IT and physical security are moving closer together. IT departments have some say in the selection of products, but in many cases they are asked to take on the project completely. For those IT pros tasked with shopping for physical security process, the IT principles may be easy, but the rest of the selection process may not be as straightforward.
From an IT perspective, there are five key factors that bear heavy consideration when evaluating and choosing physical security products. Below are guidelines for looking at these main factors and selecting the best physical security products for your specific application and needs.
When evaluating physical security products, most providers can offer a solution that will meet your needs today. However, because technology evolves so rapidly, that may not be good enough. You want manufacturers and solutions that will adapt to those changes, so look for a manufacturer that is up to that challenge – a company that is constantly innovating rather than simply being good at what they’ve always done.
You definitely don’t want a manufacturer that falls into the “Kodak trap.” Prior to the wide availability of digital photography, Kodak focused on developing cameras and film. Unfortunately, when digital cameras made those technologies fall by the wayside, Kodak was slow to innovate and as a result, they found themselves way behind a lot of other companies in the photography market. Believe it or not, there are security providers whose business models are not all that different from Kodak’s.
That’s why it’s imperative to partner with a provider that is constantly working to deliver products you need next, not simply the same product you may have needed for the last five or 10 years.
In today’s connected world where the Internet of Things has become the norm, having devices and systems that integrate and communicate with one another is no longer a “nice to have” but a “must-have.” Physical security products are no exception. Therefore, when evaluating solutions, you’re not looking for a product company. What you want is a solution company; meaning, the company the will offer everything you need or if they don’t, their products will play nice with other companies’ products to round out their offering and provide an end-to-end solution.
Interoperability between devices is a major point in physical security. Unfortunately there are some companies that offer great products that don’t offer integrations with many, if any, third-party technologies. Because integration offers the ability to choose best-in-class products to create a full solution, this is completely unacceptable today.
Therefore, the company you should partner with is one that is open to working with and integrating with other products, rather than a company that might be able to develop a plan for cobbling solutions together in six months’ time.
This is a shift some physical security companies are making, shifting from being a company that produces, for example, just cameras to one that also offers software, access control and other solutions.
Perhaps more than ever, trust is important to end users. With a security manufacturer, you have to be able to trust that they are going to be honest with you and not necessarily try to sell you the latest and greatest of everything just to make a sale. Physical security technology is changing so rapidly that it is the responsibility of manufacturers to openly and honestly educate customers about what they need and what they don’t need.
For example, say you’re looking for particular functionality that you may not be aware your existing cameras offer. Do you trust your provider to tell you the cameras you have provide that capability or would you expect them to try to sell you new cameras?
Look for a manufacturer who you can trust to be a knowledge leader or an educator – someone who’s going to explain everything to you. The kind of company that will take the time to answer your five or so support questions, then give you a few more minutes of their time to walk you through other issues or answer additional questions that may or may not necessarily relate to the product or products they provide. That’s the type of company you want to buy product from and partner with for long-term success.
Trust also expands into the longevity of a company. Is it worth saving money on a product if the company hasn’t been around for very long and may not be in business in a couple years? It’s better to invest in a proven technology from a provider with a lengthy history of delivering products that routinely meet and exceed customer expectations. Best of all, this kind of information can easily be gleaned, often through a simple internet search.
As IT pros know, everything that’s connected to the network is just another node and should be treated as any other device. An IP camera, for example, is simply a computer with a lens on it. In the IoT age, cybersecurity is only as strong as the weakest link in the overall network ecosystem. As a result, cyber hardening is essential for anything connected to the network to prevent it from becoming an entry point for hackers.
Obviously, the first thing to consider with regard to security products is whether a device offers the ability to be hardened or locked down to make it less susceptible to intrusion. Beyond that it’s important to determine just how secure products can be made. What are the defaults for a number of security settings, and how easily can they be changed? More importantly, before anything is installed on the network, it’s vital to make sure it is capable of being configured to comply with IT security policies.
To help with this research, some physical security manufacturers produce a hardening guide for their products. Take the time to review these guides and compare them to company policies to make sure a product is going to provide the appropriate level of cybersecurity.
However, the reality is that no network can be made 100-percent impermeable to intrusion. So, if someone should somehow find a way to access a device, how responsive is the manufacturer going to be about admitting the problem and then fixing it?
And if someone should somehow access the device, how responsive is the company going to be to admitting they have a problem and then fixing it? This goes back to the trust issue. Some providers publish known vulnerabilities on their website, allowing you to review the status of device firmware and ensure their products are as secure as possible in as timely a fashion as possible.
The final factor for IT pros to consider when looking at physical security products is support, which should encompass both pre- and post-sale technical support. For example, what kind of warranty does a product come with? Does the manufacturer offer repair or advanced replacement? Basically, you want to look at the level of investment the company has made in its technical services. For starters, who is going to answer the phone, and are they even going to answer the phone at certain times of day?
This may seem fairly basic, but if you’re calling a company that sells not only security products but also refrigerators, TVs, toasters and all kinds of other things, can you trust that they’re going to make the necessary investment to support all of those products at a high level? On the other hand, if all a company does is security products, they are more likely to provide that high level of support on everything they sell.
It’s also important to know through what channels a provider offers support. In some cases, the last thing a person wants to do is pick up the phone and call someone. A lot of people want to be able to solve a problem on their own with a little guidance. However, there are still those whose first thought is to find a phone number to call for help. Depending on the type of people you have in your organization, the best bet is to find a provider who has the ability to speak to both types of customers with email, live chat, phone and other channels.
Additionally, you want a provider that will stay with you regardless of channel to make sure your questions are answered to your satisfaction. The last thing you want is to work with an organization that dictates that its support engineers can’t talk to any customer for more than a predetermined amount of time.
Physical security and network security have become so intertwined that it’s no longer possible to talk about one without the other, making it imperative that IT departments be involved in, if not leading, the product selection process. By keeping these five guidelines in mind when evaluating and choosing products, IT professionals can ensure solutions meet their organization’s need both today and into the future while complying with established cybersecurity policies.