With all kinds of options available to security integration specialists, we often tend to focus on the latest product or technology that is available to offer customers, and, in the process, can lose sight of what is most important: solving problems for the customer.
IT and physical security have become more interconnected than ever before. Almost every new security device—be it a camera, reader or intrusion sensor—is connected to the local network or Internet. This creates both a problem and an opportunity.
Many legacy physical security devices were never designed with cybersecurity in mind. Putting these devices on the network exposes them to hacking and other malicious attacks that can compromise the security system, or even worse, result in a data breach.
For many institutions, the financial impact of a data breach far exceeds the loss or damage to the assets a physical security system is designed to protect and prevent.
Assessing IT Team Needs with These Questions
Many IT departments are overwhelmed by the day-to-day activity of maintaining the IT infrastructure and end-user systems. The specialized software that runs the physical security system may not be a high priority until a vulnerability is detected, or a major support issue arises.
By providing professionally-managed service offerings for customers — such as training, software upgrades, firmware patching and IT project management support —security integrators can help deliver IT-focused solutions that supplement their core competency of physical security.
Delivering IT and security integration services requires understanding the customer’s priorities and needs. Before onboarding a new customer, it is important to perform an initial assessment of them and their environment:
- Are they using on-premises infrastructure, or is it cloud-based?
- What is the standard response and resolution time required within their service level agreement (SLA)?
- What is the escalation path for issues that are outside of the scope of services?
- Do they have a test environment?
- What is the change control process?
Applying regular software upgrades and firmware updates is important to customers to address performance and cybersecurity concerns. The IT industry best practice for software applications is to have separate test and production server environments.
This allows for patches, upgrades and changes to be tested before they are deployed in the production environments.
The Test Environment is Critical to Security Integration
Unfortunately, it is not uncommon to find that the security system does not have a test environment, due to cost or lack of awareness.
For a small video surveillance or access control system, it may not be necessary, but in enterprise applications, it should be given serious consideration due to the size of the system and risks involved.
It is important for a security integrator’s staff not only be certified on the security products they offer, but well-versed in IT project management as well.
Since the physical security systems are tightly integrated with IT systems, project plans need to include detailed steps to implement changes, responsible parties, expected duration and rollback plans in the event of unexpected issues.
It is also vital to have test plans created to validate new functionalities in addition to regression testing of legacy features.
Remember to check interfaces with third-party software and hardware.It’s not advised to deploy a new feature if doing so breaks other critical functionality in the process; and then, only if there is a significant business need to do so.
In some cases, a customer might decide that closing a cybersecurity vulnerability is more important than another functionality, and everyone should be aware of the trade-off.
New technologies and products will always evolve and emerge at a faster and faster pace.
With that, IT organizations often face staffing issues to manage all the components or software of their security or access control systems.
Security integration experts must invest in their employees and customers by training them and equipping them for the challenges faced daily, which could include system patches and upgrades, database management, and data backups and retention.
One of the best ways to help customers is to develop and deliver professional services around their security systems that complement and supplement the skillset of their internal and external IT teams.
By leveraging managed services provided by integrators, IT departments are able to scale their teams without having to staff/resource internally.
Brad Konkle is Director, Integrated Systems for Stanley Security. Reach him at Brad.firstname.lastname@example.org. This article was originally published on sister site Commercial Integrator.