As interesting as Big Data can be for finding patterns in the past, its biggest promise for security lies in being able to predict the future. No, we’re not talking about some sort of “Minority Report” dystopia where the state peers into your soul. Used correctly, Big Data analysis very often reveals emerging data patterns that can tip off the likelihood of an imminent problem. As we’ve discussed previously in this series, there is no one-size-fits-all approach to extracting value from Big Security Data, and that’s true for predictive analytics capabilities as well. In this third and final article, we’ll take a somewhat futuristic look at what Big Data will be able to predict in several vertical market applications.
Retail: Reducing Shrink
The retail industry is always looking for new tools to reduce shrinkage. Big Data solutions are already making huge advances in correlating Point of Sale (POS) data with video analytics to identify and reduce various forms of employee malfeasance at the cash register. This was probably one of the first applications to emerge because it’s a tightly constrained, data-rich environment that makes analysis relatively straightforward. However, it tackles only one form of retail loss.
There are many other problems in retail settings that require more subtle analysis across even larger data sets. Electronics retailers, for example, routinely lock up high-value goods in access-controlled cages to restrict who can handle these items and when. Biometric readers can increase the certainty of who has accessed the cage, and video cameras can provide visual verification. But in a busy store, let alone an entire chain, that represents mountains of data to sift through, and store managers are usually too busy serving customers to sort through all that data in a timely manner.
Enter Big Data. It is possible to analyze access to inventory and POS sales data to scan for meaningful correlations in real time. As a baseline, for example, there should be a statistical relationship between the number of times the high-value storage is accessed, and the number of high-value sales actually rung up at the register. A large organization could further normalize this data on a per-store basis by time of day, by specials and sales, and so forth. With that statistical baseline in place, any deviations spotted in real time could be flagged for local or corporate loss prevention review.
What’s different since the advent of Big Data is that the software to do this type of analysis has come down in cost by orders of magnitude, and increased in speed by similar leaps and bounds. There are any number of patterns that could indicate likelihood of theft, but they can only be predicted in real time with the type of advanced tools that have come to market since Big Data’s arrival. True, such software could have been written many years ago, but the expense would have created an ROI few companies could justify.
Public Venues: Who’s in the House?
Ever since 9/11 and the unfortunate recent increase in mass violence in public places, law enforcement, property owners, school administrators, business and concerned citizens have been asking: Why can’t we prevent such tragedies? And, if not prevent, what could we have done to spare at least some of the victims, or have better information about both suspects and the injured?
One of the problems with violence in public places like movie theaters, sports arenas, and outdoor venues, is that it is very difficult to know who is actually in the area of concern. One reason for this is ticket sales are still largely anonymous. Sure, somewhere there may be a website that recorded the credit card information of the initial purchaser, but there’s no guarantee that ticket hasn’t been transferred to someone else.
The shift toward mobile ticketing, identity-based credentialing and geo-tracking is introducing an improved relationship between the ticket and the person using it, if only because most people, most of the time, will use their own mobile device to get into the event. Even when transferred, these types of tickets or credentials are still traceable to the new device.
What does this have to do with Big Data? The sheer volume of data across multiple venues and multiple mobile devices would be far too daunting for older analytical techniques, particularly in real time. With the aid of real time analytic tools, however, it is now possible to know who is present at a ticketed event with a much higher degree of certainty. While this may not always solve the immediate apprehension side of the equation, it could help tremendously with aid and evacuation.
The security industry has had a long and ongoing internal dialogue about how to make security data valuable at the corporate level. But the connection between security data and using it to raise revenue has been very difficult to establish. In the example above, apart from the security implications, answering questions such as who attended, how often they attend, when they arrive, whether they left, or left and returned, have tremendous commercial value to venue management companies.
Big Data analytics may be the tool that finally unlocks the larger value in security system data and gives it a broader use within the corporation.
Property Management: Commercializing Federal Practices
Commercial property managers usually know very little about who is visiting their tenants, the overall volume of visitors, and what patterns are associated with these visits. Some properties have empty lobbies where visitors can pass right through; some will post a security officer who does little more than watch people walk by; and even the best will often have no more than a clipboard for guests to register.
Much like the ticketing examples we discussed earlier, the rise of mobile credentialing is creating a path to a rich new source of Big Data about the comings and goings of commercial building traffic, and a valuable resource for security. Its predictive value depends on being able to establish norms for patterns of building usage, detecting variations in real time, and then determining whether any of these represent potential security threats.
By way of illustration, consider the case of federal buildings, where entrants fall into two groups: credentialed employees or contractors, and visitors subject to screening and registration. This results in close to 100 percent knowledge of building occupants at any given time. But as anyone who has visited a federal building knows, the screening process is very cumbersome, would never scale to a commercial setting, and wouldn’t be worth it unless there was an automated way to scan for security vulnerabilities, environmental changes, or other traffic considerations.
Big Data techniques and mobile credentialing can jointly provide the intelligence the manual federal process provides, with the convenience of commercial practice, and all the while producing the benefit of actionable data insights.
What about Privacy?
We can’t leave the discussion of Big Data in Security without considering its impact on personal privacy. As USA Today’s Howard Rheingold put it: “You can't assume any place you go is private because the means of surveillance are becoming so affordable and so invisible.”
And that was well before Big Data, which has further heightened concerns that it will have the perverse effect of further empowering governments and large corporations at the expense of the individual.
There is perhaps no better example of this concern than the recent controversy over the extent of NSA surveillance techniques.
By the same token, in the commercial arena, much of the predatory lending and outright fraud that took place during the 2007-2008 housing implosion was a direct result of banks and mortgage companies using huge databases to target vulnerable consumers.
There are real, potential drawbacks, so does this mean we should not use Big Data in security? No, I do not believe so. But as always, there must be responsible, regulated use of any technology. Writers on this topic have cited the OECD Privacy Principles as a starting point for any data collection policy related to Personally Identifiable Information. This is a useful framework that lays out standards along eight dimensions:
- Collection Limitation
- Data Quality and Relevance
- Specification of Purpose
- Limitation of Use
- Information Safeguards
- Individual Participation
In some respects, many of these principles are at odds with the practices of the security organization, which by its very nature must often operate covertly. That said, there are at least two important exceptions we should all observe as we build Big Data databases and tools: our customers and our employees. For both of those groups, clear guidelines are essential to the very trust and long-term relationships we are trying to instill as part of security’s core mission.
As the 9/11 Commission Report put it:“We must find ways of reconciling security with liberty, since the success of one helps protect the other.”