Sage Conversations: ASIS 2012 in Review

Sept. 12, 2012
Why the business of security is the business

ASIS 2012 has attracted diverse elements of the market to this year's event in Philadelphia. I have spoken to the risk and security consulting community, integrators, and product technology vendors as well as Private Equity and venture capitalists. The end users I have spoken with come from government, retail, healthcare, bio-tech and telecom, and from our discussions, we are in a transitional state of the security industry. The five following elements are reflections of that transition:

1. The Cloud Is Coming
I am using the future tense because the ecosystem around this inflection point has not congealed. First, the technology vendors have not been able to convince the channel (the integrators) of the value proposition to them, nor have they provided the tools to adjust their business models. Second, the end user is still attempting to define what William Plante, the executive in charge of professional services for Aronson Security Group, would call "The Custody of Data." Who is going to guarantee the data communication, management of storage of my mission-critical risk, resilience and operational data?

2. The Burden Of Our Legacy
For an industry that was closely connected to the construction industry, transitioning to the information technology age of security and redefining the business model for the ecosystem has been a challenge. At ASIS 2012, I met an executive from the information systems division of a major global organization who expressed frustration at the lack of understanding of an architecture that would capture data once and replicate it through digital workflows and repurpose critical data elements through all information forms needed. "All I see are devices and 'platforms' but many of the devices seem 'me-too' and many of the platforms are just complex and expensive middleware."

3. Network Intelligence and Network Operations
It is imperative that integrators learn to leverage the network to bridge the IT and physical security departments. Not only must this be done to create credible solutions that IT will accept, but it will help drive innovative solutions that will increase the bandwidth, mitigate risk, and increase availability in much the same was as other 'mission-critical' systems. One integrator, for example, has developed a service that monitors all the devices managed by a physical access control application to determine false positives and performance/maintenance issues. Another supplier is doing the same for enterprise video implementations.

4. Analytics
Organizations apply analytics to data sets all the time. They use analytics to understand emerging business models, trends and patterns. But for some reason, what should be an explosive industry in risk and security operations has not developed. One form of analytics, video analytics, is a potential cross-over technology for physical security and many business applications. We keep waiting for either the technology to mature or the application of the technology to mature, but as the director of engineering of a top-tier integrator told me: "it should be exploding and it isn't."

5. The Business of Security Is the Business
As I interview various vendor executives and their clients, it is apparent to me that many in this industry seem to be waiting for a client to invest in and mature their practices. It seems this is an industry ripe for investment capital around a new model that features services that connect products and services within the value stream. Remember, security is mission critical. It is our job to prove it.

Final points and quick-bites from around the show:

New entrants exhibiting at the show include General Dynamics with a new approach to working with the risk consulting community to design an operations center architecture and, if needed, provide simulation, training and after market operational support.

I am seeing commercial-off-the-shelf (COTS) implementation of information systems for security operations that do not rely on much of the code needed to design the infrastructure component from the ground up. Look at the team from OR3M for an interesting implementation of a Microsoft SharePoint based GSOC.

Look at cameras from Intelligent Security Designs. Disguised as a camera, it may become the next cloud ready edge device that takes video management to the next level.