The physical security industry is rapidly changing, ever evolving, and one that is growing faster than most other sectors of the greater global market. The latest research shows that the forecasted growth rates will be a compound average growth rate (CAGR) of 7.2% and a total market revenue opportunity of $41.27B through 2022.

These economic indicators make the industry a very attractive investment for entrepreneurs and for investment from large corporations from other industries. At ISC West 2018, this was extremely evident as there was a palpable buzz from technologies such as artificial intelligence (AI), machine learning, cloud-based video management systems and cloud-based access control systems.

New market entrants such as Amazon, and a seemingly increased interest and investment from the likes of Intel, IBM, and even Microsoft were present and contributed strongly to the buzz of the industry’s largest tradeshow.The global managed security services market is projected to reach nearly $40.97 Bn, with a CAGR of 16.6% over the next five years

Need For Education And Enhanced Security

With the increased profile of the industry, one can clearly see that the physical security industry is expanding globally to new consumers; bringing with it an increased need to further secure products and services with comprehensive physical and cybersecurity protocols and the need for education.

This convergence of physical security and cybersecurity will create new industry leaders that will emerge to lead a new segment of the combined market through strong investment and leadership.

According to a report published from Allied Market Research (AMR), the global managed security services market is projected to reach nearly $40.97B, with a CAGR of 16.6% over the next five years.

Correlating these two market data points, the forecast for the physical security market is expected to have nearly 18% of the total market opportunity comprised of cloud services at nearly $7B.

Sharing Security Service Best Practices

In September 2017 at the Cloud+ Conference in Austin, Texas, the leaders of the Access Control as a service (ACaaS) and Video Surveillance as a Service (VSaaS) markets, converged to share industry trends, observations of customer adoption, best practices in implementation and service, financial models, and several in-depth discussions on securing physical security of cloud implementations through cybersecurity.

The security protocols of a cloud service provider is central to the business’s value proposition
The physical security market will have nearly 18% of the total market opportunity comprised of cloud services

These cybersecurity discussions absolutely dominated every discussion with the clear message that as a cloud service provider, manufacturers and integrators must continue to create robust and scalable cybersecurity offerings to protect customer data and facilities.

Interestingly, an analysis of all of the past cyber breaches was presented by keynote speaker Dean Drako of Eagle Eye Networks, who, through a powerful visual diagram, noted that all existing breaches in the physical security industry were entirely on manufacturer provided hardware solutions; VMS physically installed on customer premises, and camera specific vulnerabilities across multiple providers.Network personnel, cybersecurity personnel, firewall experts, and cloud-specific software development staff all need to be added to core physical security engineering expertise

Cloud Versus Non-Cloud Services

The insight that one was able to glean from this information and, that of a greater analysis of cybersecurity hacks across all industries, was that manufacturers and providers of cloud services were more secure and reliable by orders of magnitude than non-cloud solutions.

The reason for these phenomena also became glaringly evident; the security protocols of a cloud service provider is central to the business’s value proposition and as such should be addressed across all levels of manufacturing, implementation, and customer utilization.

Conversely, non-cloud deployed products rely on field implemented cyber strategies from integrators and end users which often expose lack of skills, education and budget to fully secure these physical security products.

Ensuring Successful Deployment

As a SaaS service provider, the technical personnel makeup results in an expansion of staff and expertise. Network personnel, cybersecurity personnel, firewall experts, and cloud-specific software development staff all need to be added to core physical security engineering expertise to ensure that the product developed can be successfully implemented and deployed.Implementing a process to protect millions of customer’s data records and facilities begins with mapping out a strategy to secure software and hardware.

These new jobs in the physical security industry will astronomically expand as the market continues to grow $6 Bn in a little over 4 years providing new opportunities to existing and new personnel to enter the industry.

As a leader in access control hardware and an ACaaS provider, ISONAS has taken it upon themselves to implement a process to ensure that their customers can easily implement their products and gain great peace of mind in regard to the security of the solutions.

Data Security Strategies

Implementing a process to protect millions of customer’s data records and facilities begins with mapping out a strategy to secure software and hardware.

This means employing high-level, seasoned cloud deployment experts to create a strategy in our AWS infrastructure and all ancillary supporting technologies to minimize attack surfaces, create complex, proprietary associations in a multi-layered and multi-tiered connection throughout the application and lastly ensuring that all communication to and from customers’ devices are encrypted and secured.

Manufacturers and integrators must create robust cybersecurity offerings to protect customer data and facilities
Implementing a process to protect customer’s data records and facilities begins with mapping out a strategy to secure software and hardware

Once implemented ISONAS took it upon themselves to validate the infrastructure and the customers experience by subjecting the environments to 3rd party penetration tests.

Addressing Cyber Threats

These tests, taken up quarterly, ensure a customer that the latest in cyber threats are being addressed and that the manufacturer is providing the latest solutions available in the market.Integration implementation personnel should gain greater knowledge in networks and cybersecurity best practices for their solutions

An added benefit is that customers gain the scalable benefits of enterprise corporate cybersecurity protocols at a fraction of the cost of implementing these on their individual premises.

As an industry, however, it is not simply the responsibility of the cloud service provider to ensure that the customers data in video and access control are being protected.

It is also incumbent on the integrator to ensure that the installation and implementation of the products and solutions are deployed in an educated and skill-based manner.

Knowledge Of Networks And Cybersecurity Best Practices

The products and services utilized must be easy to implement, be clear in their requirements of the end user networks, and simplistic to apply. Nearly all manufacturers of these products are working diligently to ensure that the integrator has all of the tools at their fingertips to ensure a successful implementation.

However, it will remain important that the integration implementation personnel gain a greater knowledge in networks and cybersecurity best practices for their solutions.The products and services utilized must be easy to implement, be clear in their requirements of the end user networks, and simplistic to apply

In most cases, this will mean additional jobs for new higher-level personnel, access to additional services to provide to end users, and an elevation of networking and security expertise within their business.

Expanding The Reach Of Physical Security

These new-found skills and expertise will likely bleed into new markets and expand the reach of the traditional physical security market. It truly is an exciting time to be a part of a rapidly expanding market in the physical security space and to watch the industry react to the growing need for cybersecurity within products and services.

In the next four years, there will be new innovations, new investments, and new winners and losers in products and services. It seems clear that those integrators and manufacturers who have begun to create the strategies and products for tomorrow will be well ahead of those who are not actively addressing the need for SaaS products, yet the window to opportunity remains wide open.

Download PDF version

Author profile

Robert Lydic Global Vice President of Sales, ISONAS, Inc.

In case you missed it

What Is The Value Of Remotely Monitoring A System's Health And Operation?
What Is The Value Of Remotely Monitoring A System's Health And Operation?

When is it too late to learn that a video camera isn’t working properly? As any security professional will tell you, it’s too late when you find that the system has failed to capture critical video. And yet, for many years, system administrators “didn’t know what they didn’t know.” And when they found out, it was too late, and the system failed to perform as intended. Fortunately, in today’s technology-driven networked environment, monitoring a system’s health is much easier, and a variety of systems can be deployed to ensure the integrity of a system’s operation. We asked this week’s Expert Panel Roundtable: How can remote monitoring of a security system’s health and operation impact integrators and end users?

Importance Of Establishing Security Standards For K12 School Security
Importance Of Establishing Security Standards For K12 School Security

As we approach National Safe Schools Week (October 21-27), it is appropriate for a conversation to begin regarding establishing standards for K12 school security. Currently no standards exist for assisting schools navigate the complexity of understanding what they need, how much it will cost and how they will secure their learning environments. Security Industry Experts The Partner Alliance for Safer Schools (PASS) is one of the organizations at the forefront of establishing security standards for schools. In 2014, the Security Industry Association (SIA) and the National Systems Contractors Association (NSCA) formed PASS, which brought together a cross functional group of members including school officials, safe schools’ consultants, law enforcement and security industry experts to collaborate and develop a coordinated approach to protecting K-12 students and staff. School administrators are often contacted repeatedly by organizations with multiple safety and security products PASS has provided valuable insights regarding an ‘All Hazards’ approach to school safety and security. In fact, PASS suggests that school administrators are challenged with two decisions: Determining what they need to do How to prioritize Safe School Environment School administrators are experts in running schools and providing education. However, most are not security experts and do not understand the complexity of implementing a comprehensive physical security and safety program across their districts. Still, they are often contacted repeatedly by organizations with multiple safety and security products. School administrators are experts in running schools and providing education, but most are not security experts  Some of these organizations recognize their products are just pieces of a safe school environment puzzle and how they fit in, whereas others focus on specific applications and do not understand how their specific solutions may affect life safety codes and Americans with Disabilities Act law. (Note: Many ‘barricade devices’ fall into this latter category and actually introduce liability concerns with the unintended consequences of their use.)Schools incorporate evacuation drills as part of their emergency preparedness plans and practice on a regular basis Even for experts, the plethora of options and disparate systems required to integrate a safety and security approach at schools is daunting. The ongoing challenge is integrating access control, video, mass notification, and/or visitor management products into a single, effective, and appropriate system the owner can understand, utilize, and afford and that meet local codes and ADA laws. In the absence of standards, schools are likely to amass a collection of devices that do not constitute a comprehensive solution. Lack Of Consensus In years past, the our industry and commercial buildings adhered to legacy codes – like Building Officials and Code Administrators International Inc. (BOCA), Uniform Building Code (UBC), Southern Building Code Congress International Inc. (SBBCI), and International Conference of Building Officials (ICBO) – which have traditionally been revised every three years, while local jurisdictions decided what versions to adopt and enforce. Currently, however, there is a move toward the International Building Code (IBC), which is published by the International Code Council (ICC) and includes standards and guidance for commercial buildings on doors, windows, and other openings. A risk assessment is the next step toward developing a comprehensive security plan, and begins with developing a trend analysis Still, despite this migration of codes from a patchwork of local decisions to global guidelines, there remains a lack of consensus around school security. The current fragmented approach causes confusion regarding how new schools are designed and how to retrofit existing school buildings, whose average age is 45+ years. Right Protection Equipment One can point to the fact that there hasn’t been one student lost in a school fire in over 50 years as testament to standards like NFPA 80 and NFPA 101 being referenced in model building codes. Additionally, schools incorporate evacuation drills as part of their emergency preparedness plans and practice on a regular basis. It’s not just having the right protection equipment in the building, it’s also having a procedural layer in place to make sure everyone knows their roles and responsibilities in the event of fire. The stress of the actual event can limit ones’ ability to think clearly. Practice makes perfect. Why would we approach school security any differently? School security is a team effort, and it is important to understand all the areas security impacts and involves School security is a team effort. It is important to understand all the areas security impacts and involves. PASS suggests starting with a basic team consisting of: Security Director Local Law Enforcement School Administrator Integrator Door and Hardware Consultant IT Director Comprehensive Security Plan Quantifying and mitigating risk are the jobs of security professionals and school administratorsA risk assessment is the next step toward developing a comprehensive security plan. This often begins with conducting a trend analysis requiring the collection of data from a variety of public and private sources. The challenge is to pull these pieces into a usable and easily understood format that provides a guide for current and future risk concerns. Risk assessment and mitigation can never eliminate risk. Quantifying and mitigating risk are the jobs of security professionals and school administrators. Data from the following sources can help measure risk: Campus: Review incident report trends for at least the past 36 months. Area and city: Review crime data from local law enforcement for the surrounding neighborhood and city. Screening procedures: How is hiring conducted? Anonymous tip reporting systems: Enabling students, staff members, parents and the community to anonymously alert administrators to perceived and actual threats. Social media monitoring: such monitoring can provide important information that can be used to identify risks. Monitoring social media could help measure risk for school safety Delay Adversarial Behaviors These assessments can then be incorporated into the best practice approach of Layered Security. Layered security combines best practice components within each layer that effectively deter, detect and delay adversarial behaviors. Layered security works from the outside in. As one layer is bypassed, another layer provides an additional level of protection. The asset being protected is at the center of the layers – students, staff and authorized visitors. PASS defines five layers of Security:As one layer is bypassed, another layer provides an additional level of protection District Wide Property Perimeter Parking Lot Perimeter Building Perimeter Classroom/Interior Perimeter Appropriate Tier Target Each layer can be broken down into Tier levels with Tier 1 being basic and Tier 4 being the highest level of security. It is important to understand that the demographics of individual school buildings varies, even within the same district. Security experts will quickly point out that ‘if you’ve seen one school, you’ve seen one school’. The assessments will determine the appropriate Tier target. Figure 1 Each layer includes essential protective elements, or components, of security. Every layer does not necessarily include all seven of these common components, and a layer may include additional components unique to that particular layer. Safety And Security Components Policies & Procedures People (roles & training) Architectural Communication Access Control Video Surveillance Detection and Alarms Layered Security While components are not listed in a priority order, three components included in all layers are policies and procedures, the roles and training of people, and communication. These components often perform a function in every layer and every tier in each layer. Three tools come together in the PASS approach as outlined in the new 4th Edition of the PASS Guidelines (Figure 2) - the Layers are established and defined, a Checklist/Assessment breaks down each layer into tiered best practices which then tie into the guidelines where a narrative explains each best practice in more detail. Figure 2  Schools need not reinvent the wheel when it comes to school security planning. Following the best practices of Risk Assessments and Layered Security will ensure that every school building in a district will have a unique and comprehensive plan that is tailored to their individual needs.

What Is The Changing Role Of Training In The Security Industry?
What Is The Changing Role Of Training In The Security Industry?

Even the most advanced and sophisticated security systems are limited in their effectiveness by a factor that is common to all systems – the human factor. How effectively integrators install systems and how productively users interface with their systems both depend largely on how well individual people are trained. We asked this week’s Expert Panel Roundtable: What is the changing role of training in the security and video surveillance market?