SPA note - ASISFor decades, physical security has been governed by a familiar trade-off. If organizations wanted higher levels of protection, they typically had to accept slower throughput, higher operating costs and increased friction for employees, customers, students, patients and visitors. Metal detectors, bag checks, magnetometers and guard-intensive screening checkpoints became the default tools for managing weapons risk in public and semipublic environments.

These systems worked — at least within the constraints of the era in which they were designed. But the environments that security leaders are now responsible for protecting have changed dramatically. Facilities are larger, foot traffic is heavier, expectations for convenience and dignity are higher, and liability exposure is more complex. At the same time, threats have become more dynamic and less predictable.

Checkpoints-CO1The legacy of checkpoint thinking

Traditional screening systems were designed around technical limitations that required controlled movement and active participation by the individual being screened. People had to stop, remove items, divest belongings, walk through a scanner and potentially submit to secondary screening. The architecture of security was therefore built around queues, lanes and staffed checkpoints.

Over time, innovation focused on making these checkpoints faster or more accurate. However, security leaders rarely questioned the underlying assumption that stopping people was unavoidable. As a result, humans adapted their behavior and facility design to accommodate machines rather than the other way around.

For a long period, this model was acceptable. Traffic volumes were lower, public expectations were different, and liability environments were less complex. But in modern health care systems, corporate campuses, entertainment venues, transit hubs and educational environments, the limitations of checkpoint-centric security have become increasingly apparent.

When protection creates new risk

From a risk management perspective, checkpoints introduce several secondary exposures that are often underweighted in security planning discussions.

Crowd concentration and soft-target exposure. Queues naturally create dense gatherings of people in predictable locations. These concentrations can become attractive targets themselves, particularly in open environments where perimeter hardening is impractical. Congestion also complicates evacuation and emergency response.

Operational and liability exposure. Delays, discretionary screening decisions and congestion increase the likelihood of confrontations, medical incidents, accessibility complaints and claims of unequal treatment. As throughput increases, the probability of operational breakdown rises.

False positives at scale. High-volume screening environments amplify the operational cost of false alarms. Each unnecessary stop consumes staff time, disrupts flow, creates friction with occupants and increases the risk of escalation or complaint. Even modest false positive rates can generate significant cumulative burden.

Experience and brand impact. Security friction increasingly affects customer satisfaction, employee retention, patient experience scores and public perception. In sectors such as health care and higher education, perceived over-securitization can conflict with mission-driven cultures.

Checkpoints-CO2

The limits of interdiction metrics

Historically, physical security performance has been evaluated primarily on interdiction metrics: detection rates, alarm accuracy and the number of prohibited items intercepted. While these metrics remain important, they represent a narrow dimension of overall risk.

A system optimized exclusively for maximum interdiction may unintentionally increase other forms of exposure. More aggressive screening often leads to higher friction, longer queues, increased staffing requirements and greater opportunity for conflict or error. In some environments, marginal gains in interdiction come at a disproportionate operational cost.

From a governance perspective, this raises a critical question: Is the organization truly safer if a marginal increase in interdictions produces substantially higher operational risk?

Security leaders increasingly recognize the need for a more balanced framework — one that evaluates both threat reduction and the risks introduced by the screening process itself.

Checkpoints-FMJExtraToward a balanced risk model

A more mature approach to physical security risk considers at least four interacting variables:

  • Residual threat risk: the probability and impact of missed weapons or prohibited items

  • Operational exposure: congestion, staffing strain, delays and workflow disruption

  • Liability and compliance risk: privacy concerns, accessibility issues and inconsistent enforcement

  • Human experience impact: dignity, trust and organizational culture

The objective is not to eliminate all risk — an impossible task — but to optimize across these dimensions rather than maximizing a single metric at the expense of others.

This mirrors how mature enterprises evaluate cybersecurity, safety engineering and financial risk — through portfolio optimization rather than singular performance indicators.

Technology as an enabler, not the driver

Recent advances in passive sensing, artificial intelligence and sensor fusion are enabling new approaches to physical screening that do not rely on stopping or channeling people through fixed checkpoints. Instead of forcing human behavior to adapt to machines, these technologies adapt detection capabilities to natural human movement.

The significance of this shift is not simply technological. It fundamentally alters the risk equation. Continuous, passive detection reduces queue formation, lowers staffing intensity and minimizes behavioral disruption. It also opens the door to distributed detection models that scale more gracefully with volume.

However, technology alone does not solve governance challenges. Security leaders must still evaluate:

  • How data are collected, processed and retained

  • How privacy and transparency are maintained

  • How alerts are operationalized responsibly

  • How systems integrate with existing response workflows

  • How outcomes are measured beyond raw detection statistics

The transition away from checkpoint-centric security requires thoughtful policy, stakeholder engagement and performance management — not just new equipment.

Implications for security leaders

For CSOs, chief risk officers and enterprise risk leaders — including the CEO — the modern security paradox presents several strategic implications. Here are some measures to consider.

Checkpoints-InfographicThe end of the checkpoint era?

Checkpoint-based screening will not disappear overnight. Certain environments and threat profiles will continue to require controlled access points. But the assumption that security must always interrupt human flow is increasingly being challenged.

As detection technologies mature and risk frameworks evolve, organizations gain the opportunity to move from a stop-and-check paradigm toward a more seamless, intelligence-driven model — one that aligns safety objectives with operational excellence rather than forcing a compromise between the two.

The real transformation is not technological. It is conceptual. It requires leaders to recognize that safety and efficiency are no longer mutually exclusive goals. Risk must be measured across the full cycle of human experience, not solely at the moment of interdiction.

Security has always been about managing trade-offs. The modern paradox is that clinging to legacy trade-offs may now represent the greatest risk of all.