Due Diligence for Deploying Wireless Technologies

Aug. 19, 2015
Wireless offers cost effective options for deployment and serviceability

Wireless technology is here to stay, and its applications for physical security will continue to expand. The questions that we need to be asking ourselves are “how reliable are these wireless components?”; “what can I do better today by deploying a wireless solution?” and “how do I ensure my infrastructure is prepared for wireless and how does it need to be managed and maintained over time?”

It goes without saying that every organization is unique. The process of protecting assets is ever-changing as threats and risk factors evolve continuously. The general benefit to wireless technology is the potential to achieve a set of objectives with a “cost-effective” solution through the reduction or elimination of cabling creating a significant cost savings upfront in the procurement/installation phase. Additional benefits vary by product and application.

So whether an organization is looking to update or retrofit a system with some additional technology or is breaking ground on a new facility, wireless technology should be considered.

The key to designing any effective security system is to start with the basics: conducting a proper risk assessment and developing a security program. Risk assessments are more than a typical security survey. The process of identifying assets, threats, vulnerabilities and an incident’s potential impact needs to be done thoroughly by an experienced professional who may work either inside or outside of the organization. Once that has been done and the report has been reviewed an effective security program can be developed. This involves standardizing security and operational processes and procedures, and determining staffing requirements to align with the objectives of the organization.

After a thorough risk assessment has been conducted the next step is to identify opportunities to leverage technology as a workforce multiplier, to expedite breach detection and incident response, or to create new methods for maintaining compliance and operational efficiencies. It is all too common for an organization to establish a security program and then use it for several years without reviewing its efficacy and the evolving risks. With more and more technology being connected to the network it is crucial that not only the systems are kept up-to-date and properly maintained, but that the security program be reviewed on a regular basis. Failing to continuously identify and mitigate new threats and vulnerabilities can have disastrous effects on an organization.

It is equally important that the Information Technology and/or Information Security Team be involved in this phase. Vulnerabilities in a wireless network need to be identified both from a threat and performance perspective. Wireless technology requires environmental readiness and engaging the IT stakeholders early on can help avoid issues with cyber security concerns, bandwidth utilization or even interference with other wireless devices.

The business decision to utilize a wireless system is much like any other investment. Determining the return on investment (ROI) for this is not as simple as finding the cost difference from acquiring and installing a wireless system as compared to a traditional, wired system. The ongoing management of wireless devices can require more maintenance and attention in the long run. The key to making a good investment is to identify all the ways the wireless solution can create efficiencies or reduce costs up front, while also factoring in the total cost of ownership (TCO).

Vetting a new technology requires research and investigation from three perspectives: physical security application, network infrastructure impact and cyber security requirements. In order to conduct a thorough evaluation, collaboration is essential with all internal stakeholders to determine the required levels of cyber-defense within the product itself and how the network infrastructure can be modified to enhance the corresponding network security program.  References should always be used to discover how other organizations similar to yours have deployed the solution and how it has performed.

Not only should an organization properly vet a product, but vetting the potential relationship with a manufacturer is also very important. The manufacturers who educate the industry on the immediate implications and long-term management requirements of deploying their product are generally the ones with the strongest ongoing customer support. Similarly, the manufacturer’s willingness to understand an organization’s unique set of security requirements is more likely to be a valuable partner throughout the design, implementation and ongoing operation processes.

It used to be that wireless was thought of as city-wide mesh systems designed for connecting authorities with public facilities, roadways, etc. Now when referring to wireless technology it can include a vast array of:  edge components, mobile command and control systems, mobile monitoring systems, video surveillance cameras and communications infrastructure. Determining the types of wireless technology to deploy should always be based on the risk assessment and identifying appropriate counter measures to the risks.

The reliability of a product that is somewhere between the bleeding edge and leading edge of technology evolution is often unknown. Wireless is no different. Just like every organization has its own set of requirements, the same goes for networks and the physical layout of the facility. This is where partnerships between end-user, integrator and the manufacturer(s) become critical.

It is best to identify the integrator’s experience and comfort-level with wireless technology early on in the due diligence process. Their ability to design a system with wireless components can determine whether or not the implementation is a success. When an organization is pursuing a wireless solution, the starting point is to invite the integrator to conduct a security survey onsite and identify the locations where the technology is to be used and how it ties into the organization’s security program and business operations. Questioning the integrator early in the process about their level of training both in the product line and on wireless networks can avoid costly mistakes.

If your integrator has brought the concept of a wireless solution to you, do the same. Charge them with the responsibility to identify the pros and cons of wireless versus traditional wired solutions.

Once they’ve established a familiarity with the project, engage your IT stakeholders right away. Allow your IT staff to help you determine the required level of technical competency and support expected from the integrator. When interviewing an integrator, it is best to have IT take part in the conversation to verify that their degree of experience and knowledge satisfies the pre-determined set of requirements.

If you have trouble identifying an integrator who can help you meet the requirements for your project ask the manufacturer. It is in the best interest of the manufacturer to have their most competent integrator/dealer perform the installation to ensure their product is being used properly, that the expectations for performance are reasonable, and to have a track record of success.

The system design, installation and initial testing are where the skills of the integrator and the product readiness for the site-specific application become apparent.   It is in this phase that the skills of your integrator and IT department must complement one another for a successful outcome. 

In addition to the functionality of the system, being prepared to use it as intended is crucial. Identify who is responsible for the ongoing maintenance of the system. Is it your team of operators, your IT administrators, your integrator or even the manufacturer who is going to take the lead when updates are required or the system goes down?

Establishing a life-cycle management program can greatly enhance the performance of the system while mitigating risk and reducing exposure for the organization. This is because a proper life-cycle management program is proactive, just as maintenance should be in a computing environment. Waiting for a reason to place a service call means waiting for system failure. The traditional Time & Materials service model is risky with any system, but particularly wireless systems. Proactive testing, auditing and updating can alert you and your integrator of potential points of failure. Knowing the status of the system at all times can prevent outages and address issues before they become problematic.

Like any technology, there is a formula for mean-time-to-failure (MTTF). Awareness of the component’s MTTF can help you with long-term maintenance strategies and budgeting. Asking the manufacturer about the product’s MTTF upfront helps determine whether that product is the best choice or not from a cost-performance standpoint. There are factors and variables based on the environment where the technology is being used that may affect its overall performance. In some cases it is necessary to engage the manufacturer, the integrator and all organizational stakeholders in a site walk to identify any potential performance hindrances.

The integrations that tie into the wireless technologies also need to be treated with the same amount of attention as the wireless system itself. Research ahead of time what integrations are available with the solutions you are considering and plan for the next several years. If you have an enterprise access control system that is approaching end-of-life, perhaps you should investigate a wireless technology that integrates with the system in use today and with the system you plan on using in the future.

Performing the proper due diligence prior to engaging in a wireless project is just as critical as any other security project, however, the added complexity of the technology and the required skillset to design, install, operate and maintain the system can be a blind spot for many organizations. There is an ongoing accountability with the manufacturer, the integrator, and the end-user to properly utilize these systems and leverage the technology for the reasons identified in the beginning, however, it is primarily the security director’s credibility that is at stake. Research and education go a long way but ensuring that the right partners are involved early on is critical.

About the Author:

Wayne Smith is Vice President of Sales & Professional Services for Tech Systems, Inc.  In his role, Smith leads this team in providing network and converged security solutions to Fortune 500 companies. He provides clients and prospects with the essential information, technology, and training to manage the ever-increasing convergence of logical and physical security solutions. Smith currently holds the following certifications; Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM), ASIS International Certified Protection Professional (CPP).

Mr. Smith has over 25 years’ experience in the IT and physical security related fields. Smith was a Military Police Officer with the United States Army. Smith received his Bachelor’s degree from Columbus State University and his MBA from Kennesaw State University.