Convergence Q&A: Security Product Life Cycle

Aug. 19, 2015
Security has traditionally been a corporate lone wolf

IT Departments have the purpose of providing the information technology required for the fulfillment of the organization’s mission. Some of the most valuable lessons learned in IT have been those that relate to the management of technology in support of that purpose.

Q:    What is product life cycle information and why is IT asking me about it for our security systems equipment?

A:    The life of a product begins when it is first introduced and ends when the manufacturer stops making it or stops supporting it. IT has to stay out in front of product obsolescence and new product introduction, or it could find itself unable to support the organization’s technology needs—including networking and other support for physical security systems technology.  

A little product life cycle planning can advance your security technology objectives more than you may think. Many Security departments take little advantage of the fact that IT has set precedents for the management and the advancement of technology on behalf of business objectives.

Become Part of a Bigger and Better Picture

Historically, Security has been on its own to get its technology funded and deployed. Now that physical security systems are IT systems, Security can often benefit by merging its technology planning with the larger strategies and initiatives of IT. Leading Security departments have already taken this approach. It is often only an incremental increase in cost to incorporate physical security technology improvements into appropriate IT initiatives, and doing so puts Security in the position of “going with the flow” instead of trying to make its own way in terms of project approvals and budgeting.

Physical security technology used to have 10-year and 15-year product life cycles. A camera would be installed and maintained until it failed completely, and would then be replaced. That approach is no longer sensible, given the rate of technology advancement and the degree to which still-working technology is made obsolete by new technology with a better price and performance picture. 

For IT departments, it is easy to see how maintaining existing technology can hold the organization back. That’s because it is easy for business people to envision how much better their areas could function and how much more they could do with current-day technology capabilities. These are common business discussions. However, if Security holds onto the organization’s risk profile and doesn’t share risk information and best practice needs with business decision-makers, the business won’t know when its security is being needlessly held back or negatively impacted by the continued use of outdated security technology. Often it is a significant security incident impact that call’s it to their attention.

This is why it is important to learn how IT approaches the refreshing and upgrading of systems technology to keep the business current. What technology strategies, policies and practices has the company already adopted that are also applicable to security technology? You won’t have an uphill battle if you seek to apply approaches that your own organization has already proven successful.

Video and Product Life Cycle

For example, when switching from DVRs to server-based video recording some years back, some organizations followed IT’s approach to technology planning. As part of the purchasing process, they defined a life cycle for the video storage system hard drives, and set a hard drive replacement schedule of three or four years. It was part of an approved technology plan and budgeting for the replacement of the drives became mostly a matter of schedule. One company I know replaced the video data storage hard drives at less than the original cost of the drives, and moved from 500 GB to 2 TB drives. This more than doubled the video retention period which allowed them to increase the quality of recorded video (higher video resolution and frame rates for recordings).

Technology changes a lot in just three or four years, and Security shouldn’t find itself blindsiding management by an unexpected request for a new technology expenditure, or by the sad discovery that—due to a lack of security planning—their video security system failed to capture critical incident information. Most organizations already have technology policies and practices in place that Security could benefit from, if only Security knew and understood them.

Write to Ray about this column at [email protected]. Ray Bernard, PSP, CHS-III is the author of the new book Security Technology Convergence Insights. He is also principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities. Ray is also a member of the Content Expert Faculty of the Security Executive Council ( For more information about Ray and RBCS go to or call 949-831-6788. Follow Ray on Twitter: @RayBernardRBCS

About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (, a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (

Follow him on LinkedIn:

Follow him on Twitter: @RayBernardRBCS.