In recent times, much has been written and spoken about Physical Security Information Management (or PSIM), particularly when it comes to the benefits such solutions can bring in terms of delivering a truly integrated regime for some of the most challenging and complex security scenarios. Stephen Smith argues why more radical and responsible lines of thinking may now be required
Within a risk environment that’s increasingly multi-site and multinational, it’s perhaps not surprising that the stated ability of Physical Security Information Management (PSIM) solutions to orchestrate large numbers of disparate systems via a single platform should find favour with those given a security responsibility.
However, there’s a darker side to PSIM that, to my mind, is threatening to bring manufacturers, security installers and, indeed, the whole security industry into disrepute. The key issue that impacts us all is cost (or, to be more precise, the ongoing cost of ownership).
Most customers will accept that you get what you pay for in life and, as such, certain PSIM systems will cost more than others based on their stated level of sophistication, reliability and performance. What these same customers are also being asked to accept, though, is an ongoing cost for software upgrades and system support that’s wholly unjustified.
The problem began with some of the first PSIM systems to appear on the market in the 1990s. They’d been developed by manufacturers whose roots, culture and commercial knowledge was vested in IT. It was reasonable for them to take their IT industry thinking and apply it to the new world of security, but this simply doesn’t work.
Whereas consumers might accept that their software needs to be regularly updated, so too their PCs, this same concept doesn’t translate into a security environment. PSIM systems were being installed that only two or three years later had to be upgraded. Without that upgrade, the system would no longer be supported. A metaphorical gun had been levelled at customers’ heads: they either paid for their upgrade or accepted that their system was no longer fit for purpose – a risk they simply couldn’t afford to take.
Of course, many of these customers entered into agreements in good faith but were perhaps unaware of the ‘true’ cost of what it was they were purchasing. Some of the numbers involved can be eye-watering. On occasion, the cost of a systems upgrade is as much as 75% of the total of having a whole new system installed, which in itself is an outrage.
When the cost of ongoing maintenance is included, it’s little wonder certain customers come to view security as a grudge purchase.
By investing in a PSIM solution, customers need to understand the total cost of ownership and not simply the initial purchase price. Reliability, scalability and future proofing become three benefits that are not just ‘nice to have’ but rather an essential part of the initial decision-making process.
This message of ‘ownership’ translates into other areas of importance for PSIM solutions manufacturers and buyers. Another accusation levelled at the PSIM world is that we do not take ‘ownership’ of integration or, to be more specific, how easily our systems integrate with third party technologies.
The concept of ‘accountability’ is an important one. Too often, we hear of individual equipment manufacturers stating that ‘the fault is not at my end’, that their system ‘is working OK’ and that they ‘have never had a problem before’. None of these answers were acceptable in the beginning, and they’re most certainly not acceptable today.
As manufacturers, we need to take responsibility for all elements of integration, for evaluating the various Software Development Kits (SDKs) and never blaming a third party when a system doesn’t work.
In short, we need to be accountable and acknowledge where the Buck finally stops.
Advances in technology
Technology has advanced considerably in the last 20 years. Indeed, new technologies and thinking need to be exploited where possible. Modern thought leadership, for example, has tended to move away from the use of multiple servers to ensure the integrity and reliability of each installation and towards a different approach, including peer-to-peer networks.
There are inherent and well-documented problems with server-based systems, particularly in relation to levels of redundancy. They’re also ‘rigid’ and ‘inflexible’ in that they’re both difficult and costly to expand. That’s not to say that system expansion cannot be achieved.
Server farms and new clustering software have helped in this regard, but they’re expensive and don’t migrate in the same way that a peer-to-peer network can migrate and react if something should ever go wrong.
The cost of a Wide Area Network (WAN) for larger systems is also a problem. If a WAN goes down at any point, this can lead to major disruption in communications between multiple sites which is a huge problem.
The ability for customers to expand their PSIM solution in line with demand is of critical importance. Peer-to-peer networks enable businesses to equip local sites on an initial basis and then cluster multiple sites together in the future as their needs change. This has the effect of spreading the deployment cost while also affording the customer the option of moving to a centralised system at a later date.
Systems should allow for each driver to be run as a separate software ‘instance’. This allows the main platform software ‘engines’ to monitor the performance of each individual connection and isolate any driver that’s unstable.
As highlighted earlier, third party SDKs can and have caused issues in the past. After all, this is software developed by a third party equipment manufacturer. Glitches will inevitably occur. As such, the ability to identify issues early – and on an ongoing basis – is vital to the integrity of the whole system.
The combination of separated drivers and peer-to-peer means that even the operating system is being monitored. If a PC operating system ‘hangs’ (ie freezes) then the migration of the drivers will still take place. When using servers, it has been known for a server to ‘hang’ but for the network (and QED the customer) to still believe that it’s connected to it. In this instance, the operator has no indication that the whole system has in fact failed and is unlikely to know unless or until it’s too late and the site has been compromised.
Ease of operability for end users
However sophisticated the systems being developed, another factor that will enhance the reputation of the new generation of PSIM technology will be its ease of use. Some within our industry choose to overlook the critical role that the operator could and should play in how PSIM systems are set-up and designed. What might look good in a test laboratory or on paper can fall at the first hurdle once in the hands of an operator responsible for managing thousands of events every day.
Make the system easy to use and the full advantages of PSIM will be realised. Make it too difficult and the investment has been almost entirely wasted.
There’s little doubt that PSIM solutions have come a long way in a comparatively short space of time. That truism is part of the excitement of our industry, but it’s also part of its problem.
Certain behaviours and cultures have been allowed to take hold while bonds have been tied that now need to be undone. More radical and responsible thinking is required.
Software support for ten years should be mandatory and part of the initial contract where the costs are transparent. Maintenance agreements should be compulsory and upgrades part of an agreed and ongoing support and maintenance contract.
Customers should be absolutely clear on what it is they’re buying and how their PSIM system will perform. Insist on change and maybe then we can repair the damage done to PSIM’s reputation before it’s too late.
Stephen Smith is Managing Director of Intergrated Security Manufacturing (ISM)