The Security Industry Association will be holding its annual executive conference, Securing New Ground, October 26-27 at the Edison Ballroom in New York City.
SDM recently spoke with Tim Williams, vice chairman for Pinkerton Global Security Services, and Steve Van Till, president & CEO, Brivo, chair, SIA Standards Committee. Both men will be moderating panels on security megatrends at the upcoming conference and gave a preview of what they would be addressing.
SDM: What are some of the biggest trend shifts that you’ve seen in the last year or so.
TW: What we’re seeing is the constant evolution of the use of technology to attack networks and people, and the common theme here is network hygiene. For example Equifax apparently did not patch their Cisco servers in a timely fashion after the vulnerability was found. Then that’s what we’re seeing being exploited today.
I think people will become much better at network hygiene — that’s what I call it. I don’t call it security; there are security implications to it, but it’s basically it’s keeping your network properly patched, and that’s an operational issue.
Companies will become much more aware of that because of incidents like Equifax, then they’re going to find other very open areas in which to exploit. They’re just going to walk down the food chain, so to speak, and I think part of that food chain is going to be the physical security apparatus that’s already connected to the network. I have seen that occur where a camera is not patched; it’s just kind of plunked onto the network. It creates a vulnerability or a hole into the network itself. And the same could be said for access control systems and a plethora of other security devices that get attached to the network one way or another.
SVT: Obviously there’s cloud, which we’ve been doing for a long time at Brivo. If you look at just the sheer number of announcements from other companies that are jumping into cloud in the last year — I can think of about four established companies and three startups that have all jumped in in the last 12-to-18 months, and so that’s a 2x or 3x rise in the number of companies that are moving over, and I think it’s really the beginning of the landslide in this direction. So that’s certainly a huge one for everybody involved.
Mobile credentials have been very interesting over the last two-to-three years. When we launched ours in September of 2015, there were only a handful of companies that were offering mobile credentials in the commercial space; residential has been ahead on this curve for a long time. Now in the commercial space in just a space of two years, there are easily a dozen or two dozen solutions.
There’s no standards in this area, but everybody’s got their own mobile credential solution, and it’s become, I would say, a must-have for commercial access control just like it’s a must have for home automation.
SDM: Were there any surprises this year?
TW: The constant surprise to me is the fact that companies and the U.S. government don’t organize to effectively deal with cybercrime. That’s the biggest surprise to me that companies still diffuse security among a number of different avenues and working with the U.S. government, although they’re really good people and they’ve got some really good technologies, it’s difficult because you’re dealing with so many bureaucracies who want to get into the game.
The biggest surprise to me is we’ve not, on the whole, gotten smarter about how we need to organize security within 85 percent of the infrastructures of the country, which is private and publicly held companies, and then we’re moving at a much faster pace in terms of what assistance the U.S. government can provide.
SVT: Well, cloud, mobile IoT I think is at the beginning of changing security. There’s kind of a fuzzy question there because in some respects security has been doing Internet of Things for a long, long time, and in another respect, the type of new products that are coming out in IoT are smaller, faster, better, cheaper; they run on batteries for 10 years, so these are quantitative changes that I think produce a qualitative shift in what you can do.
The other thing about IoT is that every single IoT company without exception is also a cloud company. And so if you want to use IoT, you are going to be doing so in the cloud. So this whole debate in commercial security — should it be cloud? Should it be legacy server? Server is better, they’re safer — there’s no way that the industry can participate in IoT without simultaneously making a commitment to the cloud. So this is going to be the decisive thing.
Even though the cloud was gaining momentum on its own, this is the thing that’s really going to push that over the edge, and that combination effect I think is something that people may not have seen coming.
SDM: Are there any new segments that haven’t received attention before but now are?
TW: I’ve just recently taken a position as vice chairman of the Pinkerton Global Security company, and one of the things that Pinkerton is doing is becoming much more sophisticated at trying to help companies determine risk, from a number of factors, by correlating a number of different reports that are out there; in fact, they’re edging into artificial intelligence in an effort to try to bring more precision to how you evaluate lists.
SVT: Biometrics seems to be coming back a little bit in a couple of different forms. You’re seeing more and more people trying to do biometrics for access control. I think that the biometrics on the phone are going to be instrument of choice because everybody’s got one already, so whether that’s using a fingerprint to unlock a door using mobile credential, or whether, if you’re looking at newer phones, like Apple [iPhone] 10 where it’s facial recognition in order to activate the phone, which can then activate a door, that may be the form that this biometrics comes in because you’ve already got this expensive device in your hand, and why put another expensive device next to the door or next to the locker or what have you to do that? So biometrics moving onto the personal device instead of being an institutional device that’s part of the building or part of the rest of the infrastructure.
SDM: How do you think these trends are going to affect the look and the feel of the industry in, say, five or 10 years?
SVT: What we’re seeing here is the consumerization of commercial security. So if you are familiar with this trend called the consumerization of IT, which is people using consumer devices for professional applications — phones are an example, iPads are an example, tablets are an example — they’re using those things and they’re using the software products that run on them for professional IT interactions, replacing dedicated solutions that were issued by the corporation — you’re going to see consumerization of security doing much the same thing. Credentials on a phone are an early example of that, and you’re going to see the same thing in the shape and form of the products that are used to monitor and instrument buildings, mostly in the form of IoT devices that will be dual use between consumer applications and professional applications.
TW: Buckle your seatbelt. We’ve got a couple discontinuities heading our way that are already in motion. The first is artificial intelligence, and until we define that for our industry and what the effect will be, that’s one consideration. A corollary to artificial intelligence in my opinion, an aspect of artificial intelligence, is quantum computing. Quantum computing has the capability of becoming so refined that it can break most of the most significant encryption technologies employed today that we feel comfortable with.
In fact a Canadian researcher has suggested that there’s a one-in-seven chance it could break the most robust RSA or encryption code in existence today, and in just maybe several years. So what has to happen here is we need to use the quantum computing to develop a much more robust encryption code, and it’s going to be the whole missile, anti-missile, anti-anti-missile kind of stuff all over again.
But I don’t know that any of us really appreciate the extent to which this can change, because we’re a slow-twitch industry. Even on the cyber side, things evolve, products evolve not at the speed of light, but that’s starting to come to us now, and until we examine that, I don’t know that we’re going to be the first for the audience.
I don’t know that we know what kind of business opportunities are going to be presenting themselves because they’re going to come up quickly, and they will be exploited quickly because of artificial intelligence and all the other computing power that we’re involved in. I mean we’re quickly approaching the ability of the computer to mimic the human brain. So you start thinking about that, and then the implications to our industry from the cyber side are pretty straightforward. But in terms of how that trickles down to the rest of the industry, with examining billions of transactions — access control, alarms, and all the rest of that, the ability to synthesize a lot of data very quickly and put that into a picture of risk is going to change dramatically.
Humans are slow to adopt new technologies, but computers are not, and as computers play a more substantial role in what’s going on we can come up with some solutions and some vulnerabilities we haven’t yet even conceived of.
SDM: How is the conference, and your presentation specifically, going to help prepare people for what’s coming?
SVT: The conference as a whole is themed around all of these trends; it’s themed around the 10 mega trends that were published last year in that very nice collection that was put together after the show, and these are all the things that are going to matter for what kind of talent you hire, what kind of vendor alliances you form, whether you’re an integrator or end user, and so if you’re in a position where your organization is making two- or three-year plans for how you do security, this is a conference where you can learn information that will help you in the next two- or three-year planning cycle.
TW: Not only are we going to talk about what the possible implications of technology are, we also want to talk about what attributes these folks can bring to the table that are most valuable to us. We want to talk a little bit about that because of the environment in companies right now; it’s pretty difficult right no matter where you are.
The expectations and cost issues and all the rest with globalization is affecting everybody, so we wanted to address some of what the attributes are when we’re being pressed by all these different companies to take a look at their products. We want to talk a little bit about what we think are better approaches, and ones that are more helpful to us, therefore you’re going to get more attention.
For more about the conference and to see a description of the panels, visit www.securityindustry.org/Pages/IndustryEvents/SecuringNewGround/detailed-schedule.aspx.
The conference is designed to be a place where “the security industry C-suite meet to exchange valuable industry intelligence among suppliers, integrators, practitioners and investment firms,” according to SIA’s website.
The conference will examine trends shaping the security industry, methods for improving the future of security, and investment and business takeaways, and it will serve as an opportunity for integrators, practitioners and solutions developers to collaborate and network.
This year’s speakers will be Dave Tyson, CEO, CISO Insights; Kevin O’Brien, director, global data center security, Google; and Tim Williams, former chief security officer and director of information risk and enterprise security, Caterpillar Inc.
As in years past, CEOs and other business leaders will gather for two days of executive strategizing and networking, SIA described in a press release. This year, SNG will be held at Edison Ballroom, 204 W. 47th St. (between Broadway and 8th Ave.), New York, NY 10036.
Edison Ballroom is located steps away from W New York Times Square, 1567 Broadway, New York, NY, and will serve as the official SNG conference hotel. SNG conferees will be eligible to participate in SIA’s hotel block group rate for nights encompassing SNG 2017.
For travel and accommodation information, a full agenda, or to register, visit www.securingnewground.com.
Business Icon Mark Cuban Joins ASIS 2017 Keynote Lineup
ASIS International announced that entrepreneur, technology visionary, and Dallas Mavericks owner Mark Cuban will deliver the keynote address at the Monday, Sept. 25, luncheon at the organization’s 63rd Annual Seminar and Exhibits (ASIS 2017), taking place Sept. 25-28 at the Kay Bailey Hutchison Convention Center in Dallas. The premier event for security professionals worldwide, ASIS 2017 is expected to attract 22,000 operational and cybersecurity professionals from across the globe.
“Every year ASIS brings the security community together to share ideas and experiences that help attendees better understand global trends and their security implications,” said Peter J. O’Neil, CEO, ASIS International. “Mark Cuban’s innovations as owner of the Mavericks along with his entrepreneurial, boundary-pushing achievements make him a natural fit for our keynote lineup. His address will help set the stage for the week of learning ahead.”
Cuban will share his approach to the myriad challenges inherent in securing his physical, data and information assets, as well as his perspective on the disruptive potential of AI and machine learning, data privacy and the proliferation of connected devices, and the effect of the current economic and political climate on the security community.
“The growth and continual advancements around connected devices and big data present risks — as well as opportunities — to business of all sizes,” said Thomas J. Langer, CPP, president, ASIS International. “Mark’s address will help attendees better understand these emerging technologies and potential applications and how security can serve as a business enabler.”
Today, in addition to his ownership of the Mavericks, Cuban is chairman and CEO of AXS tv, one of ABC’s “Sharks” on the hit show Shark Tank, and an investor in an ever-growing portfolio of businesses.
Learn more at www.securityexpo.org.