PSIM evolution mirrors change in enterprise risk assignment

April 15, 2016
Enterprise organizations understand that the collection and analysis of business information also mitigates risk

Perhaps no technology solution on today’s market better illustrates how much more evolved the world of mitigating risk is now compared to just a decade ago than that of the PSIM. Global expansion of business, along with socio-economic upheavals that are a reality in the new century have forced the hand of most security directors to move off their traditional reactive stance into a more proactive approach that focuses on defining and understanding the Concept of Operations (Con-Ops) and business needs that are critical for reducing or mitigating risk and defining a better business process.

Making disparate systems work in unison and making sense of huge chunks of metadata requires a category of software that allows for single platform auditing and reporting. So it was the job of middleware developers to integrate these standalone security applications and devices through one comprehensive user interface. Early on it was the Video Management Systems (VMS) software that served as this information aggregator, but as the data and information need progressed beyond simple video surveillance and analytics to much more of a situational awareness and business management tool, the PSIM became commonplace in enterprise-type organizations.

However, as facility and security systems migrate to higher levels of IP-centric interfacing, the advancement of even more complex information management options are hovering on the horizon according to some industry tech leaders.

James Chong, one of the founding fathers of the PSIM movement back in the early and mid-2000s, certainly expects to see the fundamental change in the way users perceive and actually employ PSIM-type solutions in the near future. As Founder and CEO of Vidsys, a leading software developer for security information management applications, Chong has moved away from the term PSIM to something that encompasses his solution’s full capabilities.

“In today’s lingo and perception of PSIM, we feel it doesn’t do justice to where the solution is evolving.  PSIM has never been the end-game of where we were taking the concept or the vision of this solution,” said Chong in an interview at last week’s ISC West event in Las Vegas. “Before 2010 or so, VMS and access control players were saying that it (PSIM) was not a real category but more of a vision.  Today if you ask almost any security professional if they are familiar with PSIM you will have more than 90 percent say yes. Now that is not to say that people don’t have a lot of various opinions about PSIMs, but there is no denying the category is established and accepted.”

That being said, Chong and his team have taken the next step in the PSIM-concept evolution. He insisted that it has been the plan all along to reach beyond the traditional PSIM solution that is recognized today and take that next step into full management functionality.

“The concept of the CSIM – which is converged security that takes into account cyber, IT, physical and electronic security – is not just limited to physical security or video and controls for access, but is a much broader solution.  In order to realize the CSIM solution for converged security, two things needed to happen; one was the migration of IT into the physical space, and that has occurred, the other was a shift in the way people viewed security,” Chong insisted. “Once the concept of security moved passed guard, guns, access cards, and cameras, you had to assess your security needs based on risk. If you have a cyber or IT security threat and you haven’t taken steps to mitigate that risk, all those cameras you have deployed throughout the city are not secured. So the concept of a converged security solution requires an understanding of the cyber side of risk and that your threats are broader than just physical intrusions or attacks. Being able to assess and react to this convergence of both cyber and physical threat is what the concept of the CSIM is about. It is the next step in business intelligence management.”

He added that CSIM software is a force multiplier especially for organizations with a large physical footprint because the software geospatially aligns information and assets into a single user interface.  CSIM has five core areas of functionality: it collects, analyzes, verifies, resolves and tracks information.  Its rules engine and workflow tools give management the ability to pre-determine what data should be correlated and what should be filtered out. CSIM software uses filtering rules based on time, location, duration, frequency and type.

“We are pushing the information management side of this solution even more aggressively. These concepts have nothing to do with physical security; things like business process, efficiency, building automation, life safety, SCADA systems – systems and processes that are metrics for to actually run businesses. So this is an evolution plan from the origins of the basic PSIM approach. This is our roadmap and I’m not sure how our competitive set will respond,” said Chong.

Technology evolution takes many iterations according to Chong.  He sees that the technology developments in the IT space and in general are much more capable of handling and processing the influx of data and information than it was just 5 years ago.

“Now you add other factors like mobility, social media, and organizational convergence, we have moved far beyond simple technology solutions. Risk is now being assessed and assigned from the top down and the culture of organizational risk is being embraced by most C-level executives,” concluded Chong.

About the Author:

Steve Lasky is the editorial director of SouthComm Security Media, which includes He is also the conference director for the Secured Cities conference. He is an ASIS member and a 30-year veteran of the security industry.