The security industry’s fast and frequent evolution brings together service and technology. Once a primarily guard-based service today’s industry has grown into a field with highly trained technical professionals, equipped to address workplace violence and corporate espionage.

Video surveillance systems are commonplace in modern facilities, but often serve as a forensic tool, only capable of replaying an event after it happens. Artificial intelligence, which can be integrated into existing systems, offers the opportunity for real-time monitoring. AI tools can perform facial recognition, track people across multiple zones, recognize license plates, detect unattended packages and generate directional travel alerts. These tools enable their operators to respond proactively, potentially preventing incidents instead of only documenting them after the fact.

Effective use of these advanced systems requires continuous programming and maintenance, after installation. Security staff must regularly adjust the system, such as modifying visitor access restrictions or repositioning cameras obstructed by growing foliage. Without this level of diligence, even today’s technology can fail to deliver its full value to the facility.

Common vulnerabilities in security technology include overlooked gaps, missed opportunities to enhance performance and operational inefficiencies. Facility managers and building owners should frequently engage consultants to evaluate existing systems, identify issues and recommend improvements in functionality, effectiveness and overall value.

Subject matter experts

FMs should seek a security expert that they can trust, whether an in-house staff member or a third-party consultant. Good security experts will conduct risk and conditions assessments to apply Crime Prevention Through Environmental Design (CPTED) concepts in developing an overall security design plan. The design plan should have layers of protection and follow the guiding principle that technology should support operations.

Organizations often apply security technology based on what a vendor sold them. Implementing security technology without a risk assessment and plan is like going to a car parts store to solve a performance issue without having seen a mechanic to diagnose the problem.

Security is not set it & forget it

A common misconception is that security technology is a “set it and forget it” type of technology. For example, look at fire and security systems and how they differ. FMs should recognize that, while those are complimentary tools for keeping people safe, they function very differently. Fire alarm systems provide an either/or condition output, meaning either there is an alarm condition or there is not. Security systems do provide that while adding conditional data that needs interpretation. As an example, a video camera may show someone in a restricted area; is it an intrusion or is it an authorized person performing maintenance?

FMs should assign or contract someone to manage security systems. The value of these systems is in how their programming provides actionable information. This requires technical support with specific goals for this staff.

  • Maximizing the potential of technology

    Security and FM professionals must know how to harness the power of their security systems and need support of people who are technically proficient at monitoring and managing these systems. One of the most common gaps is that an organization may not realize the full potential of their system or end devices (cameras) because the system has not been fully or properly programmed. Organizations commonly underutilize their systems, sometimes using only 40 percent of the tools available. This usually happens when a security system is bid, and the contractor only puts in enough time to get the systems started.

  • Programming response instructions

    If security guards are asked to monitor security systems, including video surveillance cameras, they should have detailed instructions on what to do when they observe something or there is an alarm. A critical gap would be a condition in which an alarm is sent, but the security guard does not have instructions on what to do and therefore does nothing.

  • Managing a cardholder database

    The effectiveness of an access control system is dependent on an accurate database of authorized cardholders. This is not a static database; employees are hired and terminated, and vendors and other visitors are registered on a regular basis. An efficient onboarding process reinforces the reputation of a professional organization. Identity verification is a key component of ensuring that access authorization is provisioned appropriately. Ensuring the identity of a potential cardholder is critical in the security of a facility. Many bad actors try to use an identity to obtain access to accomplish their espionage. Similarly, an efficient process of terminating access privileges for dismissed staff members ensures that disgruntled ex-employees cannot come back to do harm. Many auditors focus on these processes.

  • Managing upgrades & patches

    Security systems typically utilize the company network. As such, there are cybersecurity requirements that must be met. The operating systems typically receive security patches at least once per month. These are required to be loaded and matched with the application software. These patches typically provide mitigation known security threats. Not installing patches makes the system a cybersecurity vulnerability to the entire organization.

    Security systems also receive updated versions periodically. As such, the organization should stay current and not fall behind by more than one or two versions. If system manufacturers stop supporting older versions, or new improvements are only on the latest version, new features may be missed because of the lack of upgrades.

    Keep in mind that not all upgrades are improvements. Technical staff should review the changes and make sure the upgrade matches what the organization is using. Sometimes features that are important to an operation are eliminated for some reason, and the organization will need time for a new solution before updating.

  • Providing useful reports

    The security operation’s value to an organization is often measured by what reports and information it provides. Sending management useful information is key to establishing value. These reports may require a person to create, manage and modify as needed. Information that is available, but never shared, is not providing value or increasing security.

  • System upkeep

    Sometimes security systems fall into disrepair because of the lack of service and maintenance. FMs should budget service and perform maintenance appropriately. This includes budgeting for annual support license so that at a minimum, the system manufacturers can provide ongoing support.

    Security systems generate a lot of data, which should periodically be archived or saved. Organizations should determine how long to maintain records and in what format. This record keeping is typically manual. Systems frequently bog down because they have filled storage capacity, and the system starts to use operating resources to manage how to save the data at the same time as the system is running. This results in the system slowing or even shutting down. This is true for both access control systems and video systems.

    It is also not unusual for system components such as a camera, door strike or card reader to fail. It is critical to ensure a service and maintenance program is established; it can be in-house or contracted, depending on the expertise and criticality. Contracted services usually do not respond as quickly as in-house support.

  • System support

    Lastly, how do organizations establish this support? Most organizations will either assign the support to a position (usually in IT) or hire an individual or team dedicated to this function, depending on the size and complexity of the system. Organizations should ensure that the person or team has enough time and knowledge to be able to manage the system and stay current with developments.

    Another method involves outsourcing support. Some organizations hire a managed services consultant or contractor. This could be a vendor that dedicates a day or more to support the system. This can be a cost-effective approach for smaller organizations.

Conclusion

Planning, ongoing risk and conditions assessments, and proper support are necessary to maintain today’s complex security technology systems. It takes a team of experts to make this technology work. New developments are happening every day and just keeping up is falling behind. Bad actors are constantly improving their attack vectors, and facility managers need to invest in state-of-the-art tools that help combat these attacks.