Comprehensive, layered and integrated security and safety program development is often lost in an age of technological advancement. All great security and safety programs start and finish with discipline, standards, accountability and data. Additionally, in the modern era of building these programs security leaders must consider the “air domain” as an addition to the complexity of mitigating risk.
Clearly, security leaders are witnessing an age of hypersonic technological advancement and it’s important as a business owner and operator to not get fixated on the “shiny object.” Clearly, security and safety technologies give us ample opportunity to do so. The current market is inundated with so many choices that making a sound decision is often clouded by the mere reality of volume and choice options. It can in many ways paralyze the overall thought process and stymie responsible buying and, in many cases, push hasty decisions that cost more in the long run.
Technology purchases are capital investments and therefore significant in business decisions. When faced with the choice to implement technology to support the overall security program security leaders can use the following framework to help guide the decision-making process.
- Define the problem.
- Conduct a threat, vulnerability and risk assessment (TVRA).
- Determine the protection needed from the TVRA results.
- Enable data/forensics to support a return on investment.
It is without question that true security costs are centered around technologies and people. Take for example camera and access control options. There are hundreds of choices from a myriad of companies. Picking the right “unified technology package” becomes quite intimidating.
One of the first questions security leaders should always consider is what problem needs to be solved. Defining that problem and understanding the implications is normally done by conducting an assessment or study of the business, the environment and its purpose. Oftentimes, defining the problem is an afterthought. The “shiny object” of technology seems to be the “out of the box” answer. However, technologies are tools that augment the “human in the loop” and provide expanded situational awareness so that decisions can be made. If security leaders don’t define what the problem is, the problem can’t be solved.
The TVRA is a study that is the foundation of any security and safety program and sets the conditions for determining the protection and developing emergency response and business continuity plans but more importantly, it guides the decision-making needed to invest in technology. The TVRA identifies critical assets associated with the business and determines the vulnerability to each. It assists with identifying and determining the protection needed.
During the TVRA process, security leaders might note that the entry control points to the business are insufficient in providing the expected throughput. In an access control scenario, several factors from a technology perspective must be considered:
- First, is sufficient physical space allotted, and within that space what type and quantity of entry and screening technologies will be needed?
- Second, does the network infrastructure have the ability to support wireless entry, ticket verification and volume? Furthermore, how is the data handled? Will it require an on-premises server storage capability or will it leverage the cloud? All good questions for “one problem to solve” and with technology design, there may be a multitude of similar decisions.
- Third, the technology normally requires people. What are the manpower needs associated with each in this protection exercise?
In an age of instant information, data is a powerful tool that supports many aspects of a business. Many times, the critical question left out of technology discussions is what data each tool provides, and how is it visualized for future use. Enabling data gives security leaders insight into forensics for security and safety purposes and is a great way to provide an additional layer of insurance when it comes to operating in today’s business environment.
In the end, deciding on and implementing a “unified technology platform” is a tough decision with so many choices and it is best to just keep it simple.
This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.