorial pages of newspapers…but today, with the Internet’s changes, even a regular column doesn’t quite suffice to fill the need for informal writing where you can swing an axe at a variety of topics, have your thoughts up in 2 seconds, share comments with other readers, and accept the dose of criticism you’ve earned when your opinions aren’t shared by everyone.

So at long last, I’ve realized that it’s time to start blogging on the topic that I cover as editor of SecurityInfoWatch.com. That said, I welcome you to “The Security Check” — and this will be my place to juggle thoughts on security breaches, new technologies, industry news, discussions I’ve had and a whole lot more.

 A little about myself: I’ve been covering the security industry for over two years now, writing to an audience of alarm companies, security directors, product manufacturers and systems integrators. I get about every press release on security known to man. I came over from a background that included managing a magazine dealing with residential home construction and technology, and I’m an avid electronics geek who has built a couple computers and who likes playing with IP cameras.

I feel 10 years younger already just because I have a blog, and with that, I want to sign off my first post as I welcome you to portion of my brain that deals with security topics.