ASIS Presentation_07112013

Enhancing Physical Security through Enhanced Software Engineering

ASIS Western NJ Chapter June 11, 2013

Introduction

• Challenging long-held notions:– What’s included in a security project– Who supplies security solutions– Where does “security” stop and “technology”

start• Hidden Value

Concepts

• Database Integration• “bespoke” functionality

– Custom code– Edge development– Interoperability with external systems

• Platform Independence– Administering multiple PACS systems

• Managing Security through the Web• Re-engineering the Security Management Process

– Knowledge– Experience– Preparation

Technology Picture

• Integrator vs. Manufacturer– The P Word*

• “Security” vs. “IT”• Security ROI:

– New Rules– Metrics/Quantifiable analysis– Improved Security Process = Hidden Value

• Need for better processes within individual organizations*Proprietary

Security Industry- common perception

“Manufacturer”• Technology

Development• Innovation• Platform Standards

“Integrator”• Installation• Support• Configuration• Expertise

Why is the security environment changing?

• Moore’s Law• Increased Expectations

– Productivity• Software: Increasing Returns

– Cost vs. Performance– Hardware: Cost decreases, Productivity Increases

(Marginally)– Personnel: Cost Increases- increased productivity a

challenge• Big Data: more complexity of analysis

New Challenges for Enterprises

• Organization-specific System Requirements– Micro-development

• Inadequacy of mass-market response– Regulations/Audit

• Interoperability– Exchange Data, Process w/internal (or external)

business systems– Data mining: value of security data

• Systems, Process Evolution

Where is the ROI?

• Increased importance of business case• Environments for Increased Efficiency• Where are the opportunities• Improving Value- Improving Process

“Let’s Build it Ourselves”

• Insufficient Market Response• Pros & Cons

– Solution complies with Requirements– Diminishing returns:

• Maintenance• Development• Justification

Acquisitions

• Disparate Platforms– Difficult to maintain, administer multiple platforms– “rip & replace” options

• Personnel Integration– Personnel management– Permission/Function Standards

• Problems solved through technology

Persons MPP Total M Total H100,000.00 10.00 1,000,000.00 16,666.67

Total MD(H/8)

Total MY(MD/250)

Est. Savings(MY X $50K/Y)

2083 8 416,666.67$

Machine Interface

• Elevators• Separate PACS platforms/hardware• Specialized Applications• Micro-engineering

– Compliance with requirements on a local level

Data Integration Challenges

• Using technology to improve critical dataflow• Clean data= clean process

– Security data should be the most up to date• Consolidation of data from different sources• Routing data to serve different needs

– Reports– Statistics– Interoperability

Data Reporting- Operational Efficiency

•Statistics and Activity• Trending• Analysis

•Ad-hoc/On-demand Reports•Customized Dashboards

• Investigations• Reduce time and

complexity

Multiple-source Data Aggregation

I

HR DB

Card Access Management

Visitor/Vendor Management

Incident Management

Alarm Management

Fire/Life Safety/EAP Management

Machine DB

Corp RE

Floor Plans

Retail Locs

Business Continuity

Alarms

Lighting

Crime Stats

“Bad Guy” DB

3rd Party DB

Site & Threat Assessment

Management

Service Requests

Credential Management

Crisis Management

Transaction Database

Data Warehouse

Pre Processing

Integration

Automation

Web-oriented TechnologyProductivity Multiplier

• Hosted– Sub-metered

• Distributed Cost= lower per user expense• Benefits of High-volume Use• Diversified Organizations

– Tenants– Vendors– Stakeholders

Web-oriented TechnologyProductivity Multiplier

• Applications processed through web– Work orders, visitors, post requests– Aggregation/common database

• Data Security• Support & Service

– Updates– Training– Continuously working with current technology

Case Study 1False Alarm Reduction

False Alarm Reduction

Environment: Large Retail BankProblem: False AlarmsImpact: $3M+ (fines, overtime payments, lost productivity)Details: More than 3,000 US Locations

Solution:•Non-proprietary physical access solution•Authentication via web host (no server on site)•Auto-arm/disarm via card swipe•Instructions based on badge holder identity•Compact, ready-to-deploy solution in non-metallic enclosure (works with cellular data card)

Expertise Required:•Database•Machine Language/PLC•HTML

Results: Over 3 years- $1.2M Expenditure, est. $7.5 Million cost reduction first 3 years

Case Study 2Advanced Elevator Integration

Elevator Integration & “Way-finding”

Environment: Commercial Office Building, DD ElevatorProblem: Unlike traditional elevators, no I/O boards- controlled by logicImpact: Security integration complex, expensive; difficult to preserve advantages of DD systems

Solution:•Logical integration with DD Elevator Server•Security system polls elevator server, “assigns” cab to holder of valid badge

• Tenant (ID Badge) or Guest (Visitor Pass)•Special instructions for VIP, Executive Badges•Cab assignment displayed on turnstile or lobby monitorsExpertise Required:•Database•Machine Language/PLC•Industrial/automation process

Results: Successful integration with multiple DD systems, reduction of staffing, improved lobby experience. Deployment in several US buildings.

Case Study 3Security ROI: Direct Impact

Environment: Major UK Government Agency SiteProblem: 1) Lights left on 2) sensitive documents left unsecureImpact: Unnecessary costs; potential breaches of secure/classified documentsDetails: 3,457 Rooms, identification of room required; unsuited for implementation of presence sensors; cellular/wi-fi coverage spotty in some areas; self-built IMS inefficient, difficult to support

Solution:• New incident management IMS application with client

for PDA• Store & forward feature when not on line

• Custom reporting & compliance sets• Correlation between incidents, cost savings

Expertise Required:•Database•Mobile/PDA development•Operations process

Results: Measured, documented reduction of costs (& ROI), improved security compliance, sustainable solution

for incident & security management

Incident # Class Category Location Created By Date Occurred DescriptionLights Off Savings

HMT-1242 Environmental

Lights Switched Off

B/20.1 - FM Store Zubair Khalid Friday, 28 January 2011 12:25 AM

light on £4.29

HMT-1243 Environmental

Lights Switched Off

LG/10.1 - Office Zubair Khalid Friday, 28 January 2011 12:35 AM

light turned on £4.21

HMT-1244 Environmental

Lights Switched Off

LG/75 - General Office Zubair Khalid Friday, 28 January 2011 12:40 AM

light on £4.17

HMT-1245 Environmental

Lights Switched Off

LG/04 - Play Scheme Zubair Khalid Friday, 28 January 2011 12:45 AM

light on £4.13

HMT-1529 Environmental

Lights Switched Off

3/15 - Office Zubair Khalid Saturday, 29 January 2011 01:35 AM

light on £3.71

HMT-645 Environmental

Lights Switched Off

G/20 - Meeting Room Mario Artifice Sunday, 23 January 2011 05:20 PM

lights on i switched off £7.83

HMT-646 Environmental

Lights Switched Off

3/31 - Office Mario Artifice Sunday, 23 January 2011 05:35 PM

lights on and printer, i switched off

£7.71

HMT-647 Environmental

Lights Switched Off

4/25.2 - Meeting Room 4/25.2

Mario Artifice Sunday, 23 January 2011 06:20 PM

completed internal patrol £7.33

HMT-974 Environmental

Lights Switched Off

LG/CP.62 - Copy Point Bash Abdullah

Wednesday, 26 January 2011 12:20 AM

light on £4.33

HMT-975 Environmental

Lights Switched Off

B/03 - Gymnasium Bash Abdullah

Wednesday, 26 January 2011 12:35 AM

Light on. and all the TV On at 00.40

£4.21

Case Study 4Standardization: An alternative to “rip & replace”

Environment: US-based Major FinancialProblem: Disparate PACS, IDS solutions acquired through acquisitionImpact: Est. $1.2M “rip & replace” cost to migrate to “preferred” platformDetails: Removal, replacement of 3,000+ panels, significant business disruption

Solution:• Implementation of software overlay• Interoperability & full administrative

management of four (4) distinct platformsResults: Software-based consolidation results in

est. $800K savings, improves process by delivering custom interface

Events

Overlay

Plat. 1 Plat. 4Loc D

Plat. 3

Loc C

Plat. 2

Loc B

Loc A

Access Group:Loc A – CR1Loc B – CR2Loc C – CR2Loc D – CR1

Events

Overlay

Plat. 1 Plat. 4Loc D

Plat. 3

Loc C

Plat. 2

Loc B

Loc A

Access Group:Loc A – CR1Loc B – CR2Loc C – CR2Loc D – CR1

This document contains copywrighted material

???Comments?

Daniel Q. Kelly Jr.G4S Technology LLCSoftware Solution Division118 West 22nd StreetNew York, NY 10011(212) 414-0073 ext. [email protected]