JamesMoore-Square-800x800-NEWheadshot-23

Managing Editor, IFSEC Insider

Author Bio ▼

James Moore is the Managing Editor of IFSEC Insider, the leading online publication for security and fire news in the industry. James writes, commissions, edits and produces content for IFSEC Insider, including articles, breaking news stories and exclusive industry reports. He liaises and speaks with leading industry figures, vendors and associations to ensure security and fire professionals remain abreast of all the latest developments in the sector.
April 2, 2020

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Converged security centres – your questions answered!

IFSEC Global recently hosted a webinar with industry experts to discuss how converged security centres can facilitate the digital transformation of security. Thank you to everyone who tuned in live and asked a question – below, you will find answers to these from the expert panel.

For those who haven’t had the chance to listen, the webinar is still available to watch below!

The participants of the webinar included:

  • Sarb Sembhi CISM, CTO & CISO, Virtually Informed
  • James Willison MA Founder, Unified Security
  • John Gill, Vice President Sales and Business Development, Vidsys
  • Joe Leung, Director of Product Marketing for Security Operations & AI, Micro Focus

Are converged security centres designed for all sizes of business? Or is it a solution that currently relates more to larger organisations?

John Gill (Vidsys): The answer to this question turns on the ability for organisations of every size, to not only integrate their disparate subsystems (regardless of quantity) but more importantly, the ability to manage the retrieved data in a way that provides meaningful insights and mitigates risk. This is a key value regardless of the size of an organisation.

An inevitable follow-up question would likely be: will the pricing scale? And the answer to that is, yes – because the software is licensed as a function of the number of users, subsystems, and end-point devices.

James Willison: Security Operations Centres are usually found in medium to large businesses on which smaller organisations rely. Hence for example most large financial, telecoms, utilities/CNI, and FTSE 500 companies host these at their corporate headquarters.

This doesn’t mean that smaller businesses can’t unify their security technologies and share resources to enable more efficient use of these across their workspace(s). Perhaps there are only one or two security professionals at these companies and they may have the opportunity to outsource some of the security risk management to monitoring by larger companies who offer this as a service?

The importance of bringing all security technologies together into one centre is nevertheless significant for all of the global supply chain. Larger organisations are dependent on the smaller ones and if they can provide the reporting of cyber physical attacks which affect the whole supply chain, it does mean the risks to all are reduced. As more and more converged centres utilise social media feeds and incorporate these into their cyber physical risk management response, it also means that all sizes of business can benefit from the power of AI and automated technologies. It’s a two-way process.

Sarb Sembhi: Traditionally security operations centres (SoCs, as they are often called) were developed by and for big companies. Many large organisations would develop these with keeping them operating 24/7, so many organisations would have large SoCs in three to five locations around the world.

The unfortunate aspect about traditional SoCs is that they don’t provide a single view of security risks, as they hadn’t included both physical and logical security together. A converged security centre brings physical, logical other feeds of security data that will help provide the overview you need, including social media feeds.

ConvergedSecurityCentre-Webinar2020-20

So, although traditional SoCs could be set up with a smaller number of specialist staff, a converged security centre will require more specialist staff depending on the types of data you are going to bring in for your needs.

In the same way that traditional SoCs were once only developed by large organisations, but are now being utilised by much smaller business, I see the same thing happening with converged security.

Converged security centres can be designed for any sized businesses, but due to the cost of the skills needed to run them (excluding the technology), there seems to be little value in running these themselves. It makes better sense for small businesses, that CSCs are designed specifically for as a service for SMBs. This is a good thing and in line with what they do for other services, such as legal, accounting, infrastructure, etc.

 

Security is constantly evolving, but what options are available to the developing world, given the lack of infrastructure and responses to emergency security risk issues?

James Willison: The developing world is increasingly interconnected and as this progresses sections of it and its people will be able to connect initially via mobile technologies. These are already widespread and larger operations centres will both help and rely on the intelligence the security operators can feed into them. No doubt global companies will and do communicate security responses to their employees in developing countries.

In fact, if the investment in monitoring technologies – for example – is allocated for reasons such as a country recognises it can progress more quickly by doing this then the opportunities will be great. South Korea has rapidly developed into a highly technical country because many of its people realised the value in technological development and is now much more capable of responding to emergency security risks issues than it could have done previously. In many ways it is rightfully now recognised as a global leader.

When we consider long term strategy then we must be positive. No doubt many companies that have centres with the capacity to deploy technologies to help and secure people in emergencies will use these on humanitarian grounds. In our present crisis it is a matter of urgency that these are made far more widely available. We only have to acknowledge the amazing success of this approach in South Korea if we want to be convinced by a case study.

 

With large and sometimes very legacy heavy technology installations, many companies have the view that convergence is one of significant investment and upgrades. How can we help communicate the phased and tiered approach to digital transformation to turn our aged and tired infrastructure to convergence, whilst changing the fixed mindset of some senior managers?

James Willison: It is important to convey to the organisation that some converged solution providers have the capability to integrate all and any legacy technologies and therefore the investment required is for the tools themselves and not for new cameras, access, fire systems and BMS. It is therefore crucial for a security professional to understand this in any procurement process and explain it to the person/teams responsible. This will help reassure them.

Following this, the benefits of faster and more efficient risk management is enabled by converged technologies that can identify potential attacks on systems and lockdown/secure sites in real time and not simply when issues have been picked up on a physical inspection. The same can occur when cameras work with systems which indicate a fault and the control room operator can see the issue that needs fixing. Similarly, in a fire or flood the security and fire personnel can see the exact location of the incident and potentially save lives by responding based on accurate situational intelligence.

A range of different security monitoring technologies can be introduced over time to demonstrate how automation can improve efficiencies and reporting, while at the same time provide the business with audit trails of data that can highlight opportunities for expansion and enhanced marketing. In this way, senior managers can demonstrate the benefits for the wider enterprise, including assurance that data losses can be managed in real time, meaning potential fines under privacy legislation can be limited. Many of these new technologies provide the speed of identification and reporting so that the GDPR’s demand for notification can be met and appropriate audit trails produced. These technologies are also the type of controls which are expected to be used to prevent a data breach escalating demonstrating clear ROI.

 

With a single monitoring suite/ tools, do you then provide a single point of failure?

John Gill (Vidsys): Excellent question!  With regard to system functionality, it’s important to keep in mind that the converged security centre software is managing data from multiple subsystems, and so the majority of service disruptions can be attributed to an issue with one or more of the subsystems and/or attendant end-point devices — an issue that would occur with or without the CSC in place.

Importantly, Vidsys has developed the ability to track such subsystem and end-point device disruptions through our system Health Monitoring Dashboard. This provides customers with a single source to keep track of any disruptions occurring with the underlying subsystems throughout an organisation’s entire enterprise.

Sarb Sembhi: It is possible to say this for almost any tool or service you use, so the answer should be yes. However, if you feel that there are exceptional circumstances that make a particular service(s) more vulnerable than others, it is entirely up to you to remedy that situation to manage the risk and ensure you get the value you need from the service(s).

The issue is that most businesses for any service aim to select the best, and the best one that won’t become a single point of failure, be it printing, photocopying, or any other service. Part of selecting the right solution is selecting one that is very unlikely to fail, but where it does it can fail safely.

However, having said that, think about banking and financial services, once upon a time, all businesses only ever used one bank for all their needs – now most use several to mitigate risk and drive greater value. All services are now more specialised than ever and usually the use of more than one service is about getting value.

So, I would say that rather than looking at any single monitoring suite/tool as a single point of failure, is to look at what your requirements are from any monitoring tool and if you are going to get the value you require from it. Explore how you can ensure that you are able to not only secure it, but ensure that it doesn’t become your Achilles heel by putting the right controls in place – so it doesn’t become your single point of failure.

The whole point of a converged security centre is to help provide a single view of risk, however, you will need to consider the risk issue of any of it becoming a single point of failure when designed a CSC.

One other approach is to be able to utilise other or competing technologies, in the same centre or if your organisation is global, to utilise the other technologies in different centres. Generally, this is not a preferred option, as it is often considered better to train all staff on the same technologies so that there are no discrepancies in the results provided.

James, could you describe the bridge between Security Convergence (SC) and Enterprise Security Risk Management (ESRM)?

James Willison: ASIS International defines ESRM as “a strategic approach to security management that ties an organisation’s security practice to its overall strategy using globally established and accepted risk management principles”. Essentially, it is where an organisation considers all of its security risks collaboratively and determines how these affect it in a coherent approach. It is primarily a business security risk strategy which is holistic and collaborative, such that the senior management/board sets a strategy with the involvement of all security professionals and the rest of the business. The security professional and their team works closely with all departments to understand what security risks they face and works to help them identify, respond and reduce these efficiently. This is something we encourage all organisations to do irrespective of size or culture as it is essentially collaborative and cross functional. It is particularly effective in times of crisis.

Security Convergence builds on this foundational strategy more cohesively by actually bringing the different disciplines of cyber/infosec/IoT/data security and the range of physical specialisms into one department, usually under one CSO/CRO/Executive. Where an organisation sees merit in more in-depth cross functional teaming on a daily operational basis to combat cyber physical attacks, perhaps in relation to critical national infrastructure, then one department is clearly beneficial. As organisations increasingly use smart buildings that are interconnected, then the need for converged security centres will also drive a requirement for a single department to manage the complex and wide-ranging risks more effectively. This is due to the importance of responding to cyber risk to the physical environment as quickly as possible, by enabling a real time single view of the threat.

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23

Related Topics

Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] Watch the webinar in full, below! You can also find the answers to the questions we did not have time to answer in our article, here: Converged security centres: your questions answered […]