ISC West Wrap: Security market stays robust, as do industry’s challenges
While a massive crowd perusing more than 700 booths at ISC West in April, executives at the Security Industry Association told industry media that market conditions remain strong in spite of economic and political uncertainty.
SIA’s new Chairman, Scott Dunn, Senior Director of Business Development at Axis Communications, and SIA Executive Committee member Mike Mathes, President of Global Growth at Convergint, discussed the organization’s most recent market index, the specter of artificial intelligence, recruitment efforts and more.
The March-April Security Market Index dipped three points from two months earlier to 54, just below the 12-month average of 55. A reading over 50 indicates growth in the security industry.
SIA’s most recent barometer found 72% of respondents describe current business conditions in the security industry as “good” or “excellent” and 28% alone said “excellent.” The results are below the numbers from January to February, when 84% of respondents reported positive conditions at their respective companies.
Roughly the same percentage were optimistic about their business outlook for the next few months and 18% predicted the outlook would get much better.
A joint report by SIA and ASIS evaluating the global security market valued the industry at $405 billion. North America accounts for 30% of the market, followed by Europe (22%), and China (20%) and other countries below that.
The same report, released in March, explored at length the effect emerging technologies and outside threats are having on the industry. The authors lamented other sectors of the industry or even those outside the industry “doing things that integrators have traditionally done,” says Ron Hawkins, Director of Industry Relations at SIA. That group includes big tech, health telcos, IT-managed service providers and even larger end users bringing security in-house rather than working with outside integrators.
The report suggests integrators evolve into managed service providers and take an RMR approach to their business, Hawkins says, rather than focusing on one-off installation projects and maintenance.
Mathes says recruiting challenges are on the industry’s radar as well. Convergint recently made a large donation to SIA to sponsor additional training for the industry, and the company is working in underserved communities at the high school level to bring workers into the industry and bolster Convergint’s internal efforts.
Recruitment Issues
Hawkins believes recruitment efforts must stretch outside the security industry to bring in more talent. “That’s certainly something that has been happening the other way with technology companies outside security recruiting from security, which obviously creates some difficulties for people in our industry,” he says.
About five years ago SIA worked on a career pathways document with ASIS for security practitioners as well as integrators, says SIA CEO Don Erickson. He revealed that SIA will be reaching out to veterans in a new program later this spring to explain how they can join companies such as Axis or Convergint and what job roles may be available.
SIA continues to invest in college and university outreach and offers a four-part security technology curriculum to community colleges.
“We’ve had some conversations with companies this week who want to partner with us and with community colleges to implement that curriculum in the schools. That's another way of addressing it,” Erickson says.
Pulse of the Industry
Dunn and Mathes were asked to provide their thoughts on the “pulse” of the industry and its high-level challenges, as well as the growth opportunities.
While he walked the show floor at ISC West this year, Dunn says, the hot topics are about cybersecurity, the cloud and artificial intelligence, which weren’t mentioned much in the physical security business a decade ago. Most organizations are taking a more holistic approach involving the cyber and physical realms, and consumers of the technology and services “are becoming much more educated,” he says.
Mathes says the industry is facing a very dynamic problem reducing risk with adversaries that are constantly evolving.
“So, the industry, as a whole, is always looking to leverage new technologies,” whether it’s AI, the cloud or other technology, Dunn says. “I think we continue to see the end user demand new and more advanced technologies for them to be able to respond to a dynamic threat that's changing on a regular basis. So, we still see a very robust industry.”
Security Megatrends
Security megatrends were also the topic of the hour at ASSA ABLOY’s 18th annual Systems Integrator Breakfast at ISC West. A panel of industry veterans discussed “Navigating Megatrends for Sustainable Growth,” a session dedicated to three forces shaping the future of the security industry: sustainability, cybersecurity and artificial intelligence (AI).
Hosting the event was Angelo Faenza, ASSA ABLOY Opening Solution’s Head of Digital Access Solutions. Some focus was given to sustainability, a topic of rising concern amidst the growing unrest around climate change, as well as cyber-physical hybridization. But AI won the lion’s share of discussion by a landslide.
A Sustainable Approach to Security
The sustainable security movement was very politically charged in the beginning, but it wasn’t meant to stay that way, noted Faenza: “Now it’s about what’s good for your business.”
Sustainable and efficient security technologies that reduce a company’s carbon footprint or energy consumption may simultaneously offer a competitive advantage.
Panelist Peter Boriskin, Chief Technology Officer for the Americas at ASSA ABLOY, began his talk with the wish that security professionals think about emerging security trends in terms of strengths, weaknesses and opportunities. He outlined a roadmap for symbiosis and collaboration.
“The perception is that sustainability and security are at odds, and that is not necessarily the case,” Boriskin said.
Wireless access control systems, for example, are simultaneously secure, minimally invasive, easy to manage and highly power efficient -- meaning smart buildings don’t have to sacrifice efficiency and efficacy to reduce environmental impact, he says. Those traits may also be highly attractive to clients.
“People don’t think about the non-security benefits of security practices,” he says.
Pivoting again to an opportunistic focus, Boriskin elaborated on his “security with a capital S” approach to innovate holistic security solutions. “As we think about integrated approaches, we have an opportunity to create converged security services for customers,” he notes.
An Expanding Cyber Perimeter
While many security teams are concerned primarily with defending their perimeter, that perimeter has expanded far beyond the physical in modern times. The businesses of today must maintain a robust cybersecurity posture as attacks increase in both scale and sophistication.
“Cybersecurity is not just about opening an infected email,” said Faenza in his opening remarks. “It’s so much deeper. Our products live on the network now.”
The mass connection of once-everyday devices to the internet has opened the floodgates for threat actors to infiltrate systems using somewhat unorthodox methods. According to Chris Warner, panelist and GuidePoint Security’s Senior Security Consultant, OT Security GRC, over two thirds of operational technology (OT) systems are connected to the internet, creating a huge attack vector.
“The more we connect, the more compromised we can get,” Warner elaborated. “We lose eyes and ears on something and we can’t protect it.”
This hybridization of physical and cybersecurity has long been on the horizon, and efforts to more closely integrate the two have been slowly gaining traction in recent years. But the merge has not been seamless. A wealth of outdated technology hampers teams attempting to make the change, Warner says, with legacy systems causing a significant drag on traffic.
“The right side isn’t talking to the left side,” Warner commented. “Physical and cybersecurity have to work together.”
As physical security systems move online in droves, particularly to the cloud, an emergence of hybrid security threats threaten organizations.
According to Warner, recent attacks in certain sectors, including critical infrastructure and healthcare, have aspects of both physical and cyberattacks. Cyber-secure server rooms may still be prone to physical breaches, and physical security systems dependent on an internet connection can be hacked or shut off remotely.
The panelists urged optimism in the face of these new hybridized threats. Boriskin pointed to the wealth of experience physical security professionals can bring to solving 21st century problems.
“Existing sensors working in concert between the two disciplines can create holistic solutions,” said Boriskin. “A lot of our issues are just new versions of old problems, and we have a lot of solutions that we can bring to bear.”
John Dobberstein and Samantha Schober, SecurityInfoWatch.com
Warner likened his defense strategy to “siege warfare,” with employees, or the first line of defense, serving as the “moat.” With responsive employees delaying attackers on the front lines, security teams are given the time needed to address threats, he explains. Risk assessments and documented security plans further improve an employee’s ability to identify and properly react to suspicious activity.
This comes from closer relationships with an organization’s security executives, who must analyze an organization’s risk and pass that understanding down the ladder, says Warner. To do this, there needs to be a clear line of communication from the front line to the C-Suite and senior leadership.
