What is an acceptable life cycle for a physical security system?

A decade ago, the rule of thumb was that the life span of access control and CCTV systems was around seven years. However, as technology is evolving more quickly than ever before, modern systems can easily become “long in the tooth” much sooner than that. Keeping up with these changes can be a real headache and a costly exercise for security operators. There is undoubtedly a pressure to ensure the best technology is used, otherwise the security operator will always be on the back foot with regards to intruders and threats. For many security operators, the smart move is to procure these systems as part of a “Security as a Service” contract. A regular fee is paid to a specialist provider who guarantees the latest hardware and software is always in place. This ensures that if you require it, you’re up to date at all times.

Ray Kurzweil’s Law of Accelerating Returns says the rate of change of evolutionary systems tends to increase exponentially. It is being proven daily in many industries, including physical security. Adoption of open platform software that enables integrations to leverage new innovations is a key concept in ensuring a longer system lifecycle and virtually zero requirement to replace an entire system. Of course, some of the surrounding hardware components will need to be upgraded over time but these each have their own differing lifecycles. It’s a far more beneficial approach for a security system to evolve through strategic additions and upgrades rather than being limited to a finite lifecycle for the entire system. This enables us to think differently about the system and how it is applied to fixing our business challenges: knowing that our current investments will not be lost but instead are paving the way for the future.

The answer to this question clearly depends on the seat you sit in. Manufacturers, integrators, distributors, consultants and engineers all have extremely different perspectives on this question. As a manufacturer, we design systems to have a lifecycle between 5 and 7 years. This does not mean that the product is going to stop working after that point; it does however mean that our development cycle and subsequent support for these products will change and in some cases end. In manufacturing, the demands of the market always call for more, better, easier, and often less expensive. As a result, this drives continued innovation and adoption of these technologies that take volumes and economies of scale from legacy products, in turn forcing changes. These changes can be uncomfortable for end users as the cycles often do not line up with budget cycles and upgrade schedules.

There is a trend toward automated verification of physical security systems, and to be more aware of cyber-hygiene in managing such systems. These capabilities will lead to systems being replaced when needed rather than on an arbitrary fixed timetable. With automated verification, there is no guessing or opinion about the root cause of problems, or about what has reached the end of its useful lifetime. Automated verification means knowing immediately when a problem happens, why it happened, and how to fix it, and will provide scientific fact on which maintenance decisions can be made. Likewise, cyber-hygiene policy provides control of your system by knowing what is there (e.g. current firmware revision), which will also help avoid unnecessary or pre-mature system replacement.

An unprotected physical security system will most definitely have a shortened service life and require replacing more often. This includes power surges, which can be internally or externally caused, and can happen at any time without warning. Although surge protection is both inexpensive and easy to deploy, a common misconception that devices are only at risk during extreme weather keeps many organisations from recognising the seriousness of the risk. However, the truth is that power surges can be internally or externally caused, and they can happen at any time without warning. As security systems are damaged, they are replaced with the latest advances in electronic security and monitoring systems. These systems require the latest advances in surge protection. To lengthen the life of a physical security system, surge protection needs to be an integral element of the planning and design, not just an afterthought.