Building Software
Unifying the enterprise will help security run smoother
- By Simon Morgan
- May 01, 2016
Today’s security leaders must present solutions to enterprise organizations
that meet the needs of these diverse organizations. Enterprise
organizations are characterized in a number of ways: they
are typically widely distributed across geographic boundaries, have
completely distributed network architecture topologies and, in most
cases, operate with a number of smaller security operations centers in place. This
creates more than a few problems with traditional physical security information
management (PSIM) systems, which have typically been built in a client/server
system design, and are far less successful in addressing the needs of the enterprise
customer.
Enterprise customers come in many shapes and sizes, but share a common
set of goals as security becomes a C-level agenda item, and risk management demands
that the scope of security is widened beyond just premises security, to that
of the entire organization. These organizations seek a new product solution that
will meet a number of requirements, including a need for consolidated operations,
greater situational awareness, enforceable standard operating procedures, reliable
reporting capabilities and more efficient security operations.
Above all, a clear return on investment (ROI) is necessary to delivering in this
market sector, and this component is driven by speed of deployment and a low cost
of ownership, two things that traditional PSIM systems have struggled to deliver.
ENTERPRISE PSIM SOFTWARE
The challenges that the enterprise customer faces makes designing PSIM software
for the enterprise a large undertaking, but several characteristics must be present
for the software to be successful. This software needs to be agile, robust, scalable,
extensible and simple to deploy and use operationally.
The system must also integrate with a wide variety of different subsystems and
provide centralized situational awareness for the security professionals responsible
for coordinating a response to any perceived threat.
To do this, an essential, four-part system architecture of the software can heavily
influence the operational success of the system, and through design, better meet
the needs of an enterprise organization. Built on a significant amount of the same
characteristics found in other products in the security marketplace, such as those
from Axis, Lenel, Brivo, Genetec, Milestone, Avigilon and more, beyond the security
market, these comparable characteristics can also be seen in enterprise-grade
cloud solutions. These range from Google Apps for business, Microsoft Office 365
and Azure, along with platforms like Salesforce.
This isn’t coincidental, but a reflection of manufacturers whose products evolve to meet the developments in organizational structures,
as well as the IT and networking technologies
that support them.
To deliver a performance-based and maintainable
system, these architectural characteristics need to be
a part of the system’s basic DNA, and are critical to
meeting the challenges that face today’s enterprise organizations.
SCALABILITY
Scalability is essential to PSIM software for the enterprise.
This means it must have the ability for the
application to grow and adapt to the needs of customers
both large and small. Related to enterprise applications,
the system must also provide redundancy to
protect from system failures, as well as the ability to
extend its capacity as companies grow and demand
more from the software it has in place.
One way this is achieved is by building the platform
to run in the cloud, developing a database structure
that supports a multi-tenant framework that allows
data separation to be enforced throughout the system.
This means that separate divisions and groups within
an organization have the flexibility to run their own
independent system, while still leveraging the common
infrastructure of the main platform.
The PSIM software for the enterprise focuses on
providing enterprise organizations with the flexibility
to deploy the system in a way that fits their operational
structure today, while still allowing the platform the
ability to adapt as needed for the future.
EXTENSIBILITY
As an enterprise organization grows, whether locally
or globally, it’s imperative that a PSIM platform be
extensible to customize the system with this growth.
Extensibility allows support for a range of different
systems that go beyond typical physical security systems,
including situational awareness platforms. Finally,
it allows the customization of the system without
creating a one-off version, which can be expensive
to support and maintain. Instead, the basic platform
is built on an application program interface (API)
that ensures customizations are supported as an integral
part of the overall system.
This API provides the instructions to integrate a
wide range of systems from traditional physical security
systems, to situational awareness platforms, incident
management and even “home grown” systems customers
have developed specifically for their businesses.
AGILITY
Agility is another element that is important in building
PSIM software for the enterprise, that is, a system
that is quick and easy to deploy, maintain and
adapt. To answer this, the platform should ideally be a
Web-based system, which eliminates the high IT costs
to maintain and deploy, especially in large, complex
organizations. These systems allow for centralized
management of all updates, which means that as new
features, functions and integrations are added to the
system, all users, no matter where they are located,
have access to the latest version.
Additionally, by standardizing everything to the
Web, the management of the system is simplified and
provides another level of flexibility in controlling access
to the system. It no longer has to be solely operators
in the command center who have the client
application installed on their machine; logins can be
created for management, key vendors such as integrators,
field security officers and law enforcement. This
wider adoption and easy access to the system becomes
critical when coordinating the response to an
event or managing a crisis. The cost of maintenance is
also sharply reduced.
OPERATIONAL ELEGANCE
The design of PSIM software for the enterprise must
deliver all of the software to meet the needs of an
enterprise organization while still maintaining operational
elegance, including ease of use and the ability
to seamlessly maintain the software. With a minimal
amount of training, a user should be able to log in
and use the system, providing an intuitive interface.
Additionally, only the proper amount of information
should be available to a user. This means that the
information presented to an operator is very different
than that presented to a manager, or even the information
presented to a law enforcement officer. This
greatly reduces the training burden on individuals,
while increasing the adoption and collaboration of
the system across multiple business roles.
Operational elegance outlines how the system interfaces
with other systems and how complex tasks
are automated to eliminate time-consuming manual
operations. The key to this is streamlining operator
responses so that data is easily synchronized between
platforms, an important tool for bringing an entire security
operations center together from a number of
disparate systems.
BRINGING IT ALL TOGETHER
Combining the four components for designing PSIM
software for the enterprise are essential to building
the kind of platform that is necessary in an enterprise
organization. Customers that keep a close eye on the
broader trends in application design and cloud technology
should be called on when discussing the development
of this software, as developers cannot shoehorn
new design needs into yesterday’s technology.
Instead, developers need to design applications that
from the outset are flexible enough to adapt to the
ever-changing world of the enterprise organization.
At its core, PSIM software should deliver the ability
to integrate with a variety of systems and provide
centralized situational awareness to operators. It
is also crucial for these deployments to be ready in
weeks instead of months so that
these organizations can realize true
ROI and support changing security
operations for years to come.
This article originally appeared in the May 2016 issue of Security Today.