How Security Can Add Value and Mitigate Risk in 2013
Strategic technologies of interest for 2013:
Here’s a sure-bet, good news 2013 prediction: No more political ads on TV, at least for a while.
Still, next year will hold plenty of ups and downs for enterprise security leaders, which include innovations that will help you to reduce enterprise risk. The Tonight Show’s Jay Leno and CEO Gary Shapiro know. Researcher Michela Menting and economist Bart van Ark have their perspectives on the near future as does Gartner Fellow David Cearley.
They and other futurists realize that most of what happened and trended this year will carry through 2013. If you walked the floor at this year’s ASIS International Exhibit in Philadelphia, you know the continued and growing impact of technology. It’s a big change from the very first ASIS event 58 years ago.
Nowadays, the security profession goes in myriad directions and uses a diversity of technology tools. But, at the same time, there is more of a fine focus on how security is integral to business growth and to meeting critical business challenges. Next year that focus will be even sharper as business leaders recognize the value of the security function as fundamental to the business process.
Leno, the TV comedian, has focus, and he is pioneering the use of an emerging technology, 3D printers, which, ironically may also usher in another new business threat in 2013. Leno recently related how his “Big Dog Garage Team” fabricated a heater for his 1907 White Steamer. They used a 3D scanner to create a detailed digital model of the part, then the team programmed that model into a 3D printer, which used the file to print, layer by layer, an exact copy of the part in plastic. Finally, the replica part was used to make a mold for casting the finished component in metal.
Such 3D scanners and printers are getting better and less expensive. Some say today’s advances are moving more quickly as compared to the time of those first dot matrix printers in the 1970s with a print head that ran back and forth on the page, striking an ink-soaked cloth ribbon against the paper, much like a typewriter. Some futurists believe 3D printing in 2013 may bring manufacturing back into the home.
But, not surprisingly, the approach, called additive manufacturing, also can threaten intellectual property, R&D secrets and a company’s brand. Such problems have already happened with songs and movies, thanks to disrupting technologies such as the Internet and file sharing services.
Shapiro, president and CEO of the Consumer Electronics Association, just as firmly sees business and strategy goals in the razzle and dazzle of the mammoth 2013 Consumer Electronics Show in Las Vegas. “It’s the cutting-edge products and services at CES each year that continue to ignite my passion for this dynamic and ever-changing industry,” he contends.
Among the hundreds of thousands of products at CES will be some soon to be handled by security ranging from in the cloud solutions, higher security holograms to 4K (3840 x 2160) resolution video, just to name a few.
Mobility and actionable analytics also will grow bigger and better this coming year.
While application and hardware security form the foundation of mobile security, the market will be driven in large part by mobile-centric security services, says Menting of ABI Research.
Mobile security services will chiefly target the enterprise sector, as employers continue to assimilate mobile devices into their organizations. “Securely managing a growing number of devices within the enterprise is becoming a real issue as more workers use smartphones and tablets to perform core company tasks. The different phone brands, operating systems and versions place a growing burden on IT staff, often requiring separate security solutions to be tailored to each device type,” says Menting.
In 2013, Mobile Security Matures, Grows
• Managed Services
• Cloud-based Security
• Endpoint Management
• Security Readiness Assessments
• Penetration Testing
• Other Professional Services
Cearley of Gartner sees an even bigger picture when it comes to technology.
“Strategic technologies are emerging amidst a nexus of converging forces – social, mobile, cloud and information. Although these forces are innovative and disruptive on their own, together they are revolutionizing business and society, disrupting old business models and creating new leaders,” Cearley says.
Gartner defines a strategic technology as one with the potential for significant impact on the enterprise in the next three years. Factors that denote significant impact include a high potential for disruption to security, IT or the business, the need for a major dollar investment or the risk of being late to adopt.
This coming year, a strategic technology may be an existing technology that has matured and/or become suitable for a wider range of uses. It may also be an emerging technology that offers an opportunity for strategic business advantage for early adopters or with potential for significant market disruption in the next five years. Among the strategic technologies of interest to enterprise security leaders:
Gartner predicts that by 2013 mobile phones will overtake PCs as the most common Web access device worldwide and that by 2015 more than 80 percent of the handsets sold in mature markets will be smartphones. Obviously, smartphones will continue to grow as an access device and display integrated with security systems.
The personal cloud will gradually replace the PC as the location where individuals keep their personal content, access their services and personal preferences and center their digital lives, Gartner predicts. It will be the glue that connects the web of devices they choose to use during different aspects of their daily lives. The personal cloud will entail the unique collection of services, Web destinations and connectivity that will become the home of their computing and communication activities. Users will see it as a portable, always-available place but one in which there will be the need of additional and higher level security, especially for enterprises in this business.
The Internet of Things is a concept that describes how the Internet will expand as physical items such as consumer devices and physical assets are connected to the Internet, predicts Gartner. Key elements, being embedded in a variety of mobile devices, include embedded sensors, image recognition technologies and near field communications for everything from door locks to payment.
As staffs have been asked to do more with less, security and IT departments must play multiple roles in coordinating related activities, and cloud computing is now pushing that change to another level.
Big Data is moving from a focus on individual projects to an influence on enterprises’ strategic information architecture, Gartner notes. Dealing with data volume, variety, velocity and complexity is forcing changes to many traditional approaches, including storage, retrieval and analysis of security video. This realization is leading organizations to abandon the concept of a single enterprise data warehouse containing all information needed for decisions. Instead they are moving towards multiple systems, including content management, data warehouses, data marts and specialized file systems tied together with data services and metadata, which will become the “logical” enterprise warehouse.
Analytics is increasingly delivered to users at the point of action and in context. With the improvement of performance and costs, security leaders can afford to perform analytics and simulation for every action taken by security and throughout the business.
Security will continue to undergo a shift to more integrated systems and ecosystems and away from loosely coupled heterogeneous approaches. Driving this trend is the desire for lower cost, simplicity and more assured security.
Beyond technological trends, there are the overall goals of the business and how, in 2013, CEOs will be expecting more from their security functions and chief security officers (CSOs).
According to a recently released report from The Conference Board, the security function must be integral to business growth and to meeting critical business challenges. Moreover, enlightened business leaders recognize the value of the security function as fundamental to the business process. No longer an afterthought, security has become a core function, embedded in disciplines such as finance, law, human resources, quality, supply chain, marketing and operations, according to van Ark, executive vice president and chief economist and a co-author of the report.
Having evolved rapidly into a value-added function, security is, and will continue to be, a critical strategic player. Today, it’s not just about security, but, rather, business and security, with CSOs acting as partners across functions and business units at the early planning and budgeting stages to identify risk and optimize costs, according to The Conference Board CEO Challenge 2012survey.
For U.S. CEOs responding to The Conference Board’s survey, their biggest challenges reside outside the corporate walls. They cite government regulation and global political/economic risk as their top two challenges, followed by innovation, human capital and cost optimization, all of which are connected to the growth chain and link directly back to the security function.
Growing into an expanding role in 2013, security will enlarge its effective partnership with the legal, compliance and risk management functions to identify risk and sensitize employees to the legal and cultural pitfalls of doing business in different cultures, especially in emerging markets, the survey says. On a macro level, the security function, if properly aligned with business goals and strategies, provides a critical perspective on influencing public and government policy and regulations that affect company employees and assets. This is especially true in developing markets, where large multinational corporations can have significant influence on the formulation of security-related issues, such as the enforcement of intellectual property rights.
The bottom line: The security focus is on the business and not necessarily just security.
In 2013, Check Out Enterprise Security Risk Management
Every business, regardless of location or industry, deals with risk, ranging from big-picture strategic challenges to day-to-day financial, transactional and operational risks. The security function plays a critical role in identifying and mitigating risks that are sometimes overlooked or undervalued. With the expansion of risks in a post-9/11 world, a partnership between the security function and enterprise risk management (ERM) is essential. ERM’s responsibility for developing a holistic view of all significant risks facing an organization requires the security function’s full participation, according to The Conference Board.
While traditional ERM embraces a wide range of strategic and financial issues, these programs often neglect to look closely enough at asset protection, IT security, cyberterrorism and crime. An emerging concept, enterprise security risk management (ESRM) addresses precisely those sorts of risks and integrates with ERM. ESRM uses traditional ERM methodologies and practices to coordinate risk assessment and mitigation across the enterprise and includes the full range of security risks from asset protection to brand protection.
In visionary organizations with fully integrated security functions, security professionals (working with the legal and finance functions) are members ofthe business team, performing due diligence in advance of a global merger, acquisition or divestiture. Security’s value is not just in conducting physical assessments, but now includes integrity checks, compliance, ethics and reputation, all areas where security brings much to the table.
Corporate Security Evolution
|What Was||What Is|
|After-the-fact executor||A voice in strategy|
|Business preventer||Business enabler|
|Cost center||Value add|
|Security-focused skills||Business acumen|
|Security jargon||Communicator/business language|
|Security for security’s sake||Integrated with the business|
|Focus on operations, not people||Personnel developer/manager|
|People just like me||Diversity of thought and skills|
Source: The Conference Board CEO Challenge 2012 survey
Intelligence and its Critical Role in Corporate Security in 2013
By Jerry Brennan, Chief Operating Officer,
Security Management Resources
Over this last year, there has rarely been a conversation that did not include my observations of what are the current trends relating to the experience and skills needed by individuals seeking to fill senior security roles. What are the emerging demands and the most significant changes impacting the profession? With no hesitation, I have observed the growing integration and demand for the quality, timely and well-presented intelligence as an integral part of the business decision process at all levels.
I am not suggesting that this has not, to varied degrees (particularly in the classified and defense-related areas), previously existed within organizations; however, the extent to which this activity has evolved and become more pro-active recently is noteworthy and growing. Let’s start by describing what many executives are describing as the enterprise risk & security model they must build programs around. First, from the perspective of the Board, its operating committee and executive leadership team, the individual accountable, must be able to articulate what incidents and/or events would raise the potential damage to an organizations continued viability and resiliency that it reaches the risk tolerance levels established by governing management. This requires an analysis of each key function within an organization and the identification of all processes and programs in place to address this. The obvious other outcome is identifying what preventative mitigation efforts are not present.
Within the context of this article the emergence of the role of predictive intelligence is defined as the gathering and analysis of accurate, reliable information that is intended to help decision-makers to make informed decisions. The customer is organizational management for strategic planning purposes as well as operational management to assist is risk mitigation.
The sub-process areas that we are seeing an expanded support in organizational intelligence efforts are:
Geo-Political Risks –Identify the potential for international political conflict(s) that threaten the financial and operational stability of an organization and assist in the development of a framework to mitigate these risk(s) that allow for the maintaining operations.
Emerging Cyber Threats –This goes beyond an analysis of current and past events and Predictive toward the emerging & next anticipated threats
Due Diligence–Increased support to management in Mergers & Acquisitions, Joint Ventures, Suppliers and Vendors.
Competitive Information–Proving support to current programs; Identifying and sharing information across organizational functions.
Counter-Intelligence–Defensive analysis by looking for vulnerabilities in one’s own organization, and, with due regard for risk versus benefit, closing the discovered holes. This can both produce information as well as protect it.
These areas all represent the under pinning in the development of many corporate security / risk program strategies. In addition, we are seeing a greater participation in either leading or supporting organizational resiliency program efforts. The alignment and value proposition are mutually beneficial across all organizational functions. These topic areas are a key part of the information gathering phase and are useful for all stakeholders in the process.
In discussing these issues with both security and business leaders, what has emerged is a directional shift in the overall expectation and accountabilities by management for those leading these programs. The model of the new security/risk governance leader seems to be evolving to a combination of a business leader combined the planning, analytics and creative skills of an intelligence officer.
Security Innovations in 2012
What were some of the innovative security products introduced in 2012? Take a look.
This intercom station from Zenitel AS has an exclusive design and comes with 37 intercom variants, offering communication solutions for all environments including building security, industry and infrastructure. The design allows your intercom connect to an IP-based phone system that supports SIP protocol, giving you a security communication solution for any environment.
The AVATAR® II is a rugged, easy-to-use tactical robot that enhances the capabilities of law enforcement and first-responders by allowing them quickly inspect dangerous situations. The robot has secure Wi-Fi networking, helping your team to remotely gather intelligence and better able to keep themselves and their teams safe from harm.
This emergency phone tower can accommodate two video surveillance cameras on a T-shaped camera arm, allowing for more configuration options. Both cameras installed on the same tower can communicate through the phone’s analog or VoIP emergency phone’s auxiliary contacts.
This solution to piggybacking uses two types of sensing technologies, optical and near infrared light, to monitor the compartments of a security revolving door or portal. The sensors work together to determine displacement and distance between an object and back, and can accurately tell the difference between two people and one person with luggage.
The TruWitness Mobile Surveillance Video Camera application transforms guards or response teams into real-time, on-the-scene camera operators by turning guards’ smartphones into full-featured IP video surveillance cameras. The feeds from the cell phones stream into a video management system, in real time.
This security management system can integrate and control more IP-based systems and equipment than before, allowing you to manage door locks, intercoms with live video and communication, intrusion panels and digital video recorders.
This 50 CFM Cabinet Cooler is the first blower-style option that provides a free air rating as high at 50 CFM, and it will emit a maximum of 29 decibels, somewhere between rustling leaves and a whisper.
AXIS M50 cameras are only 5.1” wide and 2.2” high, enabling high-quality 360° surveillance (±180˚ pan, 90° tilt and 3x digital zoom) with HDTV 720p resolution in a package smaller than the average hand. A built-in microphone also enables audio detection that monitors for unusual noises during off-hours to trigger a security alarm that is sent to the business owner and/or security personnel.