LUSAX Security Informatics - Experts & Thought Leaders

Law enforcement and pure problem-solving skills will play less of a role for the future security director Much effort has been put down in the professionalization of security work. Not only is it a recurring topic of conversation at events for security professionals, but also a formal topic of concern for ASIS – having active task forces devoted to the promotion of professionalization and academization of security practice as well as a recently updated standard (ANSI/ASIS CSO.1-2013) describing the competence profile of a Chief Security Officer (CSO). The outer driving forces for this effort are well-known; for example the increase of uncertainties relating to cyber-security threats, industrial espionage, activism and business-related risks when operating in hostile environments. In parallel with this trend, the demands for a formal, ongoing and cost-effective coordination of security work has further increased. Also on the list of organizational demands are clearer and improved business processes that cut across functional and operational value-creating activities, and increased use and sharing of security-supporting technologies. Furthermore, our research shows that physical security since long is a well-established business process within larger firms and a further development of security management would seem a natural development. Distinctive for well-established professions are commonly agreed methodologies, techniques and terminology among professionals. Furthermore, a uniform and considerable quality assurance process is often in place in the form of higher education and/or formal licencing. Prime examples of professions often referred to are medical doctors and lawyers. In short, a professional from one country should more or less be able to communicate with colleague in another part of the world. There is an uncertainty regarding the academic orientation that security management should have For security management there exists no such well-established equivalent. Institutions of higher education that offer security management are Edith Cowan University in Australia and the specialization in Security Management that is offered at Wharton at University of Pennsylvania with ASIS as supporting body. Engineering, criminology or business/management? For any higher education with a clear identity and recognition the fundamental (research) question of whom or what we are is agreed upon. In effect, establishing a higher education in security management is tightly coupled with the question on what would be general research direction for security management. This is an important question – both short-term and long-term. In the short-term it is important to know what universities and schools to target, and long-term to guarantee the profession a development in the right direction and with the intended legitimacy. A crude division can be made by dividing research and higher education into three general orientations; the first (1) being an orientation towards engineering and problem-solving; the second (2) being social scientific and criminology orientation that concerns itself with addressing overarching crime development and underlying structure and motives for criminal behavior; and third (3), a business/management orientation that is concerned with balancing and setting business priorities in a corporate landscape of limited resources. None of these orientations are mutually excluding of one another – all higher education is a mix of a major subject and support subjects. However, some form of declaration of will and consensus about the general orientation is necessary. Worst-case effect might be that security management ends up being academically and institutionally weak as is sometimes the case with over-specialized degrees. When educating security managers, should the general orientation be on of engineering/problem-solving, criminology or business and management? In Sweden, the Higher Education Authority have for example assessed the Security Management degree in Australia as being one in engineering (assessment made 08/05/2008). More business, management and new technology From the research conducted within the LUSAX research program at the Institute of Economic Research at Lund University a clear majority of survey respondents working corporate security management expresses a need for increased skills of business and management, but also a need to understand novel technology to some extent. Law enforcement and pure problem-solving skills will play less of a role for the future security director. If asking security directors, the answer would be to follow the business/management orientation. Some form of declaration of will and consensus about the general orientation is necessary. Worst-case effect might be that security management ends up being academically and institutionally weak as is sometimes the case withover-specialized degrees A third possibility is to position security management as focusing mainly on criminology and behavioral sciences. No explicit and direct demand from security directors was made regarding the need for criminology. However, we believe criminology and behavioral science is an important support subject to security management. A final alternative would be to position security management as a corporate legal activity, but we argue that the legal alternative is one that can be considered of being constraint or factor within the business and management orientation. Also, some security directors have expressed concerns in sorting security management under the legal corporate branch due possible risks of conflicts of interests. Our research further suggests that the security manager needs further resource enforcement for areas like budgeting, procurement, cost-benefit analysis, new technology and business to mention a few examples. From that point of view, the choice of orientation clearly points to a direction of hosting security management within a business and management orientation. All in all, this could be described as the will for professionalization from the ones within the profession. Security Management and its corporate environment For a more complete analysis it is not sufficient to include only the within-professional will for professionalisation. External forces outside the control of security professionals also govern the answer for the development of the profession. Since the start of LUSAX in 2006 we have repeatedly experienced corporate recruitment of security managers being mainly driven by a corporate interest searching for senior security candidate with a clear and solid law-enforcement background. This is more noticeable in North America and in the United Kingdom where Executive Protection often lies within the scope of security management. This is evident also in industry sectors where physical security is not typically part of the core business – like media, banking and consultancies. In summary, in this article we have pointed out that there is an uncertainty regarding the academic orientation that security management should have. We are saying that it is necessary to choose a purposeful academic platform that over times generates the positive effects of professionalisation, for example wide corporate influence, clearer career paths and increased rewards in term of salary and perks. Our answer is to aim for security management to be positioned within a business and management orientation. Finally, we have also pointed out the importance of changing the environmental attitudes concerning security management. We believe the main hurdle for professionalization is one mainly hampered by established notions about what background a security manager should have. These notions lies outside the control span of the typical security manager, but are pivotal for the professionalization of the profession.

   Network-enabled "intelligent" security components increasingly have better computational and memory capacity The use of Internet Protocol (IP), or networking, is commonly associated with convergence. In this article, Markus Lahtinen of Lund University's LUSAX project, contends that the shift to network-enabled "intelligent" security components which increasingly have better computational and memory capacity has a significant impact on the present and future dynamics of the security industry, whether it be in the realms of digital video surveillance or electronic access control.    Network security products are increasingly characterized by decentralised processingThe aforementioned shift is clearly visible when we compare a digital network camera with an analog surveillance camera. Apart from the fact that a digital network camera may be connected to existing Internet cabling for transmission and power supply, the network camera in itself is also a computer with a central processing unit, functioning as an IP-addressable web server. The typical analog setup was to allow for computational processing at the recording unit, meaning the Digital Video Recorder (DVR). However, the computational capacity has spread to the camera-unit with digital network cameras enabling real-time processing of image (video) data. As a result of this shift, end users clearly benefit with significantly better image quality provided by the digital network cameras.From a security end-user's point of view, the change is often behind the curtain, as there is little in terms of increased overall security effectiveness. Yet, the impact of the shift is significant from an industry perspective. Not only are security cameras becoming computerised, but computerisation is also taking place in the electronic access control market First and foremost, the change of cabling for transmission between the security camera and the recording unit has generated a fierce and lengthy industry debate under what conditions the cost of the digital setup outperforms the typical analog setup. It is also clear that this debate has been further bolstered by the intrinsic nature of what is security effectiveness, spurring an even more intense cost-comparison debate.Secondly, firms previously offering internet network services have potentially been able to leverage their network skills by entering into the market space of offering surveillance systems. From the research my colleagues and I have made within the framework of the LUSAX project, it is clear that there are instances where pure-play network companies have been bidding for the same contracts as the firms offering traditional analog surveillance systems. We have no clear evidence as to the size and scope of this competition.However, it cannot be ruled out that the increased competition and the fierce debate on analog versus digital cameras have positively spilled over to the end user-side of the market, enabling for a mutually beneficial expansion of the video surveillance market. This could be referred to as the "first wave" of convergence, mainly characterized by a change towards the Internet as transmission medium for security applications.Computerisation of security products on the rise   By virtue of the decentralisation process, the computational capacity spreads to the camera-unit Understanding that computational and memory capacity lie at the heart of the matter, it is clear that the technological change is only in its infancy. Not only are security cameras becoming computerised, but computerisation is also taking place in the electronic access control market. A few examples that are commercially available within the door entry market include self-diagnosing door entry systems where products can enable efficient expansion of legacy access control systems based on wireless networking technology and keys having built-in memory units in the plastic enclosure.Harnessing the power of computational and memory capacityTo summarise, the "second wave" of convergence is the key success recipe for the security business of the future. This entails creating end user value by harnessing, coordinating, and building entry-barriers around the computational and memory capacity located in network-enabled security.       Markus LahtinenLUSAX projectLund University

  Integration of security systems is a priority for retail sector managers With the assumed digitalisation happening on the end-user side, progressive security systems integrators stress the importance of changing the business concept from being installers to being service and solution providers. However, less is known about the details of this process on the end-user side, Markus Lahtinen of LUSAX project explains. An online survey of loss prevention managers in the retail sector showed that security digitalisation and further business integration of security are items of high priority among the respondents. Integration and change efforts are often associated with challenges; it will become necessary for end-users to quantify a clear ‘return' in ‘Return on Investment' (ROI) calculations when bundling security and loss prevention investments with other business supporting systems, e.g. video conferencing, Voice over IP (VoIP) and/or HVAC, etc. Necessary organizational changes are equally important to achieve integration, for example seeking internal sponsors and approaching departments often characterized as being ‘siloed' in the past. From security installation services to total solutions providersFighting low margins in a mature segment such as retail, security systems integrators aim to move away from being pure installation services to becoming total solutions providers offering services and added value beyond mere security such as taking the full responsibility of an ‘outsourcing' effort on behalf of the end-user and establishing a contractual and legal relationship. This can be exemplified by the need to connect security equipment to an existing IP network.  Security managers acknowledge that systems integration through IP-networks is here to stay  The different stage of the system lifecycle offers several opportunities for services beyond the installation.  These include maintenance, upgrading, and system termination. Consequently, the increased use of the corporate IP network drives opportunities that are based on being able to provide more of such value-added solutions and services. Similarly, a purposeful design of computing hardware resources (e.g. networked cameras) combined with appropriate software (cf. different applications of video analytics) and an analytical approach offers opportunities of cost savings on manual labor and possibilities of adding value to the income side of business. While this transition effort by systems integrators is recognized as being logical from the perspective of the security industry, less is known about the end-user perspective of this shift. Loss prevention managers' take on security digitalisation   Security systems integrated through IP-networks saves on costs The  survey mentioned above addressed the following points: The end-users' view on security digitalisation and integration Rationalities associated with willingness to digitalise and integrate. The survey showed that on the topic of integration, end users demonstrated the strongest agreements on the following: Willingess to integrate security systems with other operational systems Necessity of video surveillance to keep shrinkage at an acceptable level Attempt to replace man-guarding with security technology.  From these agreements it is clear that technology plays a crucial role in security operations.Technology integration is therefore a shared vision of the future and common interest amongst end-users in the retail sector; this is beneficial for any systems integrator considering inclusion of integration services into their offerings. Also, the agreement reflects the role technology has in replacing manual labor - a valuable lead for constructing business cases and calculating ROI.On the issue of integrating security systems with other operational systems, the following statistical correlations were identified: With higher age comes an increased likelihood of seeing integration possibilities Firms giving importance to loss prevention also see integration possibilities, and Organizations holding a positive view towards integration are also brandaware with regards to security equipment. Systems integrators face more responsibility with greater brand sensitivity   End-users in the retail sector stress that technology is playing an increasingly crucial role in the security operations While the first two point above intuitively make sense, it is somewhat interesting to see that brand sensitivity is associated with a propensity to seeing integration possibilities. Service agreements do not imply a relationship where brands matter but rather that the system integrator takes responsibility in choosing a technical solution that supports the agreed level of service. This is extremely relevant for the systems integrator attempting to offer services and solutions rather than just products and installation.Integration is thus seen as an opportunity not only by systems integrators but also by the end users. Implications for the systems integratorSome of the implications for systems integrators are to build on the existing relationships with the loss prevention function. The systems integrators also have the option of finding new and parallel ways into the end user organization, i.e. offering services and solutions to other functions like operations (COO), facilities or IT (IT manager or CIO). This becomes even more evident if broader systems integration is a strategic objective of the systems integrators. Working in a network/partnership-approach with other industry players would potentially facilitate such a strategic initiative. Critical role of IP networks in systems integrationSecurity managers report that systems integration through IP-networks is here to stay. Not only does it save costs but potential added value is recognized. Integration poses several challenges to the end-user: not only to prove the business supporting value of security but also technical challenges due to the complexity of IP networking and architecture. Finally, complementary organizational changes are necessary to push integration ahead.One recommendation given to push integration is to construct an integrated business case with hard numbers and clear gains, for example bundling security with other business supporting services such as telephony over IP networks, information security and videoconferencing etc.   Markus LahtinenLUSAX projectLund University