Optimize Your Physical Security Management System for Mobile

The physical security threat has never been more mobile: Traditional equipment hasn’t kept up

At the beginning of the decade, a glut of physical security management technologies flooded the market, purporting to reorient the industry away from its traditional command and control focus. While some of those solutions did, in fact, yield tangible benefits, the consensus today is that protective security technologies have a long way to go to ensure maximal security, in a timely manner, for people and physical assets. In particular, overwhelmingly hardware-intensive physical security management equipment still dominates the field. And those tools have largely proven unable to keep up with the physical security threat as it’s evolved. 

Indeed, the physical security threat has never been more mobile. Why? Because the workforce has never been more mobile and mobile-reliant: just witness the unprecedented number of mobile devices that IT organizations and other security officials must now secure against loss or theftⁱ. Those devices don’t just count as physical assets, either; they also store important informational assets, including valuable intellectual property. That’s why it’s so concerning that organizations must manage so many devices without the right security tools. For reference, research reveals that 14 percent of IT officials manage 5,000 or more mobile devicesⁱⁱ. 

When probed, security managers will acknowledge the enormous challenge they face, as their company’s security risk profile has only deteriorated in the age of mobile. For instance, a staggering 70 percent of corporate security, employee safety, physical plant security, IT security, and business continuity management leaders state that workplace risk is risingⁱⁱⁱ. Leaders also confess that their organizations are unprepared to deal with common security threats, especially workplace violence, environmental incidents, and active shooter incidents:

29% are unprepared to deal with workplace violence incidents

27% are unprepared to deal with environmental incidents

25% are unprepared to deal with an active shooter^iv

Those numbers are hardly surprising. People and their devices, as well as structures, buildings, sites, vehicles, and equipment are some of the easiest targets for malicious actors. What’s more, the physical security and facilities staff charged with protecting those assets often lack vital technical support.

How so? Adoption rates of mobile safety and security apps, in particular, remain strikingly low: just north of 40 percent^v. Further, survey data shows a stark gap between what facilities management professionals want and their current information system practices^vi. Facilities managers prioritize finding, capturing, storing, and retrieving information, as well as providing collaborative information access to multiple parties. But they are largely stymied by manual processes and inadequate systems: only 40 percent of facilities management information is stored electronically. The majority continue to use spreadsheets, shared drives, even filing cabinets. 

In consequence, facilities and security professionals don’t get access to the right information when they need it most. A paltry ten percent of facilities managers can locate information quickly; and more than half usually take over ten minutes to retrieve information. 

Alarming, indeed. While smaller physical incidents, like mobile device theft and insider threats, might not register in the C-suite, security officials know all too well that those smaller-scale incidents point to profound stresses in the corporate security apparatus^vii. The tools and practices that constitute that apparatus, precisely because not mobile optimized, are simply unable to deal with the physical security threat as it stands today.

Security Operations Centers aren’t always optimized for mobile, either

Not just a problem for less mature physical security outfits, we’ve seen more advanced security operations organizations run up against the challenges of ensuring efficient, cost-effective protective security in the age of mobile, as well. Companies have gone the extra mile to build robust Security Operations Centers (SOCs) – facilities that house organized, highly-skilled security teams, equipped with sophisticated technology and well-honed processes – to improve their operational security
posture via centralized platforms for detecting and reacting to security incidents^viii. 

The benefit of consolidating security expertise and reporting into one centralized location, which an SOC encourages, is pretty clear. SOCs receive physical security data from the field to furnish a real-time picture of security threats and vulnerabilities. This centralizing approach cuts down on some of the security siloing characteristic of security incident management in large enterprises. Instead, we see SOCs delivering gains in visibility and increases in security incident situational awareness. Also, when it comes to physical security incidents, SOCs help communicate to and interface with other parties in the business who need to be on high alert if a breach does occur, e.g. Legal and PR.

But SOCs aren’t without their own challenges. Adoption rates remain low, around 48 percent^ix, because of the start-up costs involved; and those expenditures go on top of the usually high cost of outfitting field operatives with expensive hardware. Plus, SOCs aren’t just born mobile ready. Teams must make a proactive investment in a security solution with the pop-up mobile capabilities they need to respond to all security threats quickly and stand up operations easily. What will it take? Read our checklist to find out. 

Pop-up mobile security capabilities: a checklist

Make your security guards your data centers

By definition, security guards are field-focused. But that doesn’t mean they can’t be valuable sources of actionable data, both before an incident occurs as well as in the thick of incident response. The only problem is bog-standard physical security management equipment – remember, mobile security app adoption stands at a paltry 41 percent – doesn’t do a great job of empowering guards to do the kind of data gathering and transmission work that actually reduces security risk and improves response efficiency

To better leverage guards’ data-gathering potential, security teams need mobile physical security software that gives field personnel the ability to easily capture rich logs for patrols, shift changes, parking infringements, lost and found
property, security escorts, and other activities. 

An added bonus: incident reports delivered via mobile also give security managers more context into the security event itself than manual reports, generated hours or days after the fact. 

Add geospatial functionality to a mobile solution

Geographically dispersed asset systems are quickly becoming the rule, not the exception. An unintended consequence: components in the field often lack appropriate physical security

Overcoming that particular challenge takes physical security software that gives teams real-time spatial information, via fully integrated mapping features. That way guards and the rest of the security team can better visualize
the locations of risks, incidents, people, and other assets. 

What specific mapping capabilities are required? Foremost, locations should be automatically geo-referenced, so that teams can create maps of events, assets, risks, etc. Once created, those maps should be publishable on system dashboards, in reports, or as feeds. Software should also enable security teams to design their own maps, by selecting and filtering layers of information, as well as visualizing spatial data.

Finally, the value of map-based search can’t be overstated, either: teams must be able to locate objects in a geospatial area and make workflow related decisions using spatial attributes.

Enhance information flow, enable multichannel communication

Another limitation of traditional command and control operations is that underlying paper-based processes severely restrict the way information flows. In many cases, the business units who help manage risk and response have little to no access to relevant physical security data^x. 

We see stark information flow challenges within the physical security team, too, especially with the default model of getting information from the field (into a war room or SOC) via walkie-talkies. While helpful in facilitating back and
forth conversations, walkie-talkies simply can’t transmit visuals or video, which are often sources of valuable intelligence.

Mobile security apps can, though, enabling teams to communicate, share information, and follow-up across a variety of channels, all within the app itself. A sample of those channels include the following: dedicated, event-specific chat rooms, email, SMS, and app notifications. And therefore, mobile apps dramatically accelerate information capture, which then improves the capacity to mitigate and respond to security incidents. 

Additional, advanced features to improve collaboration in a mobile setting include workspace dashboards for security managers, supervisors, dispatchers, and patrol officers.

Meet duty of care obligations

Physical security threats exacerbated by increasing mobilization (more workers are remote) often compromise legally-mandated occupational health and safety protections. After all, physical security measures must comply with jurisdictional WHS regulations, particularly the duty of care owners owe to their employees. 

Since mobile allows security personnel to capture information faster, it brings much needed speed and efficiency to health incident response, especially when integrated with WHS and EHS software that handles the health aspect of business continuity management.

Other features to consider include best practice safety forms for the most common health and security-compromising incident types: fire, explosion, bomb threat, hazardous materials, industrial action, vehicle incident, etc. 

From business-as-usual to crisis and back again

Protective security has important overlaps with crisis and emergency management, too. Security incidents can spiral into larger, critical events, which usually necessitate coordinated, cross functional interventions. It’s possible, however,
to respond to even those types of incidents within the same, integrated solution. 

Of course, security teams do more than tackle critical incidents. There’re also a number of routine business-as-usual operations they engage in on a daily basis, e.g. patrols, checks, inspections, and business-as-usual logging and reporting. The right, mobile security management solution should bring demonstrable efficiencies to those operations, as well: in essence, scaling up to meet extraordinary incidents and back down for routine operations.

Reduce operational risk with better risk and threat assessments

Maintaining security poses an important operational risk to the organization, as security incidents themselves have massive spillover effects to all segments of the business. Yet, most physical security management solutions on the market don’t treat every aspect of security, including risks and hazards, the complexion of which change quickly in this mobile age.

Rather, those solutions merely provide data capture and analysis as well as other incident reporting capabilities. Sure, those features are important. But limited system functionality impedes incident response, as teams respond without a clear understanding of the underlying risk. Similarly, upper management makes less informed decisions with limited situational awareness, unable to relate incident data to pre-existing risks to the organization.

Instead of ignoring the risk lifecycle, mobile security management software should provide teams with the functionality to conduct facility and event risk and threat assessments, as well as track post-assessment security controls and risk
mitigation actions.

At a glance: What you need in a pop-up mobile solution 

• Event and case management
• Security and risk assessments
• Dispatch and mapping
• Duress alarms
• Crisis and security plans

Finally, company assets, be they human, physical, and cyber-physical, still remain incredibly vulnerable to a wide array of high-impact, physical security threats, mobile risks which ripen into security incidents that staggering levels of material damage. For instance, employee theft alone costs U.S. businesses $50 billion annually^xii. 

And while smaller physical security incidents (think mobile device theft) might not concern senior leaders, those incidents indicate that existing security tools, systems, and practices are insufficient to deal with mobile security threats. What’s needed, instead: mobile protective security software, managed in a unified incident and risk management platform that gives teams all the information and tools they need to scale up quickly and effectively manage all security incidents, threats, and operations. 

Citations

 

^{ii. David Gilbert, Insights by Samsung: Corporate Security Is More Important Than Ever for Enterprises. Available at https://insights.samsung.com/2016/10/11/corporate-security-is-more-important-than-ever-for-enterprises/.}

^{iii. Rave Mobile Safety: Trends in Corporate Security: Survey of Corporate Security Managers Conducted in 2017. Available at https://www.ravemobilesafety.com/hubfs/downloads/Trends_in_Corporate_Security.pdf.} 

^{iv. Ibid}

^{v. Ibid.}

^{vi. Carl Terrantroy, Oracle: How to Solve Your Top Five Facilities Management Challenges. Available at https://blogs.oracle.com/construction-engineering/facilities-management-challenges-solutions.} 

^{vii. Diane Ritchey, Security Magazine: Insider Threat: Why Physical Security Still Reigns. Available at https://www.securitymagazine.com/articles/88959-insider-threat-why-physical-security-still-reigns.} 

^{viii. Renaud Bidou: Security Operation Center Concepts & Implementation. Available at https://pdfs.semanticscholar.org/1ffa/f58ab9379b1d3ef11d18091fc08df777481b.pdf}

^{ix. EY: Cybersecurity regained: preparing to face cyber attacks: 20th Global Information Security Survey 2017-18. Available at https://www.ey.com/Publication/vwLUAssets/GISS_report_2017/%24FILE/REPORT%20-%20EY%20GISS%20Survey%202017-18.pdf.}

^{x. Steve Hunt, CSO: Physical security information management [PSIM]: The basics. Available at https://www.csoonline.com/article/2126002/physicalsecurity-information-management--psim---the-basics.html.}

^{xi. Marko Cabric: Corporate Security Management: Challenges, Risks, and Strategies. Available at https://books.google.com/ books?id=xUGnBQAAQBAJ&printsec=frontcover&source=gbs_ViewAPI#v=onepage&q&f=false.} 

^{xii. Elaine Pofeldt, CNBC: This crime in the workplace is costing US businesses $50 billion a year. Available at https://www.cnbc.com/2017/09/12/workplace-crime-costs-us-businesses-50-billion-a-year.html.}