Security January 2012

January 2012

Ed Levy, CSO at Thomson Reuters is Saving Money, Solving Business Problems and Communicating Security’s Value

www.SecurityMagazine.com

Hook your customers up for the ride of their lives.

Read more with your smartphone

As the global leader in network video, Axis is setting a fast pace for the industry. Now it’s time to bring the whole analog gang along for the ride. Axis video encoders are the ideal way for you to approach the huge analog market — offering customers IP surveillance benefits even if they aren’t ready to jump off the analog bandwagon yet. Axis encoders protect your customers’ investments by enabling a mix of analog and network cameras.

And with the broadest range of encoders in the industry, Axis helps you fit any need and price point. When your customers are looking to migrate to IP surveillance, give them (and yourself) a head start. Axis video encoders — the fast lane to growing your video surveillance business. Get the Axis picture. Stay one step ahead. Visit www.axis.com/encoders

A complete range of video encoders • Multiple video compression formats • H.264 for reduced bandwidth • Power over Ethernet for cost savings • Intelligent video capabilities • Rack solutions simplify scaling

Virtual Fence Cloud Archiving

SUPPORTS

Face Finder

MEGA ME M EG EG GA A PIXE ELL PIXEL

Audio/ Visual crime deterrent

RECORDING

Rack Mountable DVRPC16T Model Shown

Intelligent Video Analytics: ˜+55+0)$,'%65 ˜752+%+175$,'%65 ˜$,'%6'6'%6+10 ˜%'0'*#0)'

˜+&'1 0%4;26+10 ˜#6'4/#4-'4+(+%#6+10 ˜ #%' +0&'4

Remote View on o iPhone® or iPad®

email: [email protected] ph: 1.800.645.5516 www.specotech.com All registered trademarks and logos are property of their respective owners.

TABLE OF January 2012

Q

Vol. 49 / No. 1

SPECIAL FEATURE

16 Beyond the Box: Security That Works What’s significant about that old cliché, ‘Thinking out of the box.’? Saving the company money, solving business problems, creating partnerships, taking on a leadership role and more. Here’s how five security leaders did it.

16

ENTERPRISE SERVICES

24 Social Media, Mobility and the Future of Security Convergence

24

Twitter, Facebook, LinkedIn, and our always connected world – what opportunities do those mediums provide to security?

32 Overcast but Clearing as the Cloud Comes to Security Hosted, managed, software as a service, video as a service, infrastructure as a service, in the cloud computing; it’s a confusing set of labels, features and potential sources. It’s the cloud, and by all accounts, it’s here to stay.

36 Breaking Boundaries: New Directions in Visual Data A picture is worth a thousand dollars. How? Innovation is taking visual data to a whole new level, creating new opportunities, some of which are trivial and fun, while others can be hugely important to business and security.

SURVEILLANCE SOLUTIONS

40 Under Analysis, Making Business Sense of It All It's time to take a look at the potential of video analytics, which has come a long way, in fact moving into uses that go way beyond security, and typical motion detection, object recognition, and virtual tripwires.

4

January 2012 • SECURITY • SecurityMagazine.com

36

A Total Integrated Solution for Enterprise Security

For those who manage enterprise risk and security, Napco Fusion is a cost-saving, all-in-one, integrated platform, simple to use & deploy: sInteroperable intrusion, fire, video, access & locking sScalable, modular enterprise platform sIntegrated real-time event linking, mapping, scheduling & logging sMultitier global lockdown, threat level management & in-lists sMulti-card, smart card, PIV, biometrics & keypads sHigh-speed processing & door-opens sLegacy retrofits- Support all reader types, old & new, intermixed sEasy & economical to deploy: Wired, wireless or hybrid sNo annual software licensing fees sLowest acquisition & maintenance costs

sIntrusion/Fire: Napco Commercial™ Analog Addressable & Comm’l Wireless protects against property loss, safeguards people, equipment, records; interior and perimeter areas sVideo: DVR/NVR and camera control, on-demand & video archiving captures acts of vandalism, crime sAccess: 2 to thousands of doors, unlimited users, one or global sites, CardAccess® fast 1/2sec. door opens, local and remote security office reporting & web client control ©sLocking: Trilogy® Networx Wireless Networked pushbutton/HID® Prox locks install in an hour, use same ID's as hardwire system or digital codes, ideal in annexes, offices, labs, file rooms, baths

For more call 1-800-645-9445, email [email protected] or see us online http://bit.ly/vBUKYu

TABLE OF

CONTENTS COLUMNS

54

10 Trends Mark McCourt 2012 Prediction: The Year of FDSACC 2012 will be the year of the FDSACC. It’s more than alphabet soup: the issue is the fastest growing industry in the world. Find out what it is.

28 Leadership & Management Marleah Blades Running Security Like a Business If the security function hopes to align itself with the business’ needs and goals, the organization, the security leader and the security programs must all share the same level of “readiness.” What does that entail?

44 Surveillance Strategies Keven Marier Video Analytics: Basic and Advanced Market Potential Video analytics at any price is not worth the investment without a good security surveillance plan. Too much emphasis is placed on the price and the theoretical technology benefits during the purchasing. Learn how to capture opportunities before you take the plunge and buy.

46 Access & ID Joel Jensen Automate and Delegate Whether you’re currently happily exchanging compatible access control data with other departments or not, now is the time to automate the process, says Joel Jensen, and give you some much needed ROI and funding for other security ventures.

12 Global News & Analysis This past Security 500 conference in New York in November saw a “changing of the guard.” Find out what that means.

50

48 Zalud Report

Education & Training

Bill Zalud

Leadership Behaviors to Drive Innovation in Security Organizations

Whose Reputation? Penn State, Virginia Tech, the University of California Davis…how did all three of those institutions lose the focus on protecting the brand and their reputation?

56

12

DEPARTMENTS

Natalie Runyon Is there a place for the word “Me” in security, or is it all about the team? According to this author, when the team succeeds, everyone succeeds.

54

Security Talk

Industry Innovations

Diane Ritchey In this new column, Editor Diane Ritchey interviews Eduard Emde, CPP, the new president of ASIS International. Learn why he thinks that 2012 will be dominated by all facets of cyber related security risks.

58 Ad Index/ Calendar of Industry Events 

SECURITY ADVISORY BOARD Advising editors on topics and trends. Sean Ahrens, CPP, CSC Project Manager Security Consulting & Design Services Aon Risk Solutions Dean Alexander Professor of Homeland Security Western Illinois University Ted Almay Chief Security Officer Deloitte Services LP Sandi Davies Executive Director International Foundation for Protection Officers 6

Guy Grace Manager, Security and Emergency Planning Littleton (Colo.) Public School District Sandra Jones Co-founder, Securing New Ground Jeff Karpovich Chief/Director Security & Transportation Highpoint University Tom Lozich Executive Director, Corporate Security and Surveillance, MGM Resorts International

January 2012 • SECURITY • SecurityMagazine.com

John S. Martinicky, CPP Director, Corporate Security International Truck and Engine Company

Karl Perman Director of Security, North American Transmission Forum

John McClurg VP, Chief Security Officer Dell Global Security

William Phillips Vice President and Chief Security and Safety Officer CNA Insurance

W. Barry Nixon, SPHR Executive Director National Institute for the Prevention of Workplace Violence

C. Dave Shepherd CEO of Readiness Resource Group

Anthony Patillo AVP Security, NA Sanofi

Dennis Treece Director, Corporate Security Massachusetts Port Authority Bryan Warren Director of Corporate Security Carolinas HealthCare System

KEYSCAN CENTRALLY MANAGED ACCESS CONTROL

IMAGINE

Multi-tasking in multiple buildings without ever leaving your desk.

Keyscan’s innovative software allows you to manage access control across all of your facilities by creating your own central host. Using the internet as a data transfer medium and securing it with the same encryption that protects Top Secret US files, you can manage building access, run reports and monitor alarms from your desk.

Keyscan systems can also control access to elevators enforced with floor permissions, provide lobby entry control with integrated telephone entry systems, and offer integration with burglar alarms creating a complete security package for all of your facilities. Contact us to discover the many advantages of Keyscan!

Toll Free 1.888.539.7226 www.keyscan.ca

www.securitymagazine.com

For subscription information or service, please contact Customer Service at: Tel. (847) 763-9534 or Fax (847) 763-9538 or e-mail [email protected] SecurityMagazine.com/subscribe SecurityMagazine.com/renew Publisher Mark McCourt 600 Willowbrook Lane, Suite 610 West Chester, PA 19382 (610) 662-5477 • Fax: (248) 244-2042 [email protected]

Directory/Buyers Guide Carolyn Perucca • (248) 244-6474 [email protected] Trade Show Coordinator Paul Dykstra • (248) 786-1609 [email protected]

Doug O’Gorden, Regional Sales Manager (847) 548-0680 • Fax: (248) 786-1351 [email protected]

Audience Development Lisa DeWitt – Audience Development Manager Alison Illes – Multimedia Specialist Catherine M. Ronan – Corporate Audience Audit Manager Editorial Offices 1050 IL Route 83, Suite 200 Bensenville, IL 60106-1096 (630) 616-0200 • Fax: (630) 227-0214 [email protected]

Editor Diane Ritchey • (630) 220-8771 [email protected] Editor Emeritus Bill Zalud • (773) 929-6859 [email protected]

Corporate Directors Publishing: John R. Schrei Corporate Strategy: Rita M. Foumia Marketing: Ariane Claire Production: Vincent M. Miconi Finance: Lisa L. Paulus Creative: Michael T. Powell Directories: Nikki Smith Human Resources: Marlene J. Witthoft Information Technology: Scott Krywko Clear Seas Research: Beth A. Surowiec

Art Director Mike Holmes • (412) 306-4358 [email protected] Production Manager Lyn Sopala • (248) 786-1641 [email protected]

Sales Team Chris Ward, Associate Publisher/ Regional Sales Manager (770) 205-4779 • Fax: (248) 502-9088 [email protected]

Kent Beaver, Regional Sales Manager (310) 474-7158 • Fax: (310) 472-7159 [email protected] Tara Schelling, Regional Sales Manager (610) 613-7576 • Fax: (610) 222-0568 [email protected]

BNP Custom Media Group Christopher Wilson (248) 244-8264 [email protected] List Rental Postal contact: Kevin Collopy at 800-223-2194 x684 [email protected] Email contact: Michael Costantino at 800-223-2194 x748 [email protected] www.securitymagazine.com For subscription information or service, please contact Customer Service at (847) 763-9534, Fax (847) 763-9538 or e-mail [email protected].

Heidi Fusaro, Inside Sales/ Classified & Help wanted 1050 IL Route 83, Suite 200, Bensenville, IL 60106-1096 (630) 518-5470 • Fax: (248) 502-1008 [email protected]

Helps People Succeed in Business with Superior Information

India Shivaji Bhattacharjee, Information and Education Services Pvt. Ltd [email protected], [email protected] Israel Asa Talbar, Talbar Media, [email protected]

Online Media Manager Jackie Seigle • (610) 436-4220, ext. 8521 [email protected]

Korea Young-Seoh Chinn, JES Media Inc., [email protected]

Reprint Manager Jill DeVries • (248) 244-1726 Fax: (248) 244-3934 [email protected]

Pacific Rim (except Korea) Arlen Luo, NewSteel Media [email protected]

Protect your capital investment.

With Onity’s Commercial Security Solutions, you will know a lot more about the people who are entering your space. You’ll also be secure knowing we have 24-hour support to answer any questions or provide you with vital support to protect your business.

Safe and Secure. Tel: + 1 770 497 3949 • Email: [email protected] • www.Onity.com

8

January 2012 • SECURITY • SecurityMagazine.com

®

CBC offers surveillance systems for virtually any application. From entry level to large-scale applications, we provide a comprehensive line of IP, analog, hybrid, mobile and cloud-based monitoring products that are customizable to deploy powerful, trouble-free video surveillance systems. Our Computar Lenses and Ganz line of intelligent Analog and IP Cameras, NVRs, Software, DVRs and Cloud-based products have made us the first choice for businesses and institutions worldwide.

Cameras I Lenses I Housings & Kits I DVR I NVR Servers & Software I Monitors

W W W . C O MP U TA R G ANZ . C O M Scan Me!

NY: 55 Mall Drive, Commack, NY 11725 • Telephone: 1-800-422-6707 CA: 20521 Earl Street, Torrance, CA 90503 • Telephone: 1-877-407-9555 © 2011, CBC All Rights Reserved. www.computarganz.com

Trends

2012 Prediction: The Year of FDSACC

T

he 2011 Security 500 survey conducted last spring identified that only 19 percent of Security 500 CSOs manage cyber security at their organizations. By the November 2011 Security 500 conference, we had an overwhelming request among attendees for cyber security sessions. Trending cyber security is no bold prediction because cybercrime has been around for a while. But I do predict that 2012 will be the year of FDSACC (Finally Doing Something About CyberCrime). Why? Because enterprise risk management assessments will require centralized ownership and planning to complete. We might start with definitions, the simplest one is any crime involving a computer or network. Yet most organizations By Mark McCourt do not differentiate well between IT and cyber security. Also important is the difference between vulnerability and a threat. While there are endless, persistent threats to your enterprise, that is not the same as your vulnerabilities. An unsecured database is your vulnerability. A hacker stealing your data is the threat. How big is cybercrime? About $388 billion, according to the recent Norton CyberCrime Study. That is almost as big as the $411 billion global drug trade. According to PriceWaterhouseCoopers, which regularly studies this issue, cybercrime is now the second most common fraud reported, after asset misappropriation. “Security” by its definition is to invest money so that something doesn’t happen, thus making it impossible to prove a negative. Yet the magnitude of cybercrime’s definitions, risks and potential costs are exponentially higher. The risk to brand alone is impossible to measure. Some organizations have avoided negative brand equity (for example, the University of Southern California and TJ Maxx), while others have taken a big hit (Sony and Heartland). While the 2011 Unisys Global Security Index survey found that 79 percent of respondents would stop doing business with an organization that compromised their personal data, it is not clear that is true. Students are neither dropping out of USC, nor are customers fleeing TJ Maxx stores. And the cost to Sony’s business (not reputation) that was initially estimated as high as $24 billion and later revised down to $6.096 billion, actually came to $171 million A lot of money, but not the level of doom predicted. Actually, the Japan earthquake cost Sony more – about $270 million. Some companies have begun to report cybercrimes, as ATT did during a recent attack on its customer accounts that netted $2 million for an alleged terrorist group called Jemaah Islamiyah. Yet, many companies do not report cybercrimes to

10

January 2012 • SECURITY • SecurityMagazine.com

avoid negative brand exposure. “One of the reasons we do not know the scale of this is that organizations are embarrassed to reveal the impact,” BT chairman Sir Michael Rake said in a speech at the recent EastWest Spell Institute Conference. Indeed, 2011 has been named “a year of unprecedented Cyber Crime” by the 2011 Unisys Global Security Index. And a recent Booz Hamilton report notes that financial institutions are highly targeted (Sutton’s Law) and face a highly motivated adversary. While electronic banking, social media and mobile devices are obvious threats, increased C-suite targeting may not be. “Senior executives are no longer invisible online. Firms should assume that hackers already have a complete profile of their executive suite and the junior staff members who have access to them,” the report states. And the NSA has started assisting US banks with intelligence about foreign hackers due to the fear of financial sabotage. All is not lost in the war against cybercrime, though. The Verizon Data Breach Study identified that most victims simply did not have their eye on the ball, even at the lowest level of cyber security: • • • • •

83% of victims were targets of opportunity 92% of attacks were not highly difficult 76% of all data was compromised from services 86% of breaches were discovered by a third party 96% of breaches were avoidable through simple or intermediate controls • 89% of victims subject to PCI-DSS had not achieved compliance. To have a fighting chance, the C-suite must identify how it will be resilient against cybercrime and who will lead the process. Ownership is lacking as different organizations perceive it as either an IT or a security problem, when in fact it is a business problem. And corporate security will be negatively impacted if it has no voice in strategy. With cyber security documented at such a weak level, it is no wonder cybercrime is the fastest growing industry in the world. Cyber security’s economic boom cannot be far behind.

SCAN TO RENEW It’s time to renew your FREE subscription to Security. Scan this image with the Microsoft Tag Reader on your smartphone or go to www.SecurityMagazine.com/renew

Gl bal News&Analysis “Changing of the Guard” at Security 500 Conference AT THE RECENT SECURITY 500 CONFERENCE in New York City, more than 100 CSOs attended a panel discussion on how new holistic approaches to risk management and security were impacting their security service needs, specifically with guard force companies. “The demands of our customers have evolved from guard force services to multifaceted solutions including guard forces. The understanding of risk, applying metrics to maximize ROI and the application of technologies are critical to helping our customers achieve their security goals,” explained Drew Levine, president of G4S. To achieve organizational goals enterprise-wide, business units are

network PTZ or megapixel camera?

both. We’ve combined the two in our new SNP-5200 1.3 megapixel PTZ. In addition to its outstanding ability to capture high resolution details, now you can track activities over an even greater coverage area with breathtaking precision. Product highlights include: ■ ■ ■ ■ ■

true Day/Night lens with 20X optical zoom 1.3 megapixel resolution low-light sensitivity (0.7 lux) supports 16:9 720p HD imaging dual output IP/analog

■ ■ ■ ■ ■

multi-stream/multi-codec (H.264/MPEG-4/MJPEG) Power over Ethernet (PoE) bi-directional audio support available in indoor and outdoor (IP66) models ONVIF compliant

[email protected] • samsung-security.com • 1.877.213.1222

being reorganized globally or centrally. Security, as a service/support department, is also being structured as one enterprise-wide entity to support global business units. The outcome is single business resilience and risk management solutions across the entire organization. That requires a different approach to security’s customers resulting in new solution provider requirements. Duane Ritter, VP of corporate security at Cox Enterprises, noted the importance of business resilience, “The assurance that the organization remains open for business and able to function for its stakeholders through business resilience policies and programs have changed the traditional guarding RFP.” Customers are seeking a wider range of services combined with flexibility as needs change, sometimes quickly. “The situation is always fluid at the Port,” shared Tom Mylett, Assistant Chief of Police and Security at the Port of Corpus Christi. “It is important the services we require are available as circumstances change or a situation develops.” This Security 500 Conference panel gave a solid overview on how organizations and their guard force partners were addressing critical issues including integrating strategic service partners, such as G4S into business resilience processes. “There really is a changing of the guard,” noted moderator Mark McCourt.

1.3 megapixel performance

Save the Date: iSecurity 2012 is March 8 ISECURITY, Security magazine’s virtual event on March 8, 2012, is the opportunity for you and your entire team to interact, oneon-one with others focused on security management, installation, integration and technology. There’s no travel or registration fees, so your entire tea can attend. Just log onto your computer and join the free online trade show with all these benefits: • Meet suppliers from all over the globe • Hear webinars from industry leaders • Chat live with webinar presenters • Download whitepapers, product videos, brochures • Network via group or private chat with peers More details to come. Visit www. isecuritytradeshow.com

320X total zoom

supports 16:9 720p HD

PoE

1280x1024 pixel resolution H.264/MPEG-4/MJPEG

it all adds up to Samsung.

SPECIAL FEATURE In his relatively short tenure with the company, Ed Levy, vice president and global head of security at Thomson Reuters, has reduced guarding and key holding costs between 10 percent and 15 percent without sacrificing service.

Beyond the Box: Security That Works By Diane Ritchey, Editor

W

hat do a global news and information company, a large utility, a Fortune 500 electronic commerce and payment processing provider, a diverse hospital and a local government have in common? The security leaders of those five organizations thought ‘out of the box,’ formed relationships where they had not existed, solved business problems and in turn, showed security’s value and experienced much success. The ‘out of the box’ term is way beyond cliché, but it’s true. “Many security organizations are entrenched in the four primary aspects of 14

corporate security,” says Michael Lynch, CSO of DTE Energy in Detroit. “I call it ‘the box’ – physical security, investigations, access control and emergency management. These functions are arguably the cornerstone of many corporate security organizations. Whether your specific organization is responsible for all four functions is not the point,” Lynch continues. “It’s what the CSO does outside the box and what he or she is asked to do outside of that box that determines and demonstrates the value they are bringing to the enterprise. That we do an exemplary job within the typical functions should be a given,” he says. “That should be the minimum price of admission. But that, by itself is hardly enough.”

January 2012 • SECURITY • SecurityMagazine.com

That’s exactly Ed Levy’s sentiments as well. Levy is vice president and global head of security at Thomson Reuters, the global news and information provider based in New York, with more than 55,000 employees operating in more than 100 countries around the world. Since joining the company in September 2010 Levy has reduced guarding and key holding costs between 10 percent and 15 percent without sacrificing service, and has strategically partnered with the company’s head of sourcing to create and implement a worldwide plan for vendor sourcing. “We are working very hard towards a category management approach and a centralized delivery of outsourced security requirements,” Levy explains. “I counted 30 guard force vendors when I started that we were employing around the world. How do you manage that? Instead, we culled it down to regional providers, and by doing that we saved money, employed standards and increased our operating efficiencies. Our regional security directors now only have to deal with a single vendor who better understands our needs,” he says. Levy also assessed other costs his security department was working with related to vendors. “The pricing was not that competitive, and the expected standards and guidelines varied across the globe. We have streamlined the process, allowing us to hold vendors accountable to the delivery of strict services and pre-negotiated or closely negotiated pricing,” he says. Second, Levy opened the lines of communication between the Security function and employees. “One of the measures of success I employ as an organization is how well we reach out and communicate to all of our employees,” Levy explains. “I look at this as a metric: if someone asks ‘What does Global Security do for you?’ I want that employee to answer that the security function is an engaged business partner that communicates effectively with employees, ensuring we are able to best serve our customers in a safe, productive environment,” he says. To increase the flow of information, Levy created an Intranet web site dedicated to providing employees with up-to-date information on emergency preparedness, workplace violence prevention, crime prevention, life safety, travel security, home security and more. Levy blogs weekly, creating a dialogue with his nearly 1,000 internal subscribers.

choose open

Security integrator Service Works, Inc. chooses open technology to provide flexibility for its end users. When Jersey Shore University Medical Center turned to Service Works, Inc. for a security system to protect its $300 million expansion, SWI chose an open access control solution that would integrate with the CCTV and infant abduction systems already in place. After examining all the options available from various security providers, they chose Honeywell’s Pro-Watch® security management system because it works seamlessly with third party systems. “We were looking for a non-proprietary system because we wanted to avoid the problem of having to call a different vendor every time we needed something.” Honeywell’s Open Technology Alliance (HOTA) enables open exchange of technology between manufacturers—making an end user’s investment in existing security infrastructure go a long way. SWI and Jersey Shore choose open – won’t you?

Pictured: Stephen E. Govel, CEO, Service Works, Inc., Farmingdale, NJ. To learn more about Honeywell's integrated security solutions, including Pro-Watch, visit www.honeywell.com/security or call 1-800-323-4576 to schedule an appointment with a Honeywell representative. Get more info!

© 2012 Honeywell International Inc. All rights reserved.

SPECIAL FEATURE People recognize him when he walks through hallways of offices around the world. The response and success he has experienced has been overwhelming, to say the least. The web site, which interfaces with other external web sites, also includes information on what’s happening around the world – it’s a global company, after all. “With the flooding in Thailand, the impact to our business was minimal, but employees’ homes were significantly affected. Our employees should know about emergency preparedness. The office building we are located at in Nigeria had a fire that did impact the business, and I wanted to communicate to other employees how real the risks are, improving awareness and understanding it can happen at their office. It’s all about proactive communications,” Levy says. The web site also includes the ability for employees to pose questions to Levy and his staff. “They ask questions about upcoming business travel, physical security at their offices, their ID badges…it runs the gamut,” Levy says. “It’s another level of measurement for security. People have a tendency to focus upwards, but it’s also important to gain an understanding at all levels of the company. It’s important when it comes to identifying resources or shaping security policies. It’s not a backroom function, but a forward-looking process with our employees and our business leaders that security is a business multiplier. Our intent is to add value to the business and its resiliency as opposed to draining resources.” Success has come down to two major themes, explains Levy. “First, knowing that our ‘customers are first’ and employing a security culture that is in our customer’s best interests associated with the products, information, and news services we provide.” Second, he says, is “applying our customer first focus to socialize a security mindset. Thomson Reuters prides itself on providing timely, accurate news and information to its customers along with the context and tools to apply that knowledge in a productive way. Delivering the right information, at the right time, using the right channel, was critical, in my view. For example, realizing that a good proportion of the employee population is younger and had social networking savvy led us to conduct a research study with our social networking group on how to leverage social media channels for security and crisis management communications.” Levy admits that it took some ‘thinking out of the traditional security box’ on what the company was expecting by starting an internal web site. “Is it security’s role?” he asks. “When it comes to mitigating risk and adding value 16

to the business, we see this as a responsibility.” Levy also talked about his security team and how proud he was of his organization, who embraced his vision and were collectively part of the strategy to provide safety, security, and risk management services around the world. He was very keen to share the importance of recognizing talented people and providing the leadership and guidance on allowing people to succeed. What advice would he give to a colleague looking to do the same? “Truly understand the nature of your business and develop your security program and team to best support the business needs,” he recommends. “Craft your message in a manner where you have a clear vision and mission, and get leadership buy in. Mission accomplishment for the security group is important on a day to day basis, commensurate to the company’s mission. Then, communicate, communicate, communicate with your respective stakeholders.”

ABOVE AND BEYOND At DTE Energy, as well, CSO Michael Lynch sees value in communicating with stakeholders and crafting creative ideas to show Security’s value. DTE leadership has routinely asked more of Lynch. Only two years ago leaders recognized a significant issue with the theft of electricity and natural gas. They called on Lynch to think ‘outside the box’ and implement solutions that would send a strong deterrent message. As a result, Lynch came up with a plan that enabled corporate security to capture never before seen video of individuals stealing electricity and gas. The result? The video was used as evidence in criminal court and 135 arrests were made in 2010, up from two the year before. Because the evidence was so strong all but one of the defendants pled guilty to their crimes. Local news affiliates created more than 10 news stories which, in combination with the arrests and convictions, sent a strong deterrent message. In May 2011, after a massive home explosion, the president of DTE’s gas utility called on Lynch once again. Like energy theft, gas explosions were not a primary responsibility of DTE’s corporate security department. Lynch learned that the gas explosion occurred after thieves broke into empty homes and stole appliances such as water heaters and furnaces. When they ripped an appliance from the wall, they would break the appliance’s (natural gas) fuel line. When the right mixture of gas is combined with oxygen and a heat source, an explosion is inevitable. Lynch came up with the idea to rent

January 2012 • SECURITY • SecurityMagazine.com

“Libraries are public buildings that differ from private buildings that the public go to and we may not be able to set all the same rules,” says Kirk Simmons, security manager for Hennepin County, Minn.

Five Security Success Stories: Thomson Reuters – Has reduced guarding and key holding costs between 10 percent and 15 percent without sacrificing service and improved communication of security’s value through an Intranet web site. DTE Energy – CSO Michael Lynch has solved business problems for the utility through creative use of video and thinking ‘out of the box.’ TeleCheck, a First Data company – Has created partnerships with 800 federal, state, county and local agencies to reduce fraud and risk. Hennepin County, Minn. – Has taken on a leadership role within the large and populated area and reduced crime and risk and thus, transformed a community library to one where patrons want to visit once again. Henrick Medical Center – Has successfully moved from analog to IP video and gained business advantages.

ideas for life

The new face of surveillance technology. Introducing i-PRO SmartHD. Panasonic i-PRO SmartHD™ cameras can instantly enhance and detect individuals’ faces the moment they step into your facility. Employing the latest innovations in HD face detection technology, i-PRO SmartHD cameras* seamlessly integrate with our NV200 NVR to match stored faces with real-time video, and alert you when unauthorized individuals come into view. They’re also ideal see more with your for visitor management applications and to identify frequent smartphone customers. Any way you view it, Panasonic i-PRO SmartHD cameras are changing the face of surveillance technology. * WV-SP306 supports face matching

Panasonic System Networks Company of America

Surveillance, Monitoring & Video Imaging panasonic.com/security

SPECIAL FEATURE do our work. As corporate security leaders, we need to consider why and what we do and its relationship to the overall enterprise.” Editor's Note: Video of the appliance thefts can be viewed at Security TV at www. securitymagazine.com

TAKING ON FRAUD

Jerry Norcia, president and chief operating officer of MichCon, helps Michael Lynch, CSO at DTE Energy, find solutions to business problems.

unoccupied houses that were stocked with appliances and apprehend thieves while they were in the act of stealing the appliances. He found agreeable landlords, ones who had previously been victimized by individuals who had broken into their properties and stole appliances, plumbing fixtures and anything else they could. At the prospect of solving a terrible and yet old problem, the landlords were more than happy to offer houses to rent for $50 a month. Lynch purchased gas stoves and water heaters, and installed hidden surveillance cameras in the houses and covert GPS devices inside the appliances. GEO fences were created around the house. The hard work, creativity and investment paid off. Thieves broke into the houses, stole the appliances and set out to make as much as $100 for a water heater and $200 for a furnace. But little did they know their every move was being tracked. The cameras alerted DTE’s Corporate Security whenever the house was broke into. The GPS devices tracked the appliances, and when the position of the appliances moved, Lynch and the Detroit Police Department responded. “None of this would have been possible had it not been for the rich relationship we have developed with the Detroit Police Department,” Lynch says. “The partnership works because the initiative not only addresses a DTE issue; the prevention of house explosions, but also helps law enforcement. It’s a proactive approach to 18

home invasion. We also don’t expect law enforcement to do all the heavy lifting. We do as much detective work that a civilian can do. We understand there are other crimes occurring that compete with our issues. So we call them only when we have our facts straight or the crime is flagrante delecto (the crime is blazing).” Within two months as many as 10 arrests were made. None of the thieves were stealing the appliances for themselves. In fact, says Lynch, they either had customers lined up to buy the stolen goods or were planning on taking the appliances to a resale shop to make a quick buck. “The initiative has been so successful that we plan on continuing it for the foreseeable future,” Lynch says. “The word is spreading. Both HUD and the Detroit Housing Commission are involved and supplying DTE houses to use.” Yet, beyond the arrests and news reports, says Lynch, is that he was asked by DTE senior leadership to solve a business problem, not a security problem. “I wasn’t given a roadmap of what to do, and to some people that might be frustrating, but to me, it’s not. I can show my creativity.” In this success story, Lynch solved several business problems for DTE Energy. “I don’t have any responsibility for gas explosions, obviously,” he notes. “But corporate security has dramatically changed in recent years. Technological advances alone have created astronomical opportunities for the way we

January 2012 • SECURITY • SecurityMagazine.com

“Every year our security department shows an increase in improvement. But only when we run security like a business,” adds Charles Andrews, director of security for TeleCheck, a First Data company. First Data is a payment processing company headquartered in Atlanta. It provides electronic commerce and payment solutions, and its portfolio includes merchant transaction processing services; credit, debit, private-label, gift, payroll and other prepaid card offerings; fraud protection and authentication solutions; as well as Internet commerce and mobile payment solutions. The TeleCheck division, based in Houston, provides electronic check acceptance services. “In seconds, we decide whether a merchant accepts or doesn’t accept a check,” Andrews explains. “Sometimes it is up to the merchant, based on how the contract is written, and they accept the liability, but the majority of our check acceptance business is warranted, which means that we guarantee the transaction. Because we assume so much liability, we have a certain amount of fraud. And that’s where I come into the picture.” Andrews, whose background includes law enforcement, honed his business acumen at The Dow Chemical Company and a financial services organization. “There, I developed a business skill set of how big global companies work. No matter what kind of business you’re in, relationships are always key,” he says. He’s never lost that valuable lesson. At Telecheck, he and his team take intelligence from fraud events and develop metrics to help risk analysts make better decisions in the retail environment. While fraud doesn’t completely fall within his role, Andrews embraces it. “I enjoy it because it goes beyond security; it goes into the business,” he notes. Second, he maintains close relationships with the 370,000 merchants and their security directors that the company calls its customers. “I not only maintain relationships, but I get to get involved in the business of security, finding fraud solutions and managing risk, and I enjoy that role very much,” he says. “So when a check goes bad or is counterfeit, I become involved with the criminal process and receiving restitution that is ordered by the courts.” In 2010, he says, he worked with 800 fed-

Securing Your World

manpower. technology. innovation.

G4S HELPS YOU MITIGATE RISK, MANAGE COSTS AND MAINTAIN COMPLIANCE Only G4S integrates manpower and the latest security technologies into a truly comprehensive and cohesive security solution. And that’s not just any manpower – it’s industry-proven core expertise in manned security. Now seamlessly combined with analysis and design capabilities, the latest security technologies and business intelligence that traditional guard services simply don’t offer and technology companies alone can’t provide. That’s G4S innovation. 800.275.8305 • 561.622.5656 www.g4s.com/us • [email protected]

SPECIAL FEATURE eral, state, county and local agencies and task forces and special operations teams to reduce fraud and risk. “The key is that it starts and ends with relationships,” he says. “You have to find them and then maintain them. When someone with whom you have a key relationship asks for something, you deliver it.”

homeless shelters in the downtown area near the library that require individuals leave by 7:00AM that therefore push those individuals into the MCL for shelter. A few years ago, Hennepin County assumed the responsibility for the Minneapolis Library System and with that

MEETING A PUBLIC CHALLENGE At the heart of the Hennepin County Library system, Minneapolis Central, is recognized as one of the top libraries in the US. Hennepin County has a 41-library system that offers more than 5 million books, CDs, DVDs, electronic resources and other items in more than 40 languages, and has more than 1,700 computers available to the public. In 2010 there were an estimated 5.8 million in-person visits and almost 20 million visits to the library web site. Kirk Simmons, security manager for Hennepin County, Minn., is responsible for securing the library system, among other county buildings. The Minneapolis Central Library (MCL) is more than 350,000 square feet with an atrium more than 8,100 square feet. The atrium is open several hours before the rest of the library and makes for an appealing location to “hang out.” There are several

“Every year our security department shows an increase in improvement. But only when we run security like a business,” says Charles Andrews, director of security at TeleCheck, a First Data company.

Hennepin County Security and Simmons and his staff was responsible for an additional 15 libraries. One of the community libraries, North Regional is located in north Minneapolis and in an area that has a history of higher crime. With this library came many incidents and issues that received unwanted attention from the community, including illegal drug sales, loitering and gang activity. “Libraries are public buildings that differ from private buildings that the public go to and we may not be able to set all the same rules,” Simmons says. “There have been times when local law enforcement have been called in to help with teen problems and they suggested ideas that have worked in other locations such as limiting how many teenagers are let in the building at any one time. Another suggestion limited access to computers or social networking web sites. Since these types of suggestions would not work for the library we needed to be proactive and find workable solutions with the local law enforcement agencies.” He adds, “Libraries are challenging to secure because the people who work there don’t think that security is their responsibility. Plus, the landscape draws a host of issues: it tends to be a social scene for kids, pedophiles

We’re about to

change perspective thermal imaging! your

on

use the computers and homeless people hang out there. We actually apprehend a lot of people on our felony list at the library.” Initially, library staff was apprehensive of the change in security and the new officers, Simmons says. “In order to mitigate these fears an officer was assigned to each of the departments at the library and would be their liaison with security,” he says. “The officer would go to the team biweekly meetings and discuss any security related issues with staff. When assignments were made we identified officer talents and paired them with the appropriate library unit.” A plan had to be developed and implemented to deal with the incidents at North Regional Library. Security management worked with local community groups, law enforcement agencies and the politicians for the area. In addition, since many of the individuals involved were teens, Simmons and his staff coordinated the effort with the local schools and park board to work together with the teens in the area. He also implemented IP cameras and assigned security dedicated to the system to monitor and take corrective action on discovered unwanted behavior on the spot. “We also met with different agencies in

Hennepin County and provided them with education on the library services and how they relate to freedom of speech and right to access,” Simmons says, one of which included a trespass law. “Since we have done that the relationship between library staff, including security and law enforcement officers, has drastically improved. By assigning specific security officers to work directly with staff and not only interact with them when there was a security event happening, the relationship was strengthened. Not only were fears of the librarians put at ease, but the security staff took ownership of their areas and security and the library now work as a team.”

MITIGATING HUMAN ELEMENTS Similar to libraries, hospitals are open communities, and no longer immune to increasing violence. Hendrick Medical Center, one of the largest hospitals in the West Texas area, serving referrals from 16 smaller hospitals in surrounding counties, continues to research and implement security technologists to keep patients, employees, visitors and physicians safe. “People usually can’t pick the day they go to a hospital,” says Roger Dickey, director

“In a nutshell, our purpose is to make people feel safe and secure when they come to this facility and to reduce risk that we can show our stakeholders,” says Roger Dickey, director of security at Hendrick Medical Center. Part of the keys to reducing risk has been implementation of IP video and a new console for security personnel, from Middle Atlantic Products.

of security at Hendrick Medical Center. “You can’t predict whether or not there will be a gang related event in the city and both victim and suspect factions arrive in the ER. While the Hendrick campus experiences a low crime rate compared to the surrounding neighborhoods, we do have to deal with societal problems that are a direct reflection

Introducing

Clear24. See the clearest video

daylight and darkness automatically in

in every environment. See the difference… sightlogix.com/clear24 scan here

SPECIAL FEATURE of the community we live in. There are so many human elements and Security has to mitigate all of them.” With its Level III trauma center, the 503-bed acute care medical center is currently undergoing a multi-million dollar expansion, which includes the upgrade of its security surveillance operation, and a transition from analog to IP cameras. The new security video system will eventually include 200 IP video cameras, and a conversion from barcode to proximity card readers. The expansion will also include a workspace for the security guard monitoring staff with a console from Middle Atlantic Products with first destination radio, video, access control, infant protection and alarm management. Dickey’s security staff includes a proprietary guard service, with 19 uniformed and armed officers. All of the security guards are commissioned by the state of Texas and most are former police officers. They receive and answer 3,600 calls per month in the medical center, ranging from moving financial assets to domestic disturbances to the arrival of a helicopter. His officers share a radio system with the local police and fire

department, so it functions much like a police agency. “As we began to contemplate this huge construction project and keeping security and the safety of our staff, patients and visitors in mind, we did not want to put old technology in a new building, which has state-of the art clinical technologies,” Dickey explains. “All of our existing cameras were analog, and we needed to be more efficient in terms of how we monitor. Also, with 200 cameras it’s difficult for a dispatch officer to monitor all of them, and IP provided the necessary mechanism through event monitoring.” Dickey understands how security is a business function, and he kept that in mind when he sought to transition from analog to IP. “You gain business advantages because you save money in wiring, the video management system is more efficient and flexible, higher quality video, as is the playback of the system,” he says. “Essentially, the advantages are cost effectiveness, greater efficiency and effectiveness resulting in a more secure facility and reducing overall risk.” Adding to that overall risk reduction is the new workspace. “This is a $92 million building project,

and we needed a system that would still be in the game three to five years down the road,” Dickey says. “We went strictly with IP because of all the benefits available to our staff. There’s no way that a single security officer(s) sitting at a console can view all of those cameras and be effective. So we really like to take the views the console gives us and spread them out, so we can quickly pull up the parameters or salvos we want to view at the push of a button.” “In a nutshell, our purpose is to make people feel safe and secure when they come to our hospital and to reduce risks that can be demonstrated to our stakeholders,” he says. “In criminal cases, we assist local law enforcement by providing high quality video evidence to support filing charges when appropriate for offenses occurring on our campuses. From another business standpoint, when people report a risk management concern, we may have captured that on video and often can provide that video, which is helpful in identifying a cause, or challenge a claim. Our combination of electronic security systems and well-trained and dedicated staff result in lower risks and vulnerabilities, which translate into greater value to the organization.”

SECURITY INSPECTION MADE SIMPLE Easy, Affordable, Modular. The Flex Series UVSS Shows You Every Detail

S

ee every detail of a vehicle’s underside clearly while the Flex Series Under Vehicle Surveillance System digitally scans, monitors, and records it all in full color and real time. High-powered LED lights and built-in digital cameras capture every detail; an optional license plate recognition system is available. The modular design of the UVSS makes it simple to create and assemble the perfect configuration in 40 minutes, with no additional construction needed. Getting the full picture about the Flex Series UVSS is easy, too. Just visit www.comm-port.com

COMM PORT TECHNOLOGIES INC 981 ROUTE 33, MONROE, NJ 08831, USA TEL: 732-738-8780 • FAX: 732-631-0121 E-MAIL: [email protected]

22 January 2012 • SECURITY • SecurityMagazine.com SEC07094COMM.indd 1

6/16/09 10:55:30 AM

Who can handle a security challenge this complex?

With leading-edge technology, Siemens combines knowledge and experience to deliver tailored security solutions. To be your long-term partner, today‘s integrator has to provide more than technology; they have to know your business and risk profile, understand the regulatory environment, compliance issues and how to customize an intelligent, layered security solution. The Integrated Security Solutions (ISS) team at Siemens Security boasts a combined average of 27 years in the security industry. Siemens has the highest level of expertise, access to leadingedge products and the talented resources to execute complex solutions. Our team has all of these in-house and ready to deploy. We have the answers to your toughest questions. usa.siemens.com/integratedsecuritysolutions

Answers for infrastructure.

ENTERPRISE SERVICES

Social Media, Mobility and the Future of Security Convergence By Dan Dunkel, Contributing Writer

I

t is hard to imagine any market sector today that is not impacted by the “Big Three” emerging technologies: Social Media, Mobility and Cloud Computing. The holiday shopping season saw “Cyber Monday” come out of nowhere to replace “Black Friday” as a traditional benchmark for consumer spending. New media and technology are being rapidly indoctrinated into our culture. Retail has embraced “social media” word-of-mouth marketing, and the technical innovations of mobile devices make e-commerce impulse buys all the more handy. And scaling IT operations is not an issue, as large retailers simply contract for more “seasonally expanded” cloud services, rather than purchasing costly computing equipment and hiring additional personnel. The retail sector is one example that is inundated with real-time

consumer information, predictive in its operational response to “Big Data,” and reliant upon the latest in cultural trends and technology for a competitive advantage. The physical security industry counts retail as a significant customer segment and could learn a valuable lesson in social media leverage to expand sales opportunities. The retail sector integrates information to determine buying habits in real time. The classic “Pop Tart” case study is the perfect illustration. Real-time weather prediction integrates with online inventory management to order additional “bad weather supplies,” including “Pop Tarts.” Prepare a disaster area with critical supplies and generate additional revenues. The “Pop Tart” example utilizes business intelligence for competitive advantage. Two adjacent markets in the process of leveraging social media and technology for advantage are law enforcement and national security. Data analysis is being utilized to predict security scenarios. Incorporating social media into existing solutions is a consulting and integration business model. This extends account control, increases revenues and opens up new account business. The trends that matter tend to “trickle down.” The institutions you would expect to pay attention to these major trends actually are paying attention. The issue that the security professional must come to terms with is a traditional slow response to market change. Being overly “conservative” in an age where technology is a rapidly integrated “commodity” will mean lost business opportunities, or perhaps even cost lives. Will our physical security industry choose to embrace social media and mobility? Or will we incorrectly believe that these fundamental cultural and technical changes do not impact our business models?

THE NEW WORLD ORDER While holiday retail shopping is something we all can readily identify with, there are much deeper, global changes taking place as a result of social media and mobility that are empowering the masses in ways never seen before. The constant news cycle is similar to the explosion of Big Data in our lives. We are drinking from a fire hose of digital information and unable to keep pace. Step back and look at the changes occurring in the Middle East, and specifically, the Arab Spring. The region of the world that secures a major source of the global energy supply is in upheaval. Long-held political structures are crumbling in record time and being replaced with a mass movement of people demanding more freedom. These governments simply cannot stop the Facebook/Twitter movement. However, the same positive aspects of social media we see promoting democracy are being utilized by international criminal organizations, including drug cartels, to advance their nefarious goals. Technology is accelerating an international crime wave that is both physical and digital (cyber) in nature. 24

January 2012 • SECURITY • SecurityMagazine.com

FREE You are invited to attend THE virtual event for the security industry!

Thursday, March 8, 2012 10:00 am - 4:00 pm ET Presented by

The Security Universe at Your Fingertips

www.iSecurityTradeshow.com Attend these LIVE presentations, includes a Q&A with the presenter! 10:30 – 11:30 am ET Security Channel in 2012: Best Opportunities & Greatest Challenges

12:30- 1:30 pm ET Preparing a Violence Prevention Plan with New OSHA Approach

• Meet contacts from all over the globe: suppliers from monitoring to surveillance and everything in between will be represented • Network via Group or Private chat with peers • Download whitepapers, product videos, brochures • Get show discounts and win prizes • No travel or registration fees so your whole team can attend • No time spent out of the office • Can’t make it? Register anyway, the archive will be available!

2:30 – 3:30 pm ET SECURITY 500 LIVE: What Are The Top 10 Trends Driving Enterprise Security?

Who Is Attending? Executives including owners, presidents, vice presidents and technical management at installation, dealer, integrator, distributor and monitoring companies. Enterprise organization security leaders including CXOs, vp, directors, managers and supervisors of security, loss prevention, corporate, facilities and IT.

Sponsor iSecurity 2012!

Last year’s attendees said: “I could quickly move from booth to booth to look for new technology,” “I liked the ability to ask questions in an open forum or private chat. With quick response,” “The interaction was very cool. I love this setup.”

REGISTER NOW! SARAH GORAJEK Online Events Manager SDM/Security Magazine (248) 786-1671 [email protected]

ENTERPRISE SERVICES

Time for us to mix social media, mobility and the cloud.

“Globalization has created a huge criminal economy that boosts a technically leveraged global supply chain. The value of that illicit economy is between 2-3 trillion dollars per year and is growing at seven times the rate of legitimate world trade.” — Moises Naim Former Venezuelan Minister of Trade & Industry. He is an internationally renowned expert on globalization, international politics and economics.

We must utilize these emerging technologies to reduce crime and counter these global trends. Yet, one of the gating factors in our ambitious pursuits is our own “security culture,” which is not recognizing the rapid advancements in communication via social media. The springboard of this change and the framework of an emerging security solution model is social media and mobility.

LOCAL LAW ENFORCEMENT Law enforcement is taking a page from the social media playbook to better interface with the public by improving traditional community outreach methods. The year 2010 saw the inaugural conference for SMILE (Social Media In Law Enforcement) take place in Washington, DC, highlighting advances in digital wanted posters, community information sharing via Twitter feed posts and pursuing criminals in social space. Eventually, innovative police departments anticipate integrating Twitter feeds into a real time 9-1-1 monitoring center to improve the early warning system for accident or incident alerts. COMPSTAT, originated in NYPD with former Chief Bill Bratton, is now an internationally acclaimed command accountability system that uses computer-mapping technology and timely crime analysis to target emerging crime patterns and coordinate police response. “Cops on Dots” was the “slang” explanation, as computer technology replaced traditional colored pushpins on wall maps. Today, the LAFD (Los Angeles Fire Department) responds to real-time tweets from homeowners during fire rescue operations in which wind changes occur almost instantaneously. Direct tweets are a time improvement over traditional landline communications to a dispatcher. These law enforcement solutions using social media are available to security operations within a public sector or private enterprise. A valuable resource is ConnectedCOPS. net, the law enforcement’s partner on the social web, (http://www.connectedcops.net). The site is content rich with information on current topics in social media and cloud 26

January 2012 • SECURITY • SecurityMagazine.com

computing, as well as industry news and events. One article, titled “6 Reasons Why LEOs Should be Thankful for Social Media” by Lauri Stevens, asked Twitter followers why they are thankful for social media in law enforcement. The answers included: 1. It helps dissolve the media filter. 2. It increases your efficiency when budgets are tight. 3. It’s a great help in investigations. 4. It’s an ideal enhancement for community policing. 5. It’s an effective way to educate people, even officers. 6. It can save lives. This information highlights how social media can provide a valuable addition to an existing security operation and/or policy.

THE INTELLIGENCE COMMUNITY Throughout our nation’s history our intelligence community has been an early adopter of technology to identify emerging global trends. Certainly, tracking “Big” data analytics via social media and mobility trends has played a huge part in their efforts. The Associated Press has written “Ninja Librarians’ scour social media for CIA.” In the agency’s Open Source Center, these teams search social media sites like Facebook and Internet chat rooms, along with the traditional media venues of television, radio and newspapers to cross reference information looking for threats to the nation. Upwards of 5 million tweets are reviewed daily across a number of foreign dialects. Social media can be utilized to predict behavior. These tools exist today. Our U.K. allies across the pond, The Metropolitan Police, initiated a social media effort “post” London rioting with photographs and disorder videos asking for the public’s help in identifying violent and criminal acts. The anonymous crime stopper effort dubbed “Operation Withern” resulted in more than 500 hundred arrests in the first three days. (http://www.securitymanagement.com/)

THE FUTURE SECURITY ENTERPRISE Our industry must leverage these technologies to harden global supply chains, predict or respond to criminal behavior and otherwise better secure the business operations of a company or the critical infrastructures of a nation. Our global security hangs in the balance. Social media, enabled by mobile devices and supported by Big Data analytics, is

Dan Dunkel

a powerful combination in the emerging market for behavioral profiling. In marketing circles, test beds and traditional research surveys are out, replaced by tweets and the blogosphere that offer instantaneous results. Today, movie releases are determined a box office success or failure based on social media activity “prior” to the actual premiere ever running in a theater. It’s predictive behavior via social mass media. It considers social media a dual-use technology. The behavior we are modeling today does not have to be “human only,” but includes machine activities, as in how a network is responding (or not responding) to a cyber attack, or employees downloading confi-

dential data. From social media to computer logs, behavior is predictable and “anomalies” are “Big” Red Flags. The fact is that behavior modeling has value in a security practice. The future opportunity is obvious for our industry to use social media, mobility and the cloud. The unshakable fact is that the combination of these trends is rapidly changing our world. They have driven our personal behavior, reshaped global crime and law enforcement and totally surprised the international community by toppling established governments. We are witnessing the “socialization of technology” and entering a new, faster dimension. Innovative security integrators recognize the obvious and respond with products and services to keep pace and increase revenues. Mega change requires a flexible business model. As baseball great Yogi Berra said, “The future ain’t what it used to be. About the Author: Dan Dunkel brings more than 22 years of sales, management, and executive experience in the IT industry to a consulting practice, New Era Associates, focused on the emerging field of security convergence. He is co-author of Physical & Logical Security Convergence.

theplusfactor

super-size your access control Maximal Access Power Controllers provide seamless power and independent control for as many as 16 electric door hardware devices. Available in a wide range of power configurations for 12VDC or 24VDC devices, or both. Super-size your access control systems with Maximal from Altronix.

More than just power.™ Lifetime Warranty • Made in the U.S.A. [email protected] • 1.888.258.7669 • altronix.com

SecurityMagazine.com • SECURITY • January 2012

27

Leadership & Management

Running Security Like a Business

T

he next generation of security leaders will be challenged in ways previous generations have not. They will be asked to manage and monitor more risks and to identify and address new risks, including those created by drastic shifts in business operation and philosophy. They will have to do this more quickly, with fewer resources in many cases, and they will be expected to think and strategize at a board of director’s level. Last month we addressed the importance of aligning security with the business. The security leader who prioritizes alignment will have built a strong foundation from which to meet the coming challenges of risk management. However, alignment is sometimes a significant challenge. It often requires current and rising security By Marleah Blades leaders to run security like a business, which includes knowing your business and its level of readiness for your strategies; communicating with and influencing internal customers; demonstrating how and where security resources are being used; and adding value to the organization. First, if the security function hopes to align itself with the business’ needs and goals, the organization, the security leader and the security programs must all share the same level of “readiness.” For example, the leader may be extremely mature, with years of experience and a long list of successes at other organizations, but if the organization is not ready for visionary security leadership – or not interested in it – then the leader may have to adjust in order to meet the company’s needs. Or if the organization is prepared to shift from a compliance-focused security strategy to a proactive, growth-focused strategy, but the existing security programs are all built and measured around compliance concerns, a major shift in programs will be in order to match the readiness level of the organization. A company’s readiness may be impacted by many factors, including budget, senior leadership and culture. To align with the readiness level of their organizations, security leaders must understand their own leadership maturity as well as the company’s risk appetite, management’s awareness level and the drivers of security programs. Running security like a business also requires communication and influence. A research report released by the Security Executive Council last year, “The Nine Practices of the Successful Security Leader,” identified commonalities among many highly successful individuals in their Tier 1 Security Leader community. (The report is available for download at https://www.securityexecutivecouncil.com/sm9.) “The findings in this report show that much of success revolves

28

January 2012 • SECURITY • SecurityMagazine.com

around communication and receptiveness,” says Kathleen Kotwica, EVP and Chief Knowledge Strategist for the Security Executive Council. “Each of our findings reflects how security or the security leader is perceived by other business leaders, management and employees based on how the security leader presents risk and, to a great extent, him- or herself.” In many organizations, security can also enhance alignment by helping improve the bottom line, either by reducing loss or building profit. In a business sense, risk management is not only about transferring or mitigating potentially negative risk; it is about identifying risk that may provide opportunities for growth or profit. While security has traditionally been expected to focus on mitigation, the global economic recession has caused many businesses to push all organizational functions – security included – to identify ways in which they can add value. To align, therefore, security must extend beyond consequence protection. In order to enable this shift, security leaders will need to show a certain level of business acumen. They will need to be able to find the money by identifying opportunities in existing programs as well as potential value-adding partnerships with other functions. “The ability to promote transaction integrity – asset transfers, data, hiring, purchasing, sales and supply chain – through anomaly detection and mitigation will optimally pay for compliance programming and optimize the business,” explains Francis D’Addario, emeritus faculty for Strategic Influence and Innovation for the Security Executive Council and former vice president of Partner and Asset Protection for Starbucks Coffee. D’Addario has a solid record of business-focused security success. “Injury, loss reduction, and revenue enhancement often yield more than 250 percent ROI with capable protection investment,” he says. The Council’s Next Generation Security Leader Development Program is offering courses on each of these topics. Next month we will touch on some of the aspects of risk that the next generation of leaders will need to be aware of to reach the height of success. About the Author: Marleah Blades is senior editor for the Security Executive Council, a leading problem-solving research and services organization focused on helping businesses effectively manage and mitigate risk. To learn about becoming involved, or to offer comments or questions about Next Generation Security leadership, e-mail [email protected] or visit https://www.securityexecutivecouncil.com/sm. You can also follow the Council on Facebook and Twitter.

SCAN TO RENEW It’s time to renew your FREE subscription to Security. Scan this image with the Microsoft Tag Reader on your smartphone or go to www.SecurityMagazine.com/renew

select your mode of perfection

10MPor 1080p There’s only one professional Dual Mode video surveillance camera that delivers both 10 megapixel resolution and the ability to switch to Full HD 1080p at 30 frames per second – the AV10005 from Arecont Vision. At 3648 x 2752 resolution, the AV10005 delivers 30 times more pixel density and forensic detail than standard definition analog or IP cameras – all while minimizing bandwidth and storage requirements by using H.264 compression. The AV10005 can be your one camera solution for most of your megapixel needs by cropping to any other lesser resolution or aspect ratio. Make your mode of perfection the AV10005 from Arecont Vision.

Dual Mode 10MP or 1080p resolution 6fps @ 3648 x 2752 (10MP Mode)  30fps @ 1920 x 1080 (1080p Mode)  Binning Mode for improved sensitivity  

Dual Compression H.264 and MJPEG  Day/Night Functionality  Image Cropping 

1-818-937-0700 • arecontvision.com MADE IN THE USA

Get unprecedented image detail and never miss a thing with Avigilon’s end-to-end surveillance solutions. From shoplifters to potential false liability claims, you can now capture it all in high-definition. The Avigilon Control Center software featuring High-Definition Stream Management (HDSM) technology combined with the broadest range

avigilon.com

CAPTURE IT WITH CLARITY

of megapixel cameras (from 1 - 29 MP) provides superior details while requiring minimal bandwidth and storage. Our software allows you to search and view an incident in seconds, along with the ability to link HD surveillance footage with transaction data to help reduce shrinkage and theft. With Avigilon on your side, you will always get the best evidence.

ENTERPRISE SERVICES

Overcast but Clearing as the Cloud Comes to Security By Bill Zalud, Editor Emeritus

A

lready the darling of a growing number of enterprise information executives, going into the cloud has come to their security brethren, bringing the same business advantages but also, not surprisingly, the same risks. Welcome to security services “in the cloud.” And the cloud will get bigger… really bigger. In its Global Cloud Index, Cisco estimates global cloud computing traffic will grow 12-fold by 2015. Hosted, managed, software as a service, video as a service, infrastructure as a service, in the cloud computing; it’s a confusing set of labels, features and potential sources. But generally, IT and increasingly enterprise security leaders see business advantages in sharing or shifting software, processing, or storage in a different way, often thanks to internal virtualization or,

externally, the Internet. Specific to security, electronic card access control, burglar alarms, mass notification and various levels of security video can reside in the cloud. A most recognized cloud application is Google’s Gmail, for example. As with anything, “in the cloud” has risks and benefits, complicated since many physical security professionals are not as aware of the approach.

CLOUD PROBLEMS ARISE For example, recently Google modified the encryption method used by its HTTPSenabled services including Gmail, Docs, and Google+ in order to prevent current traffic from being decrypted in the future when technological advances make it possible, said a report by IDG News Service. The majority of today’s HTTPS implementations use a private key known only by the domain owner to generate session keys that are subsequently used to encrypt

traffic between the servers and their clients. This approach exposes the connections to so-called retrospective decryption attacks. There remains a bit of confusion over the cloud. According to Mohammed Benabdallah, director, global business development and IT alliances for Tyco Security Products, “There is managed and hosted but they are not cloud application per se. There is a move, however, within certain organizations which are interested in moving to the cloud.” One business benefit, says Benabdallah, is to overcome the failure of a security system where it crashes or is overloaded. Before the cloud, CSOs needed to work things out with more expensive redundant systems or storage. He sees the new approach appealing to expanding organizations due to mergers and acquisitions, for instance. “The cloud gives provisioning and elasticity.” In a payfor-what-you-use plan, it is similar to how enterprises use electricity today, he points out. “It can be a measured service based on the number of readers and credentials and the amount of transactions.” Among business risks is the potential of the impact of the cloud on privacy and corporate governance.

DETERMINE SENSITIVE DATA

As cloud computing evolves and IT and security operations use it more, cost management comes into play. For enterprise security leaders, their IT partners can help. And there are outside services such as Cloud Crusier. 32

January 2012 • SECURITY • SecurityMagazine.com

Says Andrew Serwin, chair of the privacy, security and information management practice at law firm Foley & Lardner LLP, and a Security magazine Most Influential, “It can be a matter of how sensitive is the data and what type of cloud you are using.” He advises that security executives “assess what they are putting up in the cloud. Meet your need for privacy and data security. There is also the growing requirement for business continuity as it relates to mission critical data.” Andres Kohn, vice president of technology for Proofpoint, agrees with Serwin. “The evolving security landscape, including the increase in malicious attacks, consumerization of IT and complex regulations,

What can

37,000+ professionals security

do for you?

Join ASIS and SAVE $100

on any classroom program, webinar, or global conference!

Successful security practitioners are ahead of the curve on security management best practices, emerging technologies, innovative solutions, and industry standards and guidelines. As a member of the world’s largest association for security management professionals, you will be too.

Put the power of ASIS to work for you. High-caliber Networking + Actionable Information + Global Insights Impressive Industry Credentials + Unparalleled Education

View the many benefits of membership online: www.asisonline.org/joinnow or call +1.703.519.6200. Don’t Go It Alone. Get Connected Today.

ENTERPRISE SERVICES ing the creation of a virtual data center. Such an approach is growing in the security video storage and retrieval area. • Managed services. The most mature approach, in this case a cloud provider uses an application as compared to the end user. There also are layers of services and computing. In the case of Web-based offerings, once an Internet protocol connection is established, it is possible to share services within any one of the following layers.

Assess the sensitivity of the data to determine the applicability for the cloud, says Andrew Serwin, chair of the privacy, security and information management practice at law firm Foley & Lardner LLP, and a Security magazine Most Influential.

means that traditional security architectures may not be coping. You have to stay on top of trends and their risks,” he says of security and the cloud. Kohn points out that, no doubt, cloud computing for security applications has business benefits. “There is elasticity. You can gain more capabilities.” Proofpoint is a security-as-a-service vendor that delivers data protection solutions. He adds the evolving cloud can provide a greater level of security and functionality. “It can save money but you need to be cynical of the cloud providers. Probe. Look for certifications. Make sure you do not lose control of security itself. Audit carefully.” Frank Kenney, a former Gartner analyst and now vice president of global strategy and product management at Ipswitch File Transfer, emphasizes that the “cloud is as secure as someone wants it to be. You need to ensure protection of the transmission and the data. Employees often break the rules to

According to Andres Kohn, vice president of technology for Proofpoint, “You have to stay on top of trends and their risks,” when it comes to cloud computing.

get business done.” He suggests the need for disaster recovery plans to be adjusted when going into the cloud. “When you add such layers of security, you need to add layers of management and auditing, governance and administration,” which may go beyond the cost savings of the cloud model itself. Know as much as you can about the details of the myriad services, says Kenney. Among the diverse services: • Web-based cloud services. Security can employ certain Web service functionality, rather than using fully developed applications. • SaaS (Software as a Service). This involves providing a given application to multiple tenants, typically using a Web browser. • Platform as a Service. A variant of SaaS, security runs its own applications but on the cloud provider’s infrastructure. The provider may be internal or external. • Utility cloud services. These are virtual storage and server options that organizations can access on demand, even allow-

• Client – A cloud client consists of computer hardware and/or computer software that relies on cloud computing for application delivery and that is in essence useless without it. • Platform – Cloud platform services, also known as platform as a service (PaaS), deliver a computing platform and/or solution stack as a service, often consuming cloud infrastructure and sustaining cloud applications. It facilitates deployment of applications without the cost and complexity of buying and managing the underlying hardware and software layers. Rare it typical physical security, but popular in IT, cloud computing has major impact, and one of the most important parts of this change is the shift of cloud platforms. Platforms let developers write certain applications. • Infrastructure – Cloud infrastructure services, also known as "infrastructure as a service" (IaaS), deliver computer infrastructure – typically a platform virtualization environment – as a service, along with storage and networking. And for security with officers, after-hours guarding, or escort service needs, there are cloud offerings emerging. For example, VirSec Virtual Security from Huffmaster has services including virtual patrols and escorts.

A Four Way Cloud Approach There are four cloud types and each can play a role in physical security. Public cloud – A public cloud is based on the standard cloud computing model, in which a service provider makes resources, such as applications and storage, available to the general public over the Internet. Public cloud services may be free or offered on a pay-per-usage model. City and state agencies use this approach for mass notification and incident databases. Community cloud – It shares infrastructure among organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a 34

January 2012 • SECURITY • SecurityMagazine.com

third-party and hosted internally or externally. Hybrid cloud – A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models. It can also be defined as multiple cloud systems that are connected in a way that allows programs and data to be moved easily from one deployment system to another. First responders, reflecting public and private organizations, can use a hybrid approach. Private cloud – Private cloud is infrastructure operated solely for a single organization, whether managed internally or by a thirdparty and hosted internally or externally.

Is your document security still running on diesel?

Lose the gas hog and take control of your document security program with Destroyit business shredders—smart, safe, and green. hen you use a shredding service, you’re putting your company’s security in the hands of strangers. You don’t know their backgrounds or work histories. How can you trust them with confidential documents? Today, more and more companies are realizing that, aside from being a security risk, shred services also take a tremendous toll on the environment.

W

Fleets of large trucks log hundreds of miles every day, seldom if ever shutting their engines down (on-site trucks use their diesels to power the shredder). Huge amounts of fuel are being burned and the ever-increasing costs are getting passed on to your company.

Consider the alternative—shredding in-house with reliable, high volume Destroyit business shredders. Our centralized office models are so efficient, that in about the time it takes to feed documents into the slot on a collection container, you could have shredded them! A one-time economical cost replaces a never-ending service contract, and paper waste can be collected in bagless shred bins and recycled. And your sensitive information is better protected because it never leaves the building intact. Contact MBM today to learn more about the advantages of in-house shredding and how your company can save green by going green.

ENTERPRISE SOLUTIONS Part 3 of 3-Part Series

Breaking Boundaries: New Directions in Visual Data

By Steve Russell, Contributing Writer

A

s the digital transformation of video has progressed, we’ve seen the same sorts of innovations in video that we’ve seen over the years in other realms of information technology. First came video analytics – a market segment that’s still seeing new and smarter software packages emerge every quarter. Then came innovations in storage, with virtualized servers and cloud storage, which have opened up new ways to reduce storage needs and optimize capacity. And most recently, we’ve seen the rise of cloud-based software services, which take analytics off of local processors and make video accessible remotely. While all of these segments are still maturing in their own right, they’ve laid the foundation for the next batch of innovations, which go beyond simple storage and bandwidth concerns to deliver entirely new uses for visual data. There are two forces driving innovation in visual data at the moment: the natural progression of technology that I described here, and the cross-pollination occurring between B2B video solutions providers (primarily in the surveillance industry) and vendors with consumer-facing products. Increasingly, these two previously separate businesses are merg36

ing in new and interesting ways. The result? A host of emergent applications and tools that takes visual data to a whole new level, creating new opportunities, ranging from image-sharing services to highly complex augmented-reality applications and more. Some of these uses are trivial and fun, while others could be hugely important to both business and national security. In either case, this is an exciting time to be living in the world of visual data.

YOU CAN TAKE IT WITH YOU One of the best things to come out of the mixing up of consumer and B2B video technologies is the huge improvement in the mobile video experience. Ooyala, a provider of online video technology and services, recently surveyed its 100 million global monthly users and found that consumers are watching more video, and for longer, on their portable tablets than on their desktop computers. This is largely attributed to the fact that streaming video has improved dramatically over the past few years, enabling users to view high-quality video seamlessly. Remember when videos used to “buffer” every 30 seconds or so? That’s not really happening anymore, and that simple improvement alone is a major revolution in video. Of course, I’m not just talking about the

January 2012 • SECURITY • SecurityMagazine.com

ability to watch a TV show or movie on your iPad without interruption. The same technological advancements that have made that possible have made remote monitoring of surveillance footage more of a reality, too. For years, video surveillance providers have been promising remote monitoring and access to surveillance systems via smartphones and iPads, but we all know the actual experience of those services has been suboptimal. Now, thanks to advances in video technology, storage and bandwidth, the dream of truly remote monitoring is becoming a reality. iZON, a new consumer video surveillance product, enables homeowners to see what’s happening in their living room from a smartphone or tablet anywhere in the world, ruining teenage parties everywhere. And in pilot tests, Prism Skylabs’ remote functionality has enabled business owners to check in on their storefronts from thousands of miles away, sitting in an airport with an iPad.

A PICTURE IS WORTH A THOUSAND DOLLARS It’s not just video that’s easier to access and share these days, but images as well. Image-sharing sites like Instagram have tapped into consumers’ desire to express themselves creatively and to share information visually. In just one year, Instagram racked up 5 million users and 150 million photos. Now in its second year, the site is up to 12 million users. Tellingly, more than 80 percent of those users include filters when sharing their images, hinting at the fact that consumers don’t just want to share pictures, they want to share feelings and experiences. That, in turn, has led to a burgeoning business interest in image-sharing services. Starbucks joined Instagram early on, creating online slideshows of Instagram images taken from inside of various café locations. The San Diego Chargers recently started using PicPlz, another image-sharing service, to share photos with fans both during the regular season and throughout the off-

NEVER SEND A CAMERA TO DO A WATCHMASTER’S JOB. The WatchMaster™ line of day/night thermal cameras from DRS offers both thermal and video imaging with exceptional image resolution, durability and ease of use. Whether in a fixed position, on a moveable mast or mounted on a vehicle, WatchMaster™ cameras – drawing upon many years of EO/IR innovation – deliver a previously unattainable level of performance for force protection, border patrols, homeland security and critical infrastructure.

Darkness Made Irrelevant. That’s Go To. DRS.com/WatchMaster

ENTERPRISE SOLUTIONS season – and has seen positive results. The team has been inundated with comments from fans that appreciate the opportunity to connect with their team in the offseason, too. While image-sharing services themselves have not yet figured out how to monetize the trend, brands from various industries are finding the services to be an increasingly valuable marketing tool, enabling instant, free branding – and a direct connection to consumers. Once again, the surveillance industry can benefit from what, on the surface, seems like a superficial consumer trend. Just think about how useful it might be to pull a few representative photos out from an hour’s worth of surveillance video, and how much faster a security professional might understand what happened in that hour from those few shots than from sitting through an hour of footage. Now imagine that professional being able to easily e-mail, IM or text those images to his boss or to the police. Suddenly image-sharing is like a really useful tool.

ment created the technologies that eventually made it to the masses. Email, the Internet and personal computers are three examples of how technology used to evolve,” said Shadman Zafar, senior vice president for product development at Verizon, recently while talking about Verizon’s predictions for the top technology trends in 2012. “Today, technological advancement is no longer driven from a ‘push-through’ model where consumers are simply on the receiving end. End

YOUR WORLD, ONLY BETTER

users – consumers – are driving technological change and creating a world where what they want is always accessible to them.” These new consumer-driven advancements are also changing the way businesses view surveillance video. Just think of the volume of video produced every day by nearly every business in the developed world. Now imagine if, instead of being a burden – something business owners need to worry about storing, processing and transmitting – that footage became a business opportunity, not just in the form of protecting a business against security breaches and financial losses, but in terms of its potential marketing value. Place a privacy filter on that footage and use some of the latest tools out there to pretty it up, and suddenly that footage that was creating storage and bandwidth nightmares is a highly effective visual branding asset.

Arguably the most exciting, recent innovation in visual data is the advent of what some call “augmented reality” and others “online-to-offline convergence.” Both terms refer to bringing virtual tools and information to bear in the physical world. Yelp’s Monocle application is an early example – it enables smartphone users to view a 3D map of their surroundings, overlaid with reviews from the company’s site of nearby venues. The information displayed can be filtered so that users can, for example, find a nearby pizza joint or check to see if there’s a decent grocery store within walking distance. Amazon’s new Flow app is another early entrant in the augmented reality space. Using Flow, consumers can scan the bar code of any product and pull up Amazon’s price for the product, along with customer reviews and any other relevant information that’s available (the trailer for a newlyreleased DVD movie, for example). The app enables instant price comparisons, helps users understand more about a product in real-time and even enables consumers to buy products online while they’re shopping in the “real” world. It’s this last bit of functionality that has financial analysts calling this space a trillion-dollar opportunity and businesses from various industries trying to get a piece of it. It’s also yet another example of how customer demand is driving advancements in technology. “It used to be that business and govern38

Steve Russell

TRANSPARENCY – BUT AT WHAT COST? It’s this sort of subtle shift in perspective that augmented reality is all about – and one represents a fundamental shift in how data is being structured. “Most of the IT industry has been built on information that machines like: structural information,” says Mike Lynch, founder of Autonomy, a UK-based company at the forefront of augmented reality that was recently purchased by Hewlett Packard for a cool $11 billion. “Nearly all of the systems you see run on structured information so

January 2012 • SECURITY • SecurityMagazine.com

we spend a lot of time trying to fit information into the forms computers like. What’s happening now is there’s an explosion in consumer-friendly information like social media, video, audio, text, e-mail. So what we are seeing is the industry is about to undergo one of its major changes and move over to everything happening around human information rather than computer information. So, if you like, we are no longer going to be slaves to what the computer wants.” As with most advancements in visual data, however, augmented reality comes with a number of privacy concerns, not only for those in the surveillance business, but also for all businesses. Imagine walking down the street, for example, and seeing a celebrity out with a mystery woman. A quick snap with your smartphone and you can determine who the woman is; a great feature for paparazzi, to be sure, but also something of great concern for the general public. “Augmented reality provides a new level of transparency in our world, but that transparency comes with a price,” Lynch says. “Once computers can take pictures or videos of the world and interpret them, ordinary people with ordinary resources will be able to do very powerful things.” At the recent Techonomy conference, Lynch gave the hypothetical example of a small group of people dedicated to tracking someone through a city. All they would need to do would be to post pictures of license plates on Facebook, and their smartphones or tablet computers would sift through all that collective data and turn it into a tracking map. Lynch says he has resigned himself to accepting that the death of privacy is coming, whether we like it or not. Perhaps the better way to contemplate the loss of privacy, he suggests, is to think about how we will need to change our preconceptions about what exactly privacy is. It’s an interesting question, particularly for those of us who consider privacy on a daily basis as part of our business: What does it mean to live in a world in which everyone, citizens and governments alike, has to show all the cards in his or her hand? And as new applications continue to emerge in the world of visual data, we’ll undoubtedly move closer to an answer. About the Author: Steve is founder and CEO of Prism Skylabs, a San Francisco technology company that brings physical spaces online. Steve is also chairman of 3VR, a video intelligence company that he founded in 2002. He actively blogs about the intersection of technology and society at InHardFocus.com.

Fresh designs. Crenlo® products are designed to be functional and stylish. As an industry leader in the design, manufacture, and integration of high quality enclosures, we offer: standard Emcor® enclosure solutions ZKLFK FDQ EH PRGL¿HG WR PHHW WKH QHHGV RI PRVW DSSOLFDWLRQV DQG custom Crenlo enclosure solutions, which can be built for any application, ranging from inverter enclosures to package drop boxes. The only thing stronger than our enclosures is our commitment to customer satisfaction. At Crenlo, we see enclosures differently. Crenlo leads the market in premium enclosures by providing: ‡&XVWRPHQJLQHHUHGGHVLJQVLQDQ\YROXPH ‡+LJKTXDOLW\FUDIWVPDQVKLSIRUGXUDELOLW\DQGVWUHQJWK ‡3URGXFWVWKDWFDQEHPRGL¿HGIRU\RXUDSSOLFDWLRQ ‡6W\OLVKGHVLJQRSWLRQVLQFOXGLQJFRORUVDQGDFFHVVRULHV _ZZZHPFRUHQFORVXUHVFRPIUHVK

We see enclosures differently.

‹&UHQOR&DE3URGXFWV,QF$OO5LJKWV5HVHUYHG&UHQORŠDQGWKH&UHQORŠ/RJRDUHUHJLVWHUHGWUDGHPDUNVLQWKH 8QLWHG6WDWHVDQGYDULRXVRWKHUFRXQWULHV RI&UHQOR&DE3URGXFWV,QF ‹(PFRU(QFORVXUHV,QF$OO5LJKWV5HVHUYHG(PFRUŠLVDUHJLVWHUHGWUDGHPDUNLQWKH8QLWHG6WDWHVDQGYDULRXV RWKHUFRXQWULHV RI(PFRU(QFORVXUHV,QF

INTEGRATED SOLUTIONS: VIDEO SURVEILLANCE

Under Analysis, Making Business Sense of It All By Bill Zalud, Editor Emeritus

T

he Lexus came out squeaky clean. Then came the Chevy, the Buick, the Honda, and more. Autobell, founded in Charlotte, NC, in 1969 by Charles Howard, is now the biggest car wash chain in the southeast. From the beginning, Howard showcased the latest in

reporting, the latter to analyze traffic by day and time, among other criteria. A camera in the front of the car wash captures information and software-as-a-service provides a gateway to analysis of the information collected. “It was a huge challenge, especially in mitigating any false positives,” adds Meng, who needed to adjust the system at each car wash location per zones and exclusion areas.

In chips at the camera edge and in or on top of video management systems (VMS) or through storage and retrieval systems for forensics uses, an algorithm is basically logic written in software. For both pixel and pattern/object analysis, algorithms move from fairly simple to very complex, and from an embedded chip to sophisticated software embedded in command and control.

IN DEVICES AND IN SOFTWARE

Detection of unattended objects such as left baggage or backpacks analytically alerts on objects left behind.

Security video cameras and systems can create virtual perimeters that are programmed to alert on or e-mail video clips when the analytics detects people crossing the perimeter.

car wash equipment technology with a focus on the environment and the community. So Howard and Autobell turned again to technology, applying security video and analytics to eyeball and alert to what is happening on the waiting line, according to Rob Meng of AutoMotion Management, Raleigh, NC, and a Honeywell integrator using video analytics that goes beyond just security.

ANALYTICS FOR A BETTER BUSINESS “The system keeps track of cars about to enter the car wash tunnel. If there is a long line of cars, a text message is sent to the manager” to take appropriate action, comments Meng. There is real-time and historic 40

The system can also provide a certain level of security, too, while collecting information on a diversity of cars. The business bottom line: valuable seconds have been shaved off the waiting line to make Autobell locations with the security video analytics more efficient and productive. Video analytics has come a long way, in fact moving into uses that go way beyond security, and typical motion detection, object recognition, and virtual tripwires. The application falls into two general areas: pixel examination and pattern or object recognition. On the pixel side, there is motion detection, around for many years, and camera tampering alerts. Objects – from people and vehicles to baggage and backpacks – and other patterns can be “recognized.” This approach can be applied to license plate recognition, bag left behind, people counting, vehicle counting, and trip wire or so-called virtual fences, as examples. At the heart of analytics is an algorithm.

January 2012 • SECURITY • SecurityMagazine.com

You can also separate analytics into two camps – embedded primarily by IP camera, encoder, and transmitter manufacturers in their gear as a bundled feature among many. Take, for example, cameras such as SightSensor from SightLogix with thermal video analytics for more accurate detection in difficult outdoor environments thanks to on-board video processing for high probability of detection and low nuisance alarm rates. Bundled into such cameras: a thermal imager, lens optics, electronic stabilization, image contrast enhancement, video analytics software, camera control, and geospatial target tracking. Then there is separate or bundled analytics for VMS, higher end and niche uses. An example here: analytics packages that can integrate into or work with various video management systems.

WORKING THROUGH A VMS In one bundled example, Tim Huntsinger, COO of All Phase Security, uses the VMS from OnSSI in his business with enterprise security leaders, and favors its analytics packages. Huntsinger recently consulted on an upgrade of surveillance at the Port of West Sacramento (Calif.), where contract security officers from All Phase Security watch camera views of the port 24-hours-a-day in realtime, and they can also view video archives as needed. More on the Port’s mixture of contract officers and upgraded video technology in next month’s Security magazine. Despite the continued penetration of

A. B. C. D.

COMPETITOR PARTNER FIRED EMPLOYEE CONTRACTOR

With our Visitor Management System you’ll know who is in your building. And why. f(QWHUSULVHFODVVYLVLWRUUHJLVWUDWLRQWUDFNLQJ UHSRUWLQJDQGEDGJHSULQWLQJ f:HEEDVHGSUHUHJLVWUDWLRQE\HPSOR\HHV f7LJKWLQWHJUDWLRQZLWKRYHUPDMRUDFFHVV FRQWUROV\VWHPV f(PSOR\HHDQGFRQWUDFWRUWLPHDQGDWWHQGDQFH f6FDODEOHIURPDVLQJOHV\VWHPWRKXQGUHGVZLWK FHQWUDOL]HGDGPLQLVWUDWLRQ f$IIRUGDEOHHDV\WRLQVWDOODQGHDV\WRXVH

6FDQHDFKYLVLWRUV,'DXWRPDWLFDOO\DQGSULQWD FXVWRPL]HGEDGJHLQVHFRQGVRUOHVV 7KRXVDQGVRIFXVWRPHUVZRUOGZLGHKDYHUHSODFHG WKHLUSDSHUJXHVWORJZLWK(DV\/REE\WRLPSURYH WKHLUVHFXULW\DQGPDQDJHYLVLWRUVPRUHSURIHVVLRQDOO\

Contact us today for a FREE Web Demo Phone: 781-455-8558 Email: [email protected] Online: www.easylobby.com

The Global Leader in Secure Visitor Management Systems

INTEGRATED SOLUTIONS: VIDEO SURVEILLANCE “free” video content analysis (VCA), what some call video analytics, in video cameras and at the edge devices, the market for separate modules, options, and “chargeable” analytics software and applications will continue to grow quickly, according to an IMS Research report, “The World Market for Video Content Analysis in Security and Business Intelligence Applications.” It forecasts that the market for video surveillance devices with chargeable VCA will be worth almost $600 million by 2015. For some time, video surveillance device manufacturers have been embedding low end applications in their cameras like video motion detection and camera tamper, and offering them as “free” features. The report predicts a clearer divide will emerge between free lower end applications and chargeable higher end applications. Intrusion detection is a good example. Detecting an intruder inside a building from a short distance away requires a much less advanced solution than detecting an intruder in an outdoor environment from a greater distance and in conditions where there can be significant movement from peripherals like water or branches moving in the wind.

BIG INVESTMENT TO CREATE ALOGRITHM Says report author Jon Cropley, from free to chargeable makes business sense to the suppliers and will, in the long run, bring more choices to enterprise security leaders. “A charge needs to be applied to recover the high cost of developing many of the higher end analytics applications. It is unlikely that suppliers will amortize this cost in

an increased price of every device. This is because only a small proportion of cameras are actually monitored. Most record the video and only view an event after it has occurred. Furthermore, many applications are quite niche. The majority of customers would, therefore, be paying for a feature that they would not use.” These more sophisticated video analytics solutions are forecast to grow particularly quickly in such sectors as retail, energy/utilities and transportation.

Analytics can play a key role in applications such as remote video monitoring. No doubt, accuracy is the ultimate goal of video analytics; you don’t want false alarms, which would detract from confidence in and effectiveness of the system, according to integrator Chris Hugman, vice president of Knight Security. “We now use video analytics in some of our projects.” However, when it comes to uses outside of the security arena such as at Autobell or at retail chain stores, total accuracy is less necessary. A survey of retailers by research firm Frost & Sullivan notes that more than 70 percent declared an awareness of the utility

of video surveillance for such applications beyond pure security. Still, analytics need not be fancy pants.

IN CAMERA SOLUTIONS A McDonald’s 24-hour drive-thru restaurant in Dublin, Ireland, recently deployed IQinVision HD megapixel cameras to improve safety and operations. Vandalresistant domes were positioned to capture registration plates on cars exiting the drivethru lanes. All 24 cameras record to a server, which allows management to retrieve and view video simply and efficiently. With an IP network security solution, each camera can be adjusted for best performance including frame rates, motion detection sensitivity, and privacy masking. More generally, analytics can play a key role in applications such as remote video monitoring, according to Andy Stadler, who handles business development for Security Partners, which provides such services among others, and its Select Security integration firm. The company supports Bosch Security Systems and Honeywell Security platforms and uses VideoIQ gear, where appropriate. “More organizations are involved in sophisticated security video, especially as they migrate from analog to digital megapixel cameras,” which capture more information. “And there is that advantage of having more brains (analytics) in the camera,” says Stadler. It’s obvious that networked cameras and megapixel cameras make an even better security and business case for analytics.

Analyze This: Eight Business Reasons and More to Come here are a lot of general and specific reasons to go video analytics. According to Verint, its Nextiva video analytics portfolio, for example, includes an array of automated video analysis applications for retail, finance, campus facilities, transportation, and critical infrastructure.

T

1. Camera tampering detection automatically detects camera tampering or shifting for more rapid correction of camera operation problems that occur either intentionally or inadvertently, with minimal interruption of surveillance activities. 2. Perimeter intrusion detection helps organizations secure expansive perimeters, while reducing staff requirements and the need for manual patrols. 3. Loitering detection automatically detects people or vehicles remaining in an area for an extended period of time, for a more proactive, effective approach to suspicious activity. 4. Unattended objects (such as left baggage) detection automati42

January 2012 • SECURITY • SecurityMagazine.com

5.

6. 7.

8.

cally pinpoints baggage and other objects left behind, enabling security personnel to rapidly detect and address potentially threatening situations. Secure area monitoring pinpoints people or vehicles moving through sensitive areas, including demarcated hallways and rooms and areas without physical boundaries, such as space in buildings and outdoors. City monitoring helps secure city and town centers by pinpointing suspicious activity to deter vandalism and other crime. Wrong direction automatically detects people or vehicles moving in the wrong direction, promoting a more proactive approach to threat identification and management. Equipment removal detection automatically detects when an object has been removed from an area under surveillance, enhancing asset protection initiatives and increasing the chance of recovery by enabling theft to be more quickly identified.

dare we call it an intercom? Introducing the latest advancement in security communications from STENTOFON. The new Turbine stations offer incomparable sound quality. It’s like nothing you’ve ever experienced before, and it comes with all the features and functionality STENTOFON is renowned for. When security is critical, look to the global leader to provide all your communication solutions.

STENTOFON

IP66

VoIP

10W

Analogue

103 DB

SIP

ALPHACOM XE1 IP AUDIO SERVER

Experience Turbine @ ISC West 2012

800/654-3140 www.stentofonusa.com

Surveillance Strategies

Video Analytics: Basic and Advanced Market Potential

A

t the 2007 IMS Analytics Conference in Amsterdam, it was forecasted that the VCA (Video Content Analytics) market would penetrate 40 percent of the security video market. This forecast obviously was prior to the great worldwide recession, however it still proves that there is such a thing as a “hype curve of growth.” This estimate was obviously higher than what has been realized over the past four years. If the prices of advanced VCA systems were discounted back in 2007, the market would have potentially purchased even more; however, this would have potentially delayed the basic VCA market from materializing and could have made today’s VCA market more fragmented. However, today Sony, Axis, the By Keven Marier many Object Video OEM’s and others, are providing basic analytics such as camera tampering and trip wires, for little or no cost. These are signs that the VCA market might be finally showing the potential promised back in 2007.

Two VCA Markets The emergence of basic VCA functions embedded in network cameras such as camera tampering and basic trip wires, has been taking place since as early as 2007. These low-cost, sometimes “Free” analytics are penetrating the surveillance market because they are provided by top network camera manufacturers; as determined by market share. These analytics algorithms are today often looked at as just another feature provided by the camera. However, in comparison to more expensive advanced analytics, these low-cost analytics are almost always deployed immediately after being purchased and generally deliver the expected results. Another difference between basic and advanced VCA products is that the basic analytic features provided by networked cameras often are not tested prior to purchase, compared to the advanced VCA technology, which is almost always tested prior to purchasing. This is in large part because of the price differences and perceived installation or integration risks. The challenge with today’s basic analytics is that they can’t consistently manage the increased operational risks security systems are asked to deal with at discounted pricing. However, the increased channel penetration of networked surveillance cameras over the past four years has enabled a new analytics market to take shape. One key characteristic of this new analytics market is that it is actually two different markets. The first of which is discounted, and provides basic functionality, which meets a lower level of expectations. The second of which is expensive, and 44

January 2012 • SECURITY • SecurityMagazine.com

provides advanced functionality for more demanding security surveillance installations. When a market starts to expand and mature, the end user or the systems integrator is provided with better support from manufacturers due to competitive forces. Comprehensive support including training, field services and troubleshooting has been one major factor limiting growth in the advanced VCA market. Mature markets and increased support quality will create even more demand for advanced VCA products. The surprising trend is that the advanced VCA market, because of its higher prices, will actually grow faster in market size, albeit smaller in channel penetration. This activity will draw additional investment and create several strong advanced analytics companies, which will continue to keep prices high, provide superior features and will show real benefits in complex security environments.

Little Price = Little Value To capture the opportunities in this new market you must choose which provider to work with, and the price you are willing to pay. The truth is that video analytics at any price is not worth the investment without a good security surveillance plan. Too much emphasis is placed on the price and the theoretical technology benefits during the purchasing process. This emphasis tends to overshadow a serious requirement for integration and operational plan complexities. All analytics systems increase complexity within a security surveillance operation. They add more integration complexity, configuration, calibration, alerting and alarming management challenges. If you purchased a system at a rock bottom price, you should expect the installation and operational life cycle costs to be much higher. Last, the purchase price of a video analytics system must be calculated over a three to five year life cycle. In fact, a low price is often directly associated with low value to the end user. So, while you may not be able to say that you have purchased advanced video analytics at a discounted price, you probably won’t have to relive the analytics industry experiences from 2007, which were best stated as the era of “over-promised and under-delivered.” About the Columnist: Keven Marier is the founder and CEO of Connex International, Inc. He has a 20-year background in technology consulting, publishing and educating within the physical security technology and enterprise IT industries. Connex International Inc. is a 55-person global professional services company providing services to security manufacturers, distributors, systems integrators and end-users in 14 different languages.

SCAN TO RENEW It’s time to renew your FREE subscription to Security. Scan this image with the Microsoft Tag Reader on your smartphone or go to www.SecurityMagazine.com/renew

With thousands of installer ready Intransa appliances already sold, we’re better than ever Simple • Affordable • Reliable • Powerful • Energy Saving • Patented Video and Data Management & Retention™ (VDMR™) software technology in every appliance simplifies installation, reduces equipment, slashes electrical consumption, and improves recording & playback reliability • Modular appliances supporting risk-free integration from choice of hundreds of jointly certified security applications & products, with more than 3 dozen of the best available as preloads for near instant activation • Affordable for small projects, yet scalable enough for the largest and most demanding video surveillance, video analytics, access control & PSIM deployments

Intransa, the VideoAppliance™ Company 10710 N Tantau Avenue, Cupertino, CA 95014 USA www.intransa.com • intransablog.com • [email protected] 866.446.8726 (toll free) • +1.408.678.8600 (international)

Get Into Access & ID

Automate and Delegate

I

’m always amazed at how many of my colleagues still rely on a significant amount of manual data entry to their access control systems. Often, a large amount of employee information is entered at the badging station or after-thefact at the security office. At the risk of sounding like a 1980’s PC salesman insisting that you need a computer and a spreadsheet to balance your checkbook, is it prudent to pay someone to manually enter hundreds or thousands of records into a 21st century database – your access control system? I say no. Many access control software solutions incorporate, or have as optional additions, methods to import data from other databases, such as employee records from human resources, for example. By Joel Jensen Other offerings include the ability to exchange data to and from other databases – some schedule based, others in real time. If there isn’t an off-the-shelf solution for your organization it may

be possible for an applications developer to create one for you. Consult your integrator first, of course. If it is impossible to exchange data electronically, well, there’s still paper printouts and data entry…for now. There are other opportunities to automate whether using imported data or the data already contained within your system internally. Are you using your system to its fullest potential? You may be surprised to find existing, yet unused, automation solutions to assign access to areas based on employees’ department, shift and/or position. Remove all access privileges for fixed term employees on employment end date. Allow extended door open times for employees who selfidentify as needing this option. Is your database more useful to other departments in your organization than their database is to you? Your database may contain employee information more current than others. About the Columnist: Joel Jensen is the associate director of security at Minnesota State University, Mankato, and in addition, serves as the system administrator and project manager for the University’s access control system, radio communications systems and two networked video systems.

IDenticard ® revolutionizes the way Access Control is managed today. Access Management · Lock, unlock, or lock-out any individual or group of doors · Run history reports on system events · Acknowledge and clear system alarms

Visit www.identicard.com/premisysdemo to download a free video demo 111 1111-138ID 11 1

800.233.0298 www.IDenticard.com 46

January 2012 • SECURITY • SecurityMagazine.com

Be competitive at every stage of your career.

Organizations demand practitioners with proven knowledge and demonstrated skills for positions at all levels of security management—from the front line to the C-suite. As the standard of professional competency in security, ASIS board certification is an objective measurement employers look to and trust to distinguish one candidate from another when hiring or promoting. More than 3,500 organizations in 77 countries employ ASIS board-certified practitioners. As a Certified Protection Professional (CPP), Professional Certified Investigator (PCI), or Physical Security Professional (PSP), you will confidently convey credibility and position yourself to capitalize on expanded career options within the public and private sectors...across the country and around the globe. Apply for your CPP, PCI, or PSP online at www.asisonline.org/certification.

Accepted as the standard. Worldwide.

Zalud Report

Whose Reputation?

A

By Bill

s enterprise security executives cozy up to the C-suite folks, there is more focus on protecting the brand and the organization’s reputation. It may be a more complex assignment than first thought. Balled up inside the Pennsylvania State University scandal with former coach Jerry Sandusky, for example, is grand jury testimony that campus police had conducted a “thorough” investigation of one victim’s allegations in 1998 along with local police and state investigators, only to have the district attorney decline to prosecute. A mother of one of the victims came forward, saying two “campus police detectives” eavesdropped on conversations in May 1998 when the mother confronted Sandusky. Police later monitored a second conversation that month, in which Zalud, Editor Emeritus the mother told Sandusky to stay away from her son.

tions to the proper authorities. Under terms of the Act, campus officials beyond security have a responsibility. According to the 2011 Handbook for Campus Safety and Security Reporting, “Even at institutions with a police department on campus, a student who is the victim of a crime may be more inclined to report it to someone other than the campus police. For this reason, the Clery Act requires all institutions to collect crime reports from a variety of individuals and organizations that Clery considers to be campus security authorities.”

Who Has Responsibility?

In another tragedy that goes back to 2007, Virginia Tech University is now fighting $55,000 in DoE fines, saying it acted appropriately in alerting the campus in what became the deadliest mass shooting in modern U.S. history. The government disagrees, contending the school was too slow in notifying students, faculty and staff and in violation of the Clery Act. While obviously able to afford to pay the fines, Virginia Tech is fighting for its reputation. Then there is the University of California Davis and the images seen by millions around the world. There is a line of young students sitting, arms linked, at the front edge of an Occupy UC Davis protest. As campus police stepped up, Who Knew What When? students chanted “the whole world is And the grand jury report says univerwatching” while officers pepper sprayed sity police were never notified by anyone into the faces of the seated students. at the university of assistant coach Mike UC Davis President Mark Yudof McQueary’s 2002 report he’d seen Jerry suspended two officers and UC Davis Sandusky assault a boy in a campus Chancellor Linda P.B. Katehi placed shower. Former vice president of finance Police Chief Annette Spicuzza on adminGary Schultz, who has been dismissed istrative leave pending a review of the by the university, oversaw the police Want a tough guy reputation? Think again. Two officers department, but he is charged with fail- and the campus police chief at the University of California incident and the allegations of excessive force. Former Los Angeles Police ing to report the accusation to university Davis are on leave after a pepper spraying of students. Chief William Bratton, now chairman police officers or other law enforcement of Kroll, will lead the investigation. But authorities. the Bratton choice has been criticized. More recently, McQueary e-mailed a The Council of University of California colleague, stating that he did have “discusFaculty Associations (CUCFA) contends sions with police” about allegedly witnessthat Kroll has provided security services ing Jerry Sandusky’s shower incident. But to at least three UC campuses for the State College (Pennsylvania) Police Chief past several years. “This in itself would Tom King says McQueary never talked to disqualify Mr. Bratton from participatpolice. “Absolutely not. We don’t have any ing in the investigation,” says CUCFA records of him coming to us.” president Robert Meister. “You would Penn State has asked former FBI be illustrating the kinds of connection Director Louis Freeh to investigate the between public higher education and Wall Street that the university’s role. Freeh seems to be a busy boy; he also has been Occupy UC movement is protesting.” tapped by the trustee for MF Global’s Chapter 11 bankruptcy Protecting reputation. case in which about $1.2 billion is missing. Securing the brand. The U.S. Department of Education (DoE) has instituted For some, with their feet stuck in the mud, it would be better an investigation into whether Penn State violated the Jeanne if their focus was not on what their bosses wanted but what the Clery Disclosure of Campus Security Policy and Campus Crime organization’s stakeholders expected. Statistics Act when it did not report child sexual abuse allega-

Protecting the brand is a complex assignment.

48

January 2012 • SECURITY • SecurityMagazine.com

$

360 a year

$

30 a month

$

50 7. a week

$ 12

1. a day

helps provide a child like her with access to life-changing essentials — clean water, nutritious food, healthcare, education, and more — giving her hope for a better future.

Make a difference today by sponsoring one child. Visit: mission500.org/sponsorachild for details.

Register to participate in the Security 5K/2K at ISC West 2012 and learn how to set up your personalized sponsorship portal by visiting: mission500.org/Security5K

Education & Training

Leadership Behaviors to Drive Innovation in Security Organizations By Natalie Runyon, Contributing Writer

I

t is no secret that CSOs need to be business enablers to maximize success and to collaborate across disciplines as part of a broader enterprise risk strategy. In my article from the August edition of Security magazine, business acumen, strategic capabilities and entrepreneurial mindsets are underscored as the key skills corporations are demanding from security executives and are requirements for generating business value and collaboration in an enterprise risk management program. Underlying these skills and principles of success is innovation at all levels of security organizations. Driving innovation requires a culture that instills creativity, the development of diverse teams, and accountability-driven micro and macro performance at the core of its operations. The following describe key behaviors for the leader to “walk the walk” of putting innovation into action.

Inclusion Council and director of Leadership Organizational Effectiveness, cites a study in which diverse teams outperformed nondiverse teams by 12 percent with respect to productivity, according to the article, The

Natalie Runyon

Stimulate Creativity More often than not two people working together to solve a problem develops a better solution than if the two individuals had worked independently. To bring about creative solutions, foster collaboration among employees from different functions. Make teamwork a requirement. Indeed, it enables innovation. A Harvard Business School working paper highlighted global collaboration as a key ingredient for innovation and competitiveness. While the article focused on the macro level of collaboration across companies, one can apply the key learning points on a micro level. Entities working together, whether they are individuals or organizations, promote innovation because each of them brings specialized knowledge, skills and abilities to the table. Build Teams with Diverse Talent. Assemble a team of individuals with different professional skills and who differ by professional background, age, country, gender, ethnicity and culture. Alfonso Gonzales, chairman of Grace’s Diversity and 50

When the team succeeds, everyone succeeds. Focusing on “we” reinforces ownership of the team’s mission. Business Case for Diversity, from Industry Week. In the ever flattening global market place, diversity and inclusion is a definitive business requirement for the bottom line. Why? Because for most companies, their client base is not one dimensional; it is multidimensional filled with men and women of all ethnicities and cultures with different values, desires and needs. Developing and customizing products and services that appeal to a wide customer base requires creativity. Companies that know their customers will perform well. Having a team to represent the many facets of an organization’s customers is “the how” behind the innovation

January 2012 • SECURITY • SecurityMagazine.com

that produces profits. As corporate security functions, we all know that tailoring security and safety solutions is critical for acceptance in the local operating environment. The customization and implementation of these solutions are more effective when done by teams from different walks of life and who identify with the local requirements. Manage the Performance of We and Me. Author and former Secretary of State Colin Powell once said, “Performance is the only thing that counts.” He is right. Focusing on results and time-based outcomes versus the number of hours your team is spending in the office nurtures an environment of trust, and trust is the foundation of an empowering team environment stimulating creativity and innovation. When the team succeeds, everyone succeeds. Focusing on “we” reinforces ownership of the team’s mission and a collaborative working environment. At the same time, recognizing individuals’ contributions is also important. Create ownership of the collective mission by aligning the team’s goals with personal interests. According to Dan Pink’s Drive, motivation is driven by autonomy, mastery and purpose. Give individuals more autonomy to work the hours they want by managing by objectives rather than face time. Offer them the opportunity to master a particular skill that can benefit your team through professional development programs. Have each team member outline how their role and tasks contribute to the overall mission, project and goal. Allow them to create solutions and work products that enable them to own the purpose. When objectives and accountability for the team and the individual members are clear, the working environment enables the creative energy necessary for innovative ideas to percolate and take root. About the Columnist: Natalie Runyon, through CSO Leadership Training, specializes in leadership development, communication skills, and career advancement for women leaders in security.

SUCCEED LEARN CONNECT Bachelor’s Degrees

START by connecting with other adults who work in security, professors with first

s 3ECURITY-ANAGEMENT – the nation’s largest!* s )NFORMATION4ECHNOLOGY s )NTERNATIONAL3ECURITYAND )NTELLIGENCE3TUDIES

hand, real-world knowledge of the field, and your advisor who will be with you every step of the way.

Master’s Degrees s 3ECURITY-ANAGEMENT – the nation’s largest!* s )NTERNATIONAL3ECURITYAND )NTELLIGENCE3TUDIES s #YBERSECURITY Homeland Security Award Winner: h"EST4RAINING(IGHER%DUCATION!WARDv – Government Security News 2009 & 2010

IMMERSE yourself in career-relevant learning – courses and case studies that

reflect what hiring companies need in security professionals NOW. APPLY what you learn real-time to your career. You’ll become the “go to” person – the one whose advice they seek, and the one who achieves career and life success. Bellevue University makes it possible.

We give you accelerated bachelor’s degree completion (accepting the credits you’ve already earned), convenient online learning that fits into your busy life, engaging, interactive learning, affordable tuition, and a degree that opens doors for you. Learn more now about our degrees specially developed for security professionals.

Scan with your Smartphone now.

Security.Bellevue.edu 800-756-7920
ʘœ˜‡«ÀœvˆÌÊ՘ˆÛiÀÈÌÞ]Ê iiÛÕiÊ1˜ˆÛiÀÈÌÞʈÃÊ>VVÀi`ˆÌi`ÊLÞÊ/…iʈ}…iÀÊi>À˜ˆ˜}Ê œ““ˆÃȜ˜Ê>˜`Ê>ʓi“LiÀʜvÊ̅iÊ œÀÌ…Ê i˜ÌÀ>Ê
ÃÜVˆ>̈œ˜ÊœvÊ œi}iÃÊ>˜`Ê-V…œœÃÊUÊÜÜÜ°˜V>…V°œÀ}ÊUÊnää‡ÈÓ£‡Ç{{äÊUÊ iiÛÕiÊ1˜ˆÛiÀÈÌÞʅ>ÃÊÀiViˆÛi`Ê specialization accreditation for its Bachelor of Science in Accounting, Bachelor of Science in Business Administration, and Masters of Business Administration degree programs in business through the International Assembly for Collegiate ÕȘiÃÃÊ `ÕV>̈œ˜Ê­
®]Ê">̅i]Ê>˜Ã>Ã°Ê iiÛÕiÊ1˜ˆÛiÀÈÌÞʈÃÊ>ʓi“LiÀʜvÊ

- ʘÌiÀ˜>̈œ˜>ÊqÊ̅iÊ
ÃÜVˆ>̈œ˜Ê̜Ê
`Û>˜ViÊ œi}ˆ>ÌiÊ-V…œœÃʜvÊ ÕȘiÃÃÊUÊÜÜÜ°>>VÃL°i`ÕÊUÊ iiÛÕiÊ1˜ˆÛiÀÈÌÞÊ`œiÃʘœÌÊ`ˆÃVÀˆ“ˆ˜>Ìiʜ˜Ê̅iÊL>ÈÃÊ œvÊ>}i]ÊÀ>Vi]ÊVœœÀ]ÊÀiˆ}ˆœ˜]Ê}i˜`iÀ]ʘ>̈œ˜>ÊœÀˆ}ˆ˜]ʜÀÊ`ˆÃ>LˆˆÌÞʈ˜Ê̅iÊi`ÕV>̈œ˜>Ê«Àœ}À>“ÃÊ>˜`Ê>V̈ۈ̈iÃʈÌʜ«iÀ>ÌiðÊI
ÃÊÀ>˜Ži`ÊLÞÊSecurity Magazine]ÊÓääÇ°

Provides Discrete Surveilla Surveillance Surve Here’s a highly discreet and af affordable forda solution for monitoring indoor areas – retail stores, banks, hotels, office offfice lobbies, restaurants and warehouses – to improve security and more e effectively manage one or more locations. With effec a sleek and compact design, de esig AXIS M50 cameras are only 5.1” wide and 2.2” high, enab enabling bling high-quality 360° surveillance (±180˚ pan, 9 90° tilt t and 3x digital zoom) with HDTV 720p resolution resoluti in a package smaller than the average hand. As a complement to its intelligent motion han nd. A detection detectio capabilities, a built-in microphone also enables audio detection that monitors for unusual enables au noises d during durin off-hours to trigger a security alarm that th hat is sent to the business owner and/or security personnel. The mini PTZ dome cameras are easy to install on soft and hard ceilings as well as on walls, and can cover an area of up to 4,30 4,300 sq. ft. With an IP51 rating, the cameras are dus dustproof stpro and protected from dripping water, enabling enablin ng vvideo to be taken even when a sprinkler system m is aactivated. Find out m more aat www.axis.com

Prevents Vehicle Incursion Lighted bollards are commonly used to light walkways and/or landscape lighting. Most lighted bollards are constructed from cement or stone, which are susceptible to blemishes and require regular maintenance in order to retain their integrity. Calpipe’s lighted security bollards’ stainless steel finish is inherently durable even in harsh environments and their engineered footings and carbon steel inner cores provide added security that stone and cement bollards cannot. The lighting fixtures are available in metal halide, CFL, induction fluorescent and LED versions with stacked, paracline, glass, louvre, two-louvre and refractor optics, and the lens materials are either opaque or clear. All models extend 36” above ground. Other specifications can be accommodated based upon the application and degree of security needed. The lighted security bollards are optimized for light, medium and high security applications from parking lots to government facilities. Find out more at: www.calpipebollards.com

52

January 2012 • SECURITY • SecurityMagazine.com

“One key area of focus for many integrators is efficiencies. The peer networking coupled with fostering strategic partnerships creates a true value proposition for each attendee of SecurityXchange.” BRAD WILSON PRESIDENT RFI COMMUNICATIONS & SECURITY SYSTEMS

SecurityXchange

August 12-15, 2012 The Lodges at Deer Valley Park City, Utah To find out how to get on the invitation list call 952-224-7616 or visit www.verticalxchange.net/security-xchange

Industry Innovations Cam Camera Guarantees Continuous 30fps 30fp Frame Rate for Gaming Industry Fu motion video at 30 fps is a core requirement for customers in the gaming indusFull ttry. Arecont Vision’s new Casino Mode guarantees continuous 30fps high-resolution video specifically for gaming applications. Casino Mode guarantees that the frame rate will not dip below 30 fps by forcing automatic bit rate and exposure control to maintain specific predetermined settings. Casino Mode is available on the AV2115 Compact MegaVideo 1080p H.264 camera line, including the AV2115DN day/night version and the AV2115AI model with an auto-iris lens. It is also available on D4S and D4F Series of 4-inch indoor 1080p H.264 megapixel dome cameras. Each dome camera is easy to install and features an adjustable 2-axis gimbal to provide 360-degree pan and 70-degree tilt adjustment. a Additional functionality of the cameras includes a privacy mask to enable video to be Add blocked on the camera in multiple regions in almost any arbitrary shape. block Find out more at www.arecontvision.com o

Provides Thermal Video Analytics at Affordable Price SightLogix offers a new generation SightSensor that takes thermal video analytics to mainstream pricing. This has been achieved by doubling the on-board image processing, reducing the costs of the electronics and housing and streamlining manufacturing. New video analytics deliver more accurate detection in difficult outdoor environments, while image contrast enhancement technology provides clear, detailed thermal images both night and day. Perfect for both shorter (90m) and longer (600m) ranges, the new outdoor thermal camera leverages powerful on-board video processing for high Probability of Detect (PD) and low Nuisance Alarm Rates (NAR) while providing crisp, clear images night and day. Find out more at http://www.sightlogix.com/thermal-sightsensor.html

Card Reader Surface Mount for Drive Up Applications Combining emergency communications equipment with access control is easier with Talk-APhone’s ETP-SMCR Card Reader Surface Mount Accessory. Any Talk-A-Phone emergency, information or assistance phone can be mounted together with a card reader or other device to a wall, on a pole, or to a gooseneck pedestal for stand-alone applications. The unit includes a hinged panel for easy installation and an acrylic adapter to magnetically isolate the card reader for enhanced read range. The product is ideal for drive-up or walk-up applications including building access control and garage/open parking lot entry. Find out more at www.talkaphone.com

DVR for Remote Sites Perfect for smaller security applications that require flexible control and specific budget guidelines, this remote DVR from Speco Technologies is a four channel H.264 networkable digital video recorder that has dynamically programmable recording priority, motion detection, alarms and continuous scheduling. It’s available in multi-channel (4/8/16) and hard drive sizes 54

January 2012 • SECURITY • SecurityMagazine.com

ranging from 250gb up to 2TB. It provides EZ Record, copy and setup and offers simultaneous live view/playback while continuing to record/network transfer or backup. View the images from it on your iPhone®, Blackberry® or Droid, with a free iPhone app available from iTunes. Find out more at www.specotech.com

SECURITY TALK

ASIS President:

Agile Effectiveness By Diane Ritchey, Editor

What else does Emde predict for the security industry this year?

T

his month, Eduard Emde, CPP takes the reins as president of ASIS International President. He’s the first non-U.S. president of the organization and a consultant for BMKISS Europe, in Wassenaar, The Netherlands. “I am convinced that 2012 will continue to be dominated by all facets of cyberrelated security risks,” Emde tells Security magazine.”These types of threats received

Why did you get into the security industry?

My entry into the security industry was actually quite by coincidence. While studying law and business, I worked as a security officer. I met security managers during this time that relayed the challenges and rewards of their work with me. My interest in the security profession grew as a result of their enthusiasm – making security management a real professional opportunity in my mind. I went on to work in the security and risk management fields. I began as a consultant with KPMG and went on to work in the financial sector within the corporate security department of ABN AMRO Bank. What is the most rewarding part of your position?

Eduard Emde

significant exposure this year, which, in turn, served to increase the level of awareness within organizations and the security management community. I think that topic will continue to be of major interest for the year to come, as well as some other trends and developments in the organization and the security profession. While I cannot pinpoint the timing, the next development in the sourcing of security services is likely to come about within the next five to 10 years. This evolution will impact the security services industry, but the main driver will come from organizations that upgrade the theme of universal sourcing. This would have quite an impact on the profession.” 56

There are many rewarding facets to my work as a security practitioner and to my role as a volunteer leader within ASIS International. As the first non-U.S. president of the organization, I have a unique and rewarding opportunity to give back to the profession that has given so much to me over the course of my career. I actually joined ASIS as a student. Of this, I am very proud. It is my hope that my experience attracts new members and has a motivational effect on young professionals. It is truly an exciting and pivotal time in the life of ASIS. How will you connect with members globally?

I hope and expect to meet many members, potential members and other people involved in the security arena in 2012. Since the membership of ASIS is comprised of individuals, I have found that members are really engaged and have a personal interest and drive to further themselves and the profession through networking and education. I hope to have many opportunities to raise awareness and get members, as well as prospects, engaged in the broad range of

January 2012 • SECURITY • SecurityMagazine.com

activities and initiatives that are underway. Local chapter meetings, industry councils and special interest groups like our young professionals and women in security, offer practitioners a tremendous opportunity to network and learn from their peers. ASIS education, certifications and standards and guidelines provide the knowledge, information and means for security professionals to advance in their careers. The Annual Seminar and Exhibits and the regional security conferences around the world are perhaps the ultimate forums for combining networking and education. I look forward to guiding professionals toward these valuable benefits. What do you hope to accomplish during your term as ASIS President?

First, it is the organization as a whole that brings about results. We have a paid, experienced professional staff working in offices in Washington, D.C., Brussels and Singapore who work closely with hundreds of volunteers at all levels across industry sectors around the world. I will concentrate my efforts on increasing the effectiveness and agility of the organization wherever possible. Members are the most important focus of ASIS. That is why we were founded in 1955. The challenge is to preserve that which is good while also positioning ourselves to be fully equipped to meet the future. The strength of ASIS is vested in our ability to be responsive to the needs and requirements of security professionals today and tomorrow. This includes broadening our scope where it is appropriate and working together with other groups and organizations in line with our mission to advance the profession. Have you experienced any “surprises” in your security career?

This is an interesting question. Of course, I have met with my share of surprises. But, as a security professional I have always enjoyed the pro-active side of the security work. The preventative side if you will. The

attempt to realistically assess a situation, and then, based on the goals of the organization, act, assuming the appropriate level of risk. One must have the right level of security in place. Not too much and not too little. I have been fortunate in that I have not met with too many negative results. I am

nesses have the expectation of 24/7 security, it is also critical for professionals to find the right work-life balance. We’ll need to work at maintaining that which is most important – our relationships with family and friends and our health. What do you like to do for fun?

In such pressurized careers, there's a need for work-life balance, too. very aware however that sometimes the line between success and failure is a thin one. There are many colleagues that I admire for what they do, but in some cases I do not envy them at all for the challenges they are confronted with while securing the enterprises for which they work. What are some of the most critical challenges facing security professionals?

Security practitioners and their teams play a critical role in the success of the organizations in which they serve. The most critical challenges facing security professionals are associated with professional development and work-life balance. It is imperative for security practitioners to stay updated on the latest techniques and technologies in security management. The ability to adapt to constantly changing business and environmental demands is also crucial for today’s security professionals. The reality is that we are consistently challenged, or even forced, to do more with less, to learn about new societal and business developments and to improve our effectiveness. In the age when busi-

and swimming again. And, maybe not surprising for a Dutchman, I enjoy getting on my bike to run errands in my village and to go shopping with my family.

W When

YOU Y OU OU

n e e d to o ccoverr all th the he ANANGLES GLE GLES GL ES Contact tac ta act

During my presidency, I anticipate many memorable moments and some fun. The camaraderie and goods spirits that are central to our meetings make me confident that it will be a special and enjoyable year. I hope there will be opportunities to involve my wife and son in some of the trips around the world. Being on the road together is one of the best things there is. It has also given us some of the dearest memories we have. I mentioned work-life balance and for me all activities with friends and family contribute to what I call recharging the batteries. I am extremely lucky to have some solid friendships that go back many, many years. Recently, I have Par-Kut P utt delivers vers rs more oree one-piece, e piee , welded wel el d taken up golf steel ell ssecurity ity tyy buildings b inngs g andd guard gguu sh shelters helt el than thhan

aany n othe ot otherr manufacturer. m nufa nu ctu er. O Our ur rugged gg d construction gge c nstru nst ct n aan andd thoughtful oug uggh ugh des design essig outlasts utl tla las thee ccompetition o etit titi iti tio every ery ryy time. Par-Kut P K t is thee Industry nduu y Choice hoi oi for Sa Safetyy and ndd Comfort. m ort.t

• ALL ALLLL LEVELS A LE LEV EVEL VE V ELS LS BULLET LS B BU ULLET LLE ETT RESISTAN RESISTA RESISTANT R RESIS ESSSIS E ISSTA ISTA TA TANT ANT • BLA BLA BLAST LA AST STT RESISTANT RESIS R RESISTAN RESISTA ESIS SSIST I TANT TA AN NTT AVAILABILITY AVAILA AVA A AV AVAILABILIT VA V VAILA A AILA LA LABILITY ABILLITY TYY

PAR-KUT PA A KU KU INTERNATIONAL IN N ER RNATTTII NA R A hht http://security-booth.parkut.com p:/ :// // cu cu tyyy-- oth ot paaarr ut. ot uttt.c c m 40961 Production 4096 409 duc ucti Drive, ive ve, H Harrison on Township, T hip ip, Michigan M i gan an 4480455 Ph. Phh 586-468-2947 6-4 -468 2 7 To Toll-Free T l e 800 800-394-6599 8 3 65 6599 Fax 586-463-6059 586 4 58 059 05

SecurityMagazine.com • SECURITY • January 2012

57

ACCESS CONTROL

TRAINING & EDUCATION

Advance Your Career Training programs available for all security personnel. Train at home or at work. More Information at: www.ifpo.org hits.astcorp.com

ON THE WEB

Advertiser

Page#

Website

Phone

Altronix

27

www.altronix.com

888-258-7669

Arecont

29

www.arecontvision.com

818-937-0700

ASIS International/Certifications

47

www.asisonline.org/certification

703-519-6200

ASIS International/Memberships

33

www.asisonline.org/joinnow

703-519-6200

Avigilon

30-31

www.avigilon.com

…

Axis Communications, Inc.

IFC

www.axis.com/encoders

…

Bellevue University

51

Security.Bellevue.edu

800-756-7920

CBC (America) Corp.

9

www.computarganz.com

800-422-6707

Comm Port Technologies Inc.

22

www.comm-port.com

732-738-8780

DRS Technologies

37

www.DRS.com/WatchMaster

…

Easy Lobby

41

www.easylobby.com

781-455-8558

Emcor Enclosures

39

www.emcorenclosures.com/fresh

507-287-3535

G4S Security Solutions

19

www.g4s.com/us

800-275-8305

HID Global Corporation

BC

www.hidglobal.com/unleash-Sec

…

Honeywell Security

15

www.honeywell.com/security

800-323-4576

Identicard Systems, Inc.

46

www.IDenticard.com

800-233-0298

Intransa

45

www.intransa.com

866-446-8726

Keyscan Access Control

7

www.keyscan.ca

888-KEYSCAN

MBM Corporation

35

www.mbmcorp.com

800-826-0161

Middle Atlantic Products

11

www.middleatlantic.com

800-266-7225

NAPCO

5

http://bit.ly/vBUKYu

800-645-9445

Onity

8

www.Onity.com

770-497-3949

Panasonic

17

www.panasonic.com/security

…

Par-Kut International

57

www.parkut.com

800-394-6599

PCSC

IBC

www.pcscsecurity.com

800-899-PCSC

RS2 Technologies

26

www.rs2tech.com

877-682-3532

Samsung Techwin

12-13

www.samsung-security.com

877-213-1222

SecurityXchange

53

www.verticalxchange.net/security-xchange

952-224-7616

Siemens

23

usa.siemens.com/integratedsecuritysolutions

…

SightLogix

20-21

www.sightlogix.com/clear24

609-951-0008

Speco Technologies

3

www.specotech.com/D4RS250

800-645-5516

Stentofon-Zenitel

43

www.stentofonusa.com

800-654-3140

This index is for the convenience of our readers. Every care is taken to make it accurate. Security Magazine assumes no responsibility for errors or omissions.

at the NEW securitymagazine.com CPTED: Safer Communities by Design Battling bad guys with Bougainvillea? Foiling felons with Fuchsias, and chasing criminals with Camellias? It’s not too early to plant these flowers and use CPTED to fight crime. ‘Tiering Up’ About Video Storage Overall, security video storage and business data more generally, are now moving to a strategy, ironically, that replicates the old days of paper and records retention. Is it the right strategy for you, or not? Keep Up Through Security’s eNewsletter Bi-weekly – sign up at securitymagazine.com Check Out Today’s System Integrator eNewsletter Bi-weekly – sign up at securitymagazine.com 58

January 2012 • SECURITY • SecurityMagazine.com

INDUSTRY CALENDAR February 27, 2012 – March 2, 2012 RSA Conference 2012, San Francisco, CA www.rsaconference.com/2011/usa/ March 6, 2012 – March 9, 2012 Governance, Risk & Compliance (GRC) 2012, Las Vegas, NV www.grc2012.com/index.cfm?u=us&s= March 27, 2012 – March 30, 2012 ISC West 2012, Las Vegas, NV http://www.iscwest.com/ SECURITY Volume 49, Issue 1 (ISSN 0890-8826) is published 12 times annually, monthly, by BNP Media II, L.L.C., 2401 W. Big Beaver Rd., Suite 700, Troy, MI 48084-3333. Telephone: (248) 362-3700, Fax: (248) 362-0317. No charge for subscriptions to qualified individuals. Annual rate for subscriptions to nonqualified individuals in the U.S.A.: $178.00 USD. Annual rate for subscriptions to nonqualified individuals in Canada: $216.00 USD (includes GST & postage); all other countries: $228.00 (int’l mail) payable in U.S. funds. Printed in the U.S.A. Copyright 2012, by BNP Media II, L.L.C. All rights reserved. The contents of this publication may not be reproduced in whole or in part without the consent of the publisher. The publisher is not responsible for product claims and representations. Periodicals Postage Paid at Troy, MI and at additional mailing offices. POSTMASTER: Send address changes to: SECURITY, P.O. Box 2144, Skokie, IL 60076. Canada Post: Publications Mail Agreement #40612608. GST account: 131263923. Send returns (Canada) to Pitney Bowes, P.O. Box 25542, London, ON, N6C 6B2. Change of address: Send old address label along with new address to SECURITY, P.O. Box 2144, Skokie, IL 60076. For single copies or back issues: contact Ann Kalb at (248) 244-6499 or [email protected].

Unleash your credential potential.

HID’s Secure Identity Object:

Introducing iCLASS SE™ with the Secure Identity Object (SIO) data model.

❚ Turns any device w/ NFC into a secure credential ❚ Works with all major smart cards ❚ Secure upgrades ease migration, extend life

Packed with security and technology-independent, new iCLASS SE lets you turn phones and virtually any other smart device into an ID card. L Learn about b SIO. hidglobal.com/sio or Scan this with a QR reader

iCLASS SE protects your identities with multiple layers of breach-resistant technology including a secure key management system. It’s also amazingly flexible — supporting MiFARE/DesFIRE, EV1 and Indala technologies as well as iCLASS®, while allowing any device enabled with our SIO data model to be turned into a secure credential. Pick your technology and program the credentials to create your ideal access control solution today — then reprogram your reader as your needs change down the road. Powerful, adaptable and designed to be energy efficient, iCLASS SE is truly the next generation in access control. To compare HID’s iCLASS® platform, visit hidglobal.com/unleash-Sec