One of the definitions many use to describe Physical Security is the use of multiple layers of interdependent systems that can include CCTV surveillance, security guards, protective barriers, locks, access control, perimeter intrusion detection, deterrent systems, fire protection, and other systems designed to protect persons and property.
For the sake of this blog post I will utilize the definition of Physical Security Systems as: A physical security system being a collection of equipment and software that provides security and safety. It can use a variety of network-attached devices as well as a number of software products that can be integrated to provide a unified solution. Of course, fire protection and security guards are typically always part of the equation, but for the sake of simplification within what can be a very complicated subject, I prefer to focus on access control and video management systems.
Naturally all security practitioners have to start somewhere and if your current corporate physical security system reflects the photo below, start clearing the path now for what you want the future of your physical security program to look like. Unfortunately, the supply chain issues, and chip shortages are going to be with us for quite a while.
As many large corporations progress from independent business units’ model to a structured organizational approach, the silo effect can take many years to dissipate altogether. A 3-to-5-year infrastructure plan will quickly become a 5-to-10-year plan.
I have been a part of several corporate restructuring processes due to growth and acquisitions within the healthcare industry, managed IT industry and the life sciences industry. Although each industry is unique in its own way, one common denominator always remains the same and that has been the financial prioritization of departments slated for systemization. In the past, physical security, defined as a non-income generating department would typically be of the last to receive dedicated dollars to begin corralling and integrating physical security systems, but in my opinion the elevation of network security has now helped change that, after all they rely on each other, and physical security systems are defined as IT systems.
Understand your assets
Understanding your existing assets can be a very time-consuming task and at times a very daunting one, but a necessary step in clearing the path for an enterprise physical security program. Early on you’re going to want to prioritize systems replacement based off of things like age, discontinued support, failure rate and financial impact associated to ongoing maintenance. This is equally important for writing that 5-to-10-year plan that in reality may turn into a 7-to-12-year plan.
Once you have defined what you have and what you need to replace, those other bumps in the road such as capital budgeting and supply chain issues may bring additional challenges. Unfortunately, not many organizations can afford to rip and replace all legacy systems in place, so prepare to keep some of the old dogs alive for a while.
Next Steps
Building that Enterprise Level Physical Security Program comes with a few steps, which may include:
- Selecting preferred vendors.
- Deciding upon Service Level Agreements, early on!
- Choosing those standardized, scalable and easily integrated security systems with buy in from IT security.
- Publishing security standards with buy in from executive leadership.
- Working with legal through other country agreements, if you’re footprint is global.
One of the most difficult tasks that a security practitioner can initiate is vetting and defining preferred vendors, especially if there are global contracts involved. Although there can be mixed feelings on the big box vendors vs. the smaller guys, at the end of the day many of the big box vendors have to rely on the smaller guys to subcontract with, nobody can be everywhere.
Considering the standard access control and video management systems can also be challenging process, as there are so many out there. One thing to consider is you’re end goal, if you’re going to aim for the implementation of an in-house security operations center, you would most likely want the systems to integrate. Another consideration would be the size and operational aspects of the business units associated with the overall footprint. A site that may be half or a quarter of the size of the others may not require a standard physical security system install. You may be better off with a cloud-based system to save on expense, either way it should be able to integrate into your enterprise system in the end.
IT Security can be a difficult customer to please, vetting these systems with them up front will make the implementation and expansion a more acceptable process for everyone. This is a road heavily traveled, maintaining that relationship and up-front collaboration will allow you to address your security needs as they come, rather than letting them build up while you wait for approval.
Conclusion
Developing enterprise level physical security systems is a process of patience, collaboration and learning. A successful program will require collaboration with some key departments:
- Real Estate
- Site Management
- Legal
- Sourcing and Procurement
- Facilities
- Information Technology
Collaborating early on and developing that ecosystem is key to any security practitioner working towards this goal.