Blog Date: 8/9/2013
Author: Ray Bernard
Two key factors have permanently changed the landscape in which a security design consultant works. This doesn't alter the basic purpose of a security design consultant, but it drastically changes the mindset required to be one in several important ways.
Naturally, veteran consultants are more aware of these change factors than those newly entering the field. Regardless, every consultant needs to take these factors into account.
The impacts of these two key factors aren't confined to the world of security consulting - they affect nearly every professional in varying ways.
These factors aren't new, but their impacts have increased to the point that we have to account for them in our thinking and in our approach to security design consulting.
Two Factors: Technology and Risk
The first factor is the ever-increasing rate of technology advance. The second is the extent to which organizational risk pictures are highly dynamic (changing). While the previous sentence is an accurate statement, it conveys nothing of the real-life impacts of how quickly and severely changes in risk can open the door to devastating impacts, both personal and organizational. That's the real reason why we have to pay attention to these factors.
Highly dynamic risk pictures mean that the traditional approach of periodic assessment projects followed by security controls upgrade projects, with years in between can leave clients significantly exposed because new risks are not dealt with soon enough. Fortunately, successfully dealing with the ever-increasing rate of technology advancement will actually give us solutions that enable clients to more effectively address a constantly changing risk picture.
Here is how this works.
Fast Pace of Technology Advance
Consumer and business technology advances in communications, computing, networking and video raise security end-user expectations while at the same time offering new capabilities for security systems technologies. At the same time, manufacturing advances drive prices down.
Video management systems now have iPhone and Android apps so officers, employees or students can send incident video to the security center. Nokia just released a 41-megapixel camera phone. Lytro introduced a camera that captures raw light streams, and allows after-the-fact focusing of the captured video images. Imagine having security video cameras on a wide area, capturing raw data, with technology that allows you zoom in and focus closely on any area in the image. All technology trends support that scenario (increasing network capacity, increasing storage capacity, increasing image processing power, and so on).
These trends mean that we should design standards-based evolving security technology infrastructure in contrast to the rip-and-replace systems design approach. The evolving infrastructure approach enables the systems to utilize new technology innovations as they appear, maximizing the risk mitigation potential of deployed systems. Security tech standards of real value are now being implemented in products and despite a slow start for standards, there is a rise in successful standards-based deployments.
Future-proofing as an aspect of design is now more important but also less challenging, in spite of the technology changes due to the overall trends of increasing tech capabilities and decreasing prices. Helping clients establish a security management system that continuously updates the risk picture provides a basis upon which to continuously evolve the technology infrastructure, focusing on risks at hand and on the horizon. Trends and resulting client needs require us to have a new mind-set that is risk-focused and evolutionary in perspective. It is different, but doable.