Converging Physical, Logical SecurityInsights on How to Best Integrate the Silos
- Barriers to physical, logical security convergence;
- Business benefits of convergence;
- Current security threats that support the need to integrate.
Lander, Certified Protection Professional and Certified Master Anti-Terrorist Specialist, is owner of Ultrasafe Security Specialists and a retired Sergeant with 23 years on the Los Angeles County Sheriff's Department. His experience in law enforcement ranges from burglary, property and high-technology crime investigations to supervision/operations in the Juvenile Investigations Bureau, the Undersheriff's Office and Data Systems Bureau. Lander's security experience includes 17 years as Vice President of Lander Security Systems & several years as a Security Consultant. He also serves as Vice President of Technology for Security Management Services Inc, (SMSI).
TOM FIELD: To get us started, why don't you tell us a little bit about yourself and your background in security, please?
RON LANDER: I'm retired from law enforcement of 23 years as a sergeant with the Las Angeles County Sheriff's Department, and then I went into the security business. Now I'm an award winning consultant, author and speaker, integrator serving the greater western United States and some points on the east coast also. Some of my clients are Stanford, University of California, St. Jude, and other corporations some which want to be announced and some don't.
FIELD: Ron, how does your unique law enforcement experience with the sheriff's department help you today in information and logical security?
LANDER: The sheriff's department was just coming into the day of information technology when I was involved with it in the '80s. As a matter of fact, I was in charge of distributing Compaq desk pros with 128 megabytes of memory and 20 megabyte hard drives, and I was everybody's friend because they wanted to have one of the 20 computers being distributed. I was involved in the early stages of law enforcement when it kind of migrated through technology, and then from law enforcement to the private security side. So I know both sides, and I know they complement each other because -- just like security -- law enforcement is all about metrics, getting the information correct and getting people, locating people, and tracking people where it is necessary.
Barriers to ConvergenceFIELD: So we've talked about this convergence of logical and physical security for years now. What are the barriers that still remain to prevent it?
LANDER: A couple of barriers are the users themselves. Some of them can't grasp the need to integrate systems. Some are comfortable in their environment and don't want to push forward. However, what is happening now is there are a lot of systems that we call legacy systems that are no longer supported by their companies. The corporations have to pay the money to get the technology up to date for the sake of their clients, employees, patients and visitors -- whatever the business may be.
FIELD: So as organizations start to think about a convergence, and it is something that they want to do, what are the topics they have to be most mindful of as they consider the transition?
LANDER: Compatibility and communication, making sure that when you move forward and you start planning an access control of a video surveillance system that the systems are compatible and can communicate with each other. It's kind of like having a house with one key for the front door and another key for the back door, and another key for the side door. You want to make sure that everything communicates is on the same platform.
Building the Business CaseFIELD: So, Ron, a number of organizations have made significant investments in physical security, certainly, and then logical security, and they are siloed now. When they start talking about convergence and they have to make the case for this, what are the handfuls of business benefits they are really going to sell this plan on?
LANDER: Economy of scale. It's like running a building with two air conditioners and then getting one larger air conditioner to cover the entire building. You are going to have one platform to support via IP or analog, as far as technology is concerned. There are still some analog systems that can be integrated very well, which are a combination of analog and digital. IP being when a component plugs directly into the internet or into the intranet inside of the system. Eventually you are going to have less staff because what we're finding in the competing community at large that a lot of people out there are computer savvy. They can figure out what is wrong with their mouse, what is wrong with their keyboard. Ten years ago, many companies had three or four people going around the campus helping people set up their monitors and mouse and keyboards, and we're finding that they can pretty much take care of themselves within the limitations that the corporation gives them.
Lastly, it's efficiency. They are going to get more efficiency. You are talking that one platform and, of course, integration itself. The fact that one machine is talking to both your access control and your video surveillance system.
Are You More Secure?
FIELD: Well, you know it's kind of an obvious question, Ron, but I've got to ask it. Efficiencies are great, and so are cost savings, but how do you know you are more secure by having a converged organization?
LANDER: If you have a converged organization, you've got the best technology available at the time for your budget. You've got your access control talking to your cameras. For example, if a camera -- this is the first step in analytics -- if a camera sees motion in a hallway, but it did not see that a door was open by an authorized person, it will set off an alarm. It could very well of set off an alarm when the door was opened by an unauthorized person and then activated that camera or brought that camera to a "thirty frames per second" speed that will give you true motion for the perpetrator or the person walking down the hall.
FIELD: Now, you've seen a number of organizations go through this process. What are some of the hidden traps that they've got to look out for when they are trying to converge these silos?
LANDER: Communication. They need to communicate with the staff. For example, I went to visit a hospital, two separate hospital campuses recently, where the security department had 99 cameras under their control. However, after doing an inventory of the entire campus, we found out that separate departments had their own camera systems all on different platforms. They had 256 cameras. For example, the pharmacy got 12 cameras through their budget, and supply support got 20 cameras through their budget, and everybody is on a different platform. So making sure you are communicating and also the infrastructure itself. You are limited by the infrastructure. However, wireless technology in cameras is coming down and getting more and more popular on a real local basis.
Leaders in IndustryFIELD: Now you've mentioned a number of different types of organizations. You've just mentioned healthcare. You've talked about academia; you've talked about business and government. If you could typify, are there sectors in the private and the public that are better at convergence now that can sort of be models for others?
LANDER: Well, there are several that are being mandated to get better. For example, HIPAA in the health industry. Healthcare productivity is increasing, but the expense for automation is increasing also. They are pushed into automating and being more accountable for their customer and client data. The banking industry is also being forced into doing this. And when I say "forced," that is really a positive because the bottom line is they are going to be more efficient and more communicable systems to give them the information that they need.
Key ThreatsFIELD: Ron, when you look at the landscape today, are there specific security threats that you think really call out for a better logical and physical coordination?
LANDER: One of the most prominent ones that come up about once a week in the headlines is workplace violence. We are seeing that there is a shift in workplace violence. There is a lot more domestic workplace violence and economically-based workplace violence, where somebody comes in upset because their loan didn't get approved or because they got downsized. There are a lot of very high profile cases that involve just that.
Then there is terrorism - home-grown terrorism, which could be somebody using the company's resources to build a bomb themselves or some sort of a trap or in foreign terrorism. So they can't always look for a foreign oriented terrorist attack, but they have to protect that.
The theft of intellectual property. I do a presentation on computer security for the road warrior, and my best recommendation at any time is when I do a presentation is "If you don't have to take your corporate laptop, don't. Because there are too many opportunities for that laptop to get lost.
Shoplifting, the technology in shoplifting, analytics in shoplifting have increased significantly. Now, with the proper analytics, a company can track when somebody is standing too long in a certain area or loitering, so to speak, in the shaver aisle or the drug aisle where they have some of the over-the-counter drugs, which can be diverted very easily.
And then there is diversion itself, diversion of property, theft of property from off the loading dock. That is just to name a few.
Steps to Improve ConvergenceFIELD Final question for you, Ron. What advice would you give to organizations that are looking to improve their physical and logical convergence and looking for some quick wins to demonstrate their forward motion?
LANDER: I just left a place where I gave the gentleman a price for an hourly rate for doing some consulting before they do some building. He said, "I'm not sure if we have it in the budget." Well, he may be calling me in nine months because somebody didn't do something right. They didn't do have a good project manager or didn't have good direction, never thought about a certain back door or something like that. The bottom line in any technology that has to do with video surveillance is: Is the video evidence worthy? In other words, you got a clip of this guy pulling a robbery, stealing a car, attacking a person, but is it something that you can take to court? Are you sure this is the same person? Some people are too cost conscious and want to get a cheap system. When it comes to the big one and they have to produce something that they can take to court and support, nine times out of 10 with today's technology and today's applications and technology, the evidence isn't worth a conviction if that is the only tool that they need to convict somebody.