Twelve Questions to ask your vendors at ISC West 2024

April 8, 2024
Asking the proper questions on the show floor will bring more insight and value to your ISC West experience.

Once again, this numbered list is actually a list of question topics, as many of the numbered entries have more than one question. Asking the proper questions on the show floor and at your meetings will bring more insight and value to your ISC West experience.

1. CYBERSECURITY. How is cybersecurity baked into new on-premises products and new product capabilities? Or do design consultants, integrators and end-users have to plan it out based on good written guidance, or work it out without guidance? For cloud offerings, how do you document your cloud application security?

Vendors should be able to point you specifically to such guidance, not just answer, “We have it.” The number of emerging cloud-based offerings continues to grow, and the importance of cybersecurity to physical security systems grows as well.

However, only one more security industry company so far has placed itself in the STAR Registry (Security Trust Assurance and Risk) of the Cloud Security Alliance: Brivo Systems was first, Eagle Eye Networks was second (see both at booth #20045) and now Alcatraz AI (in booth #31075 and 8 other booths/rooms) has joined them.

The registry reached over 1,000 entries by 2021, and it is a sad commentary on the physical security industry that it has only three companies participating in the program. How can a company assert that they have implemented cloud security well enough, if they can’t answer the 261 questions about their own cloud security implementation that more than 1,000 companies have already answered about theirs?

Can they really claim to be taking cloud security seriously enough, if they won’t take the time and effort to verify and document (at a high level) that they are covering all the bases?

2. WHAT IS TRULY INNOVATIVE, EVOLVED OR GAME-CHANGING? Practically every security industry incumbent will have “new and improved” versions of products or systems, and much of that will be around AI, integrations, and mobile and cloud capabilities.

Integrator dashboards are improving with increased usability – saving time and money. However – there will be game-changers, and the nature and scope of “as-a-service” offerings are beginning to change. A great example of this is Eagle Eye Networks. “Eagle Eye Complete” with minimal initial investment and lifetime repair and replace coverage for subscribers. Eagle Eye is truly prepared for an in-depth Total Cost of Ownership discussion, and downloadable documentation that will (in my opinion) show you how to approach accurate TCO calculation for any offering.

3. PRIVACY AND DATA GOVERNANCE. What support do your products provide for GDPR compliance?

The toughest privacy and data security law in the world is the European Union’s General Data Protection Regulation. In the U.S. regulations vary by state. Being GDPR compliant is a way to assure compliance that is sufficient for any U.S. state. For certain types of data, privacy protections include the ability to automatically anonymize the data before sharing or exporting it. Some privacy features are automated, some may be AI-based or non-AI analytics based (like face-blurring), and some require manual configuration.  

Privacy and data governance are business issues whose importance to security system deployments is increasing significantly, because of the rise in non-security business operations data generated by security system analytics and AI-enabled computer vision.

Some leading manufacturers have begun providing features that facilitate the proper handling of system data that have privacy considerations. Ask to see each privacy-compliance feature so you can determine how much configuration is required, and what data management processes you should have in place to support data privacy across all your physical security systems.

4. SECURITY OPERATIONS IMPROVEMENT. Before the show, consider what improvements you may want to look for. Where do you already see shortcomings in security effectiveness or operations efficiency? What product capabilities will help vastly improve one or more key aspects of security operations? Also, what kinds of data will be helpful to general facility operations?

Benjamin Crum, an architect and president of the Architectural Security design group, told me a few weeks ago that in the past year, and for the first time, IT service providers are asking him what kinds of data the physical security systems will be providing, such as data about day and time facility occupancy levels and facility usage trends. This is a rapidly growing proptech (property technology) building management trend.

For vendors the talk is usually about features and new things. Product improvements are only relevant if they help you significantly improve your security administration or security operations picture, and the improvement is worth more than the time, effort and cost to obtain it.

The story of AI-based analytics includes more than just improvement of previous capabilities, but also the addition of new kinds of data providing enhanced security intelligence and business intelligence. Thus, overall business operations value is a key factor in evaluating technology.

5. CLOUD CHARACTERISTICS. How specifically does your cloud-based offering make use of the six key characteristics of cloud computing?

This is not a new question. It is still surprising to me how many cloud services salespeople can’t answer that question! This can also have some application to on-premises equipment that is cloud-managed. Many of the emerging cloud offerings are applications hosted on a cloud server, and don’t give users the flexibility and capabilities provided by cloud computing capabilities.

Not surprisingly, both Brivo Systems and Eagle Eye Networks provide papers that document how they leverage cloud computing capabilities. Why do you think more cloud solution providers don’t do that?

6. RISK SCENARIOS. What types of end user risk scenarios do your new or improved features address?

Vendors should be able to describe the risk situations that new or improved features were designed to address. Before the new feature, how did things work? Now how will they work using the new feature? (booth # 28099) has taken the lead in this regard, as their AI computer vision capabilities are threat-signature based, and the number of threat signatures keeps increasing.

7. OPEN PLATFORM. Does the platform have an Open API -- meaning that it’s published online and freely available? What are some examples of its use?

Integration is now becoming one of the most important physical security technology capabilities. Think, “smart spaces” and “smart buildings.” See the Brivo 2024 Global Security Trends report. Some physical security system platforms are more “open” than others, and some APIs are more mature than others (a function of time and product advancement). Ask to hear about examples of how the API is used for systems integration. SoloInsight’s CloudGate platform (booth #30053) supports an amazing array of integrations across multiple brands of systems.  

8. ARTIFICIAL INTELLIGENCE (AI), MACHINE LEARNING (ML) and DEEP LEARNING (DL). Where does the AI software reside? What are the cloud computing and edge computing components? Who develops and improves the AI? Are patents involved, and if so, who owns them? Where does the AI data model reside – on-premises or in the cloud? Under what conditions could an on-premises data model be lost, resulting in AI learning having to start all over again.

AI is a rapidly advancing technology field, with very wide differences in the AI elements of AI-enabled physical security products.

9. AI TIME-TO-VALUE. At what point in the deployment timeline does an AI-enabled product achieve its full value? What are the timeframes for AI training and initial learning that enable it to be fully functional?

Over the past three years the time-to-value for a few of the leading AI offerings has dropped dramatically from months to weeks, and weeks to days. Ask about this at the Ambient AI booth.

10. DIGITAL CERTIFICATES. Do your products support customer-provided digital certificates?  How close to instantaneous is the certificate replacement process? How do you facilitate certificate management for large numbers of devices?

An increasing number of end-user organizations are requiring encryption and system device authentication utilize customer-provided digital certificates. Because these organizations typically act as their own Certificate Authority (CA), they can perform near-instant certificate replacement for their systems. End-user customers don’t have such control over vendor-provided certificates.

11. BODY-WORN TECHNOLOGY. How can we pilot the technology to understand the impacts of any system complexities, manual process or procedure requirements and the do’s and don’ts for individuals wearing the technology? How is data privacy accounted for? What are the care and maintenance requirements? Are live video streams available for sharing such as via WiFi, or is video only recorded? If sharable, exactly how does the sharing work?

Can the technology be used with cloud VMS systems as well as on-Premises systems?

12. WHAT PRODUCTS ARE THERE THAT ADD VALUE TO MY EXISTING PHYSICAL SECURITY SYSTEMS? This question is listed last, but it’s still a critically important one.

Check out SoloInsight’s CloudGate platform (booth #30053), mentioned above in question #6, because this platform’s purpose is to add value – especially manageability – to enterprise-scale deployments, regardless of how many types and brands of electronic physical security systems are involved.

In recent years enterprise caliber Long Range Ethernet (LRE) and Long-Range Power over Ethernet (LRPoE) networking technologies have arrived and provide benefits – especially for large-scale security system deployments – that are now more important than ever before.

See my articles on how E-Waste regulations and environmental impacts impact security network design, and how LRE/LRPoE technologies can reduce the cost of new security system networks and expansions to existing networks by 50% to 80%. For examples of the full range of enterprise-caliber LRE/LRPoE technology visit NVT Phybridge in booth #6050.

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities ( He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Download his just-released ground-breaking eBook titled, Future-Ready Network Design for Physical Security Systems.