“Winners” in 2015 will be multinational security solutions companies and recruiters for mid-to senior-level employment placement |
ASIS International 2014/2015 Review and Forecast:
Spending on security systems was up in 2014: In general, it seems that there was an increase in capital projects for 2014. Two likely contributing factors are a slightly better economic outlook, and the previous capex holding patterns of many organisations wanting to move out of that position. World events such as ISIS, Ebola, the Israel-Gaza conflict, Ukraine/Russia, the disappearance of Malaysia Airlines 370, and multiple active shooter incidents resulted in the lifting of spending restrictions. There were significant investments made in personnel, training, and emergency preparedness. The general 2014 increase in M&A activity has been part of the picture as well, with physical security (access control, video, and intrusion) for the acquired properties getting attention.
Video systems seem to be greatest category of expenditure
Part of the access control spending increase was to replace end-of-life access control systems—in particular, Casi-Rusco. Many of the major access control companies (Lenel, Honeywell, and AMAG, for example) released upgrade kits or conversion programs that allow upgrades of the front-end servers, and in some cases field control panels, without having to rip and replace door control hardware and readers.
Analogue product demand is dropping
Many integrators dropped key analogue product lines due to increased customer demand for IP-based products. Video products constitute the bulk of this change.
There was an increase in security system purchases for U.S. healthcare and college campuses
(not noticeably so for K-12), to establish higher levels of security. There was also an increase in security system expenditures across U.S. pharmaceutical companies.
There is also an expanded interest in security management academic and course curriculums at colleges and universities |
Diversity of security personnel within the industry continued to grow
There is also an expanded interest in security management academic and course curriculums at colleges and universities.
Integrators heighten interest in security assessments
There seems to be a higher level of interest in security assessments on the part of security integrators. I believe this is due to both the availability of more educational sessions designed for integrators and an increased requirement for security practitioners to relate their security investments to the risk picture. While this probably relates to a minority of integrators, it’s a trend in the right direction that will be an important as a differentiating competitive factor. I know of several integrators that hired personnel with assessment experience, and some who sent personnel for training. The availability of online training in the future may be a factor supporting this trend, as it’s hard for integrators to take personnel out of the field for extended out-of-town training. For the most part, these are threat and vulnerability assessments, light on the threat part and heavy on the vulnerability aspect (i.e. not full-blown risk assessments). This is the state that IT security was in a little over a decade ago. However, it’s a start and certainly better than no assessment at all.
Using Advanced Video Management Systems (VMS) as “Basic PSIMs”
Previously access control and alarm monitoring systems were the default base security monitoring operations application. Then along came PSIM (Physical Security Information Management) as a new name for security operations and response software that integrates the many system components of a security technology infrastructure. However, PSIM is complicated to deploy and expensive (typically over $500K), making it feasible for only the largest organisations and critical infrastructure. This year, high-end VMS manufacturers have increased their claims about serving as a light PSIM application, and at 10 percent of the cost of the big-name PSIM applications. Support for mobile devices both for video, text, and voice communications is a contributing factor. Now that megapixel video has improved the quality of video, and now that petabyte capacity storage is affordable for large systems, this trend may well continue.
International security breaches call for protocol review
Unexpected events including a breach at the White House and Canadian parliament buildings gave way for review of protocols.
Interest in cloud solutions is increasing
Integrators and consultants both report a high level of interest in cloud solutions. Cloud solutions are viewed as an alternate approach to huge capital reinvestment for aging systems, and as a way to establish standardization across the enterprise at a reasonable cost.
Previously access control and alarm monitoring systems were the default base security monitoring operations application |
Cloud security is a very high and real concern
I know of two organisations (one integrator group, one large end-user company) who engaged a team of cybersecurity experts to evaluate cloud-based video storage solutions. In both cases, a large number of relatively small, but important, video applications were involved; all of the cloud services evaluated could be seriously compromised within 15 minutes of the first attempt (i.e. hackers could view customer video). Some of these were “big name” services. A failure on the part of physical security cloud service businesses to address security for their offerings could be a significant stumbling block for those companies, bringing the risk that a serious incident could set back the business development efforts for security industry cloud services in general.
The reason that these two organisations invested significantly in their cybersecurity teams is that cloud-based services have the potential to let them significantly expand and improve the value of their technology deployments at a fraction of the cost.
Increase in cybersecurity spending
Increases in cybersecurity spending are on a trend to quickly outpace spending on traditional security (corporate, physical). This feedback comes from large and small integrators who have CSO/Corporate Security Director practitioners as customers. The high level of media coverage for the many large-scale data security breaches has elevated cybersecurity concerns over those of traditional security concerns.
It is completely unlikely that companies will start publicising the extent and impacts of their physical security breaches, just to help the traditional security industry get media coverage!
There seems to be a higher level of interest in security assessments on the part of security integrators |
Cybersecurity vulnerabilities of critical infrastructure, especially the electrical power grid, are also overshadowing traditional security concerns.
Large integrators, in particular, are concerned about the implications for traditional security spending going forward. Key question are: if the economy begins to significantly improve, what portion of security spending will go to cybersecurity over traditional security? And, could traditional security spending remain weak if there is a strategic shift in security investments over to cybersecurity?
How will the business change over the next year?
Businesses will need to prepare employees to be resilient as the incidents of home-grown terrorists, hate crimes, and protests will continue to rise in 2015. Organisations are encouraged to engage in public-private partnerships, if they have not already done so. It will be a necessity.
As noted in my previous comments, threats to customer information will continue to be a trend in the New Year, requiring businesses to reevaluate their internal processes and systems. Social media will be a tool that organisations can use in their security operations, from investigations to real-time update on occurring events.
Increased interest by countries to develop more pervasive monitoring could put companies’ proprietary information at risk. A number of countries have either passed or are reviewing legislation that gives them more legal rights domestically to review and assess electronic communication on telecommunication networks, whether public or private.
Who will be the “winners” and who will be the “losers”?
I predict the “winners” in 2015 will be multinational security solutions companies and recruiters for mid-to senior-level employment placement.
Heightened areas of concern will remain the security of personal information and travel risks.
See the full coverage of 2014/2015 Review and Forecast articles here