Think Local and Global, Too
Convergence and Intelligence MonitoringWith an enterprise as large as Microsoft, monitoring and protecting assets around the world is a challenge. Traditional security strategies proved too cumbersome and costly to be effective. So, in one important way, Microsoft developed convergence of physical security infrastructure with IT practices by using off-the-shelf software applications, wherever possible, to create a more streamlined, efficient, and cost-effective security solution, according to Brian Tuskan, Global Security’s senior director of operations, technology and investigations.
While Microsoft is an influential world player, there is no bigger and more important a global, mobile and ever-changing operation than the U.S. military, including the Navy. In a telling example of handling its “always on the move” personnel, it has tailored a security system to each individual at a unique housing facility. For instance, at Pacific Beacon apartments in San Diego, the first privatized community in the world for enlisted single sailors, “We wanted to provide the best possible services at every level, including appliances and security,” says Sam Bellas, development associate at Clark Reality Capital. The integrated Pacific Beacon security installation includes card access controls, video, a fiber backbone and the Navy’s common access card (CAC), which provides secured access anywhere worldwide.
Exercises to Protect the OlympicsIn one Olympics security exercise held late last year, there was a review of how the military, police and government agencies will respond to a sudden release of radioactive material contaminating the population, a worry shared by security executives at other worldwide sports and entertainment events. John Oakley, director of the integrated public safety office of Emergency Management B.C., stated in an interview that the five-day security exercise, 10 minutes away from the Olympic Oval skating rink, involved “a chemical incident” that would end up with radiological isotopes contaminating people.
Consistency of Implementing StrategiesMicrosoft’s Tuskan adds consistency to the need for strategic planning. “There are a lot of similarities” between a global assignment and a local one, he says. “Consistency in terms of processes and policies is essential. But the key is localization and regionalization. What might work in southwestern U.S. might not work in southwest Asia.”
Off-the-Shelf ApproachAs Tuskan points out, Microsoft developed the convergence of physical security infrastructure with IT practices by using off-the-shelf software applications wherever possible, to create a more streamlined, efficient, and cost-effective security solution.
Approaching security as a unified initiative enables Microsoft to monitor and protect more assets by using fewer resources. Global centers for security monitoring can deliver total interoperability, including failover capabilities as necessary. To effectively monitor and protect its resources, Microsoft Global Security built its solution on ten essential design principles to provide a layered security model.
It focused on:
Global Security Operation CentersAfter spending several years developing an official charter for Global Security services, a comprehensive strategy emerged for protecting the physical property, assets and people around the world. Out of this charter, the company ultimately established those GSOCs.
Navy Covers the WorldFor the U.S. Navy, the Pacific Beacon facility is a unique security strategy that can be replicated worldwide.
The first privatized community for enlisted single sailors in the country, it is being protected by a GE Security integrated approach consisting of 941 dual master suites in three high-rise buildings overlooking San Diego Bay.
Sports and Entertainment VenuesAt one of the world’s most historic and iconic sports venues, new technology and security measures will allow Churchill Downs to maintain a free-flowing public setting while providing a safe and secure environment. The venue selected Honeywell’s Pro-Watch security management system to ensure better control and monitoring of the racetrack’s administrative facilities.
What about Protecting the Brand?Brand and reputation are growingly important aspects of global security programs, whether the sensitivity is throughout the world or situated more locally. Andrews International, for example, sees growth in diverse services. A new service aimed at Fortune 500 firms is based on Andrews’ Security Effectiveness and Efficiency (SEE) methodology, which includes matching security resources to risk profiles, maximizing the integration of uniformed guards and electronic security assets and accurately projecting return on investments through industry-specific financial models.
At Odds with Diverse Regulations, Laws“One of the obvious differences is the geographic separation that requires a global team working within your key countries and/or regions to provide support during normal business hours,” she says. “Another difference is the cultural aspects of implementing security; for example, what might be quite appropriate in one country or region could be at odds with local laws and labor union agreements in another country. This is why having a global team with local support is critical so that security is appropriately applied around the globe, while appreciating and fine-tuning security programs to support the cultural aspects.”
What about Remote Access?There are special information security risks no matter a local or global firm. Remote access is always a challenge, whether it’s to Boston or Bangkok.
Privacy Varies by CulturePrivacy is part of the information security risks agenda when it comes to global operations, according to Andrew Serwin, founding chair of the Privacy, Security & Information Management Practice at Foley & Lardner LLP. He urges security and their C-suite executives to convene an information management committee. “Get them altogether in a room to talk about challenges and to fix things before there is a problem. Different cultures have different expectations of privacy even if company policies are consistent. In the U.S., we have better privacy.”
Biometrics More AcceptedAnalyzing recent findings from the nine countries covered in its bi-annual Unisys Security Index, the tech firm found that consumers remain most concerned about bank card fraud and identity theft, despite a general decrease in overall concerns about security threats. These global concerns may have led to an increasing consumer acceptance of biometric technologies, such as fingerprint and eye (retinal) scans, versus more traditional methods of using passwords and PINs. Respondents in every country surveyed in the Unisys Security Index indicated a majority favored the use of advanced biometric methods.
Partner with FBIInfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector – businesses, academic institutions, state and local law enforcement agencies, and other participants – sharing information and intelligence to prevent hostile acts against the United States. InfraGard chapters are geographically linked with FBI Field Office territories.
What’s a Strategy?Strategic planning is an enterprise’s process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. Various business analysis techniques can be used in strategic planning, including SWOT analysis (strengths, weaknesses, opportunities, and threats); PEST analysis (political, economic, social, and technological); STEER analysis (socio-cultural, technological, economic, ecological, and regulatory factors); and EPISTEL analysis (environment, political, informatics, social, technological, economic and legal).
• “What do we do?”
• “For whom do we do it?”
• “How do we excel?”
In many organizations, this is viewed as a process for determining where an organization is going over the next year or more – typically 3 to 5 years, although some extend their vision to 20 years. In order to determine where it is going, the organization needs to know exactly where it stands, then determine where it wants to go and how it will get there. The resulting document is called the “strategic plan.”
How in the World Do You Handle Social Media?It’s a worldwide movement. Today’s Web 2.0 tools, such as blogs, Twitter, Facebook, LinkedIn, and the many other social media options, are all about engagement. It’s also about security, too. A two-edged sword, social media can extend the reach, involvement and productivity of the enterprise and its employees or open a door to trouble.
• Transparency. When participating in any online community, your employees should disclose their identity and affiliation with the organization, clients, and professional and/or personal interest. When posting to a blog, they should always use their real name, not an alias.
• Be direct. When creating posts and content, your employees should be direct, informative, and brief. They should never use a client’s name in a posting unless they have written permission to do so.
• Give due credit. If your employees post copyrighted materials, they should identify the original source. This includes sources for direct or paraphrased quotes, photos, videos, and anything else they did not originally create.
• Self-edit. Your employees should always evaluate their posting’s accuracy and truthfulness. Before posting any online material, they need to ensure that the material is accurate, truthful, and without factual error.
• Responsibility. Make sure employees know that they are responsible for what they post. Negative or questionable posts will not be tolerated.
• Be professional. When posting comments, employees should refrain from writing about controversial or potentially inflammatory subjects, including politics, sex, religion or any other non-business related subjects.
• Privacy. Employees should never disclose proprietary or confidential information. This includes product releases, service updates, and employee information not made public yet.
• Obey the rules. All employees should follow local, state, federal and other country laws and regulations where applicable as well as the company’s internal and security rules and the rules established by each social networking venue. Ultimately online activities will be a reflection on the company.