Managing technology risks for effective estate security
September 2017, Residential Estate (Industry), Cyber Security, Integrated Solutions, Conferences & Events
Security is all about mitigating risk and the main risk mitigation tool in estates is technology-based. Today’s technical solutions not only provide better security, but can also, if planned correctly, save money.
But what about six months or a year after the installation? What risk management processes do you have in place to ensure your security technology is running optimally and delivering the services you require all the time? Are the systems being regularly assessed and evaluated according to a plan? What are the typical risks lurking in the technology that should be evaluated, measured and maintained for enduring security?
Hi-Tech Security Solutions and Rob Anderson hosted the Residential Estate Security Conference 2017 in Johannesburg earlier this year to address these questions and more. This year’s conference was focused on the technology risks that can take a well-designed and functional solution and turn it into an underperforming and inherently insecure risk if not maintained and managed correctly. The event looked at various security technologies, highlighted the risks they face and advised attendees on how to extract maximum value and longevity from their security investment.
Delegates were able to hear from a number of experts in various fields, covering different areas of risk that estates today are dealing with. In addition, 10 sponsors occupied the exhibition area where delegates could wander around and network with vendors and other people worried about security on estates. Just before the lunch break, the five gold sponsors were represented in a panel discussion where they answered questions about their products and solutions aimed at the residential market.
The sponsors were:
• Elf Rentals
• Elvey (gold sponsor)
• Enforce Security
• Forbatt SA (gold sponsor)
• MiRO (gold sponsor)
• OT Morpho (gold sponsor)
• Powell Tronics (gold sponsor)
Risk assessments in security technology
The conference was kicked off with Rob Anderson introducing the topic and the focus of the day: identifying, understanding and mitigating your security technology risks. Anderson introduced the conference attendees to the PESTLE (Political, Economic, Social, Technical, Legal, and Environment) model of analysis, and the conference’s specific focus on the technical side of things.
The reason for his focus on technology is that while physical risk is easy to see, technical risk is not always apparent until something happens. As far as estates are concerned, the technical risks start at the initial quotation.
Anderson says quotations for the same project can be as much as 400% apart in price, which is confusing and detrimental as estates often choose the cheapest option without any thought to why it is cheap. There are also no drawings or data sheets and other necessities included in the quote that the estate would need to make a rational decision. The risk then moves onto the installation, which can lead to many headaches later if not done correctly.
Anderson then briefly touched on other technical risk areas which subsequent speakers would expand on in their presentations. These included lightning protection, power management, cybersecurity, access control, surveillance, total cost of ownership and more. He noted that the topics presented at the conference were only a few of the primary risks estates face today, mentioning a few others this conference did not have time to cover.
Keep your access controlled
Starting at the gate, Glenn Allen from Enforce Security followed Anderson with a presentation on the risks associated with access control. While we may all be used to the various access control processes at estates, Allen noted the risk is still high as about 80% of crime on estates is perpetrated by people who gained access through the front gate.
Allen went through the various access controls we’ve seen over the years, starting with a drawbridge with manual facial recognition for those staying in very old estates. More recently we’ve seen the use of guards who manually verify and authorise entry, followed by stand-alone electronics, including RFID and cards. Then these systems were networked and controlled from a database in a backroom until today where we see advanced biometrics and third-party verification and integration controlling access. The presentation went on to discuss various methodologies and technologies that should be used in access control, such as setting up zones and different categories of access etc.
Database management and maintenance was also discussed, with Allen providing a few pointers on how to manage and ensure your access data is secure and reliable. Naturally, he also spoke about visitor and contractor management and the data that should be collected before allowing temporary visitors in.
For those who are satisfied with manual access control via a boom and a guard at the gate, Allen ended his presentation asking, “If somebody opens the boom on your behalf and you access the property and a crime takes place, were you there?”
The real cost of security technology
We all know the drill. You get a few quotes for a project and take your time assessing each proposal before choosing the cheapest one. A few months, or maybe a year later, you are surprised when your maintenance, repairs and call-out bills are bigger than your full security budget. And it seems that your installer is harder and harder to get hold of.
Roy Alves from Axis Communications was on stage next with a presentation focusing on the total cost of ownership (TCO) of your security installation. He started by examining TCO studies from other industries to show that security is not the only market that doesn’t consider the full lifecycle costs of its solutions.
A 2016 study on mobile devices, for example, showed that CIOs were unaware of 54% of the costs they would be faced with. A 2012 study on the total cost of HR payroll systems showed that HR managers were unaware of 63% of the costs. Most unnerving, a 2011 study on the cost of IT servers showed that 75% of the costs incurred were operational costs, not the purchase price.
Alves then focused on the security industry, using a recent case study from an upmarket golf estate in South Africa as an example. He noted that the costs estate customers are aware of are normally the purchase price and the installation costs; operational and maintenance costs are generally ignored. He offered a simplified view of TCO, broken down into three areas: total cost of acquisition, total operating cost, and total decommissioning cost.
In the case study presented, the TCO over 10 years was around R28 million. This was broken down into R18.7 million for the total cost of acquisition, R8.7 million as the total operating cost, and around R500 000 was the decommissioning cost.
Alves broke the various sections down into more detail, giving attendees a clear insight into the various costs involved in a security system over a number of years. He also touched on the labour and manpower costs, as well as the costs of staffing a control room for the life of the project.
Design for longevity
To assist delegates in recovering from the shock of seeing the real TCO of security systems, Selvan Naidoo from Cathexis Africa was up next to talk about how to ensure the CCTV system you choose will keep on doing its job for the long term and not collapse in three years or less.
His experience in designing and setting up surveillance systems that deliver value stood him in good stead as he highlighted what was required to ensure a return on your CCTV investment.
Naidoo started out talking about how to define the effectiveness of a surveillance system before focusing on the factors required for success. He then highlighted common risks found in surveillance. These included:
1. Poor camera selection and placement.
2. Integration overkill.
3. Operator overload, which reduces their efficiency.
4. A lack of meaningful processes and reports.
Ending the presentation, Naidoo also touched on a few maintenance and operational best practices which estates can make use of to keep their surveillance systems running optimally for the longest period of time.
Practical PoPI for estates
John Cato from IACT Africa was up next, explaining how the Protection of Personal Information (PoPI) Act will impact estates and how they handle the data they collect. He explained some basics of PoPI to attendees and went on to describe what estate managers should do to ensure they comply with the act. The Residential Security Handbook has covered more of Cato’s advice in ‘Manage your data appropriately’.
Practical cybersecurity for estates
Estates need to be PoPI compliant, but they also need to protect their data from the many cyber attacks that seem to be launched every day. David Cohen from BDO Cyber and Forensic Lab was next up to give delegates some insights into how estates can protect the data they gather from cyber attacks.
Cohen offered keen insights into the types of cyber threats we all face as well as the types of people or organisations that may launch them, including the threat faced from insiders looking to profit from the information they have access to. He then went on to describe the many ways of social engineering, tactics used by criminals to persuade you to give them sensitive information, such as phishing, vishing and whaling. And, of course, the risk of ransomware was also highlighted.
It’s also worth noting that sensitive information doesn’t always have to be hacked from afar. Guessing easy passwords is one way of getting into someone’s account, and dumpster diving (going through the garbage to find documents with interesting information that have been thrown out) is another way of gaining access to useful data.
He then introduced the audience to the six cyber-readiness steps organisations can and should take to give them the best defence against the many cyber risks out there. Ending off, he made the point that training is one of the most important aspects of cybersecurity, not only training experts, but also training your staff and making them aware of the risks they face and how that can impact everyone – and, of course, how to deal with the threats.
Surge and lightning protection
Dr Andrew Swanson
One of the more technical presentations was made by Dr Andrew Swanson from the University of KZN. An engineer, specialising in the area of high voltage engineering, Swanson spoke about how best to protect equipment against lightning damage.
South Africa has had an increase in lightning activity recently and the expertise Swanson offered is invaluable to estates as they try to keep their security (and other electronics) running.
The presentation looked at the various instances of lightning and surge damage, such as direct and indirect strikes, and how equipment can best be set up to avoid damage. Of course, a direct lightning strike on an electronic device is going to cause problems for the device, but there are ways and means of preventing the damage from spreading far and wide.
The power must flow
Staying in the power management arena, Riaan Allen from Ultimate Group followed with more insight into how to set up and maintain your power systems (specifically backup systems such as generators and UPSes) for the best performance and longevity.
Riaan was able to provide expert advice on what estates need to look out for when purchasing power management equipment, and he also gave good advice in terms of deciding if your existing installation is going to be reliable or if it’s likely to fail at a moment’s notice. The presentation started with the sales process, moved through the design and installation of these systems (including compliance to various standards), and touched on the tricky issue of sizing the equipment you actually need.
His advice is that buyers should look at the cost of replacing inferior (cheap) products and the expense of repairing bad systems and installation jobs rather than the initial purchase price. When you’re playing with electricity, cheap is not a selling point. In addition, he suggests that a quote should always be accompanied by design documentation and information on the certificates of compliance the installer is authorised to provide.
Coming full circle, MJ Oosthuizen from PinnSec delivered the last presentation of the day in which he referred back to Rob Anderson’s opening presentation. Connectivity is a given in today’s world, even on an estate, but if the systems installed in the server room and on the edge of the estate are installed in a haphazard manner, it increases the chance of something going wrong, increases the time and cost of maintenance as technicians have to sort through piles of cables to find the one they need, and generally makes any repairs or upgrades much harder.
Keeping your servers, storage and the relevant accessories in order and coded according to what the various bits and pieces are used for is critical for successful maintenance and servicing.
Oosthuizen also touched on identifying all the estate’s network and networked assets, which can amount to a large number in the Internet of Things (IoT) age, and ensuring you have a security plan to keep your connectivity up and running safely – which will ensure your users and devices are able to function as required.
He also touched on the IoT in the home, looking at how connectivity can transform a modern home and estate into an easily manageable IoT hub. Of course, security plays a critical role in this regard as your weakest link is the entry point criminals will choose to get into your network
and all the data and devices attached to it.
The Residential Estate Security Conference 2017 ended with another round of networking and a final cup of coffee in the exhibition area. Comments from attendees showed that the conference hit the spot in terms of the technology issues estates are facing today and provided insights into how to better plan and manage security technology.
Hi-Tech Security Solutions and Rob Anderson would like to thank all the presenters for the time and effort they put into their presentations, which were all well received.
In addition, a note of thanks goes to all the sponsors who supported the event.
Hi-Tech Security Solutions would also like to extend its thanks to Rob Anderson for his guidance, advice and the work he put in to help make the conference a success. Look out for the next Residential Estate Security Conference when the show hits Durban and Cape Town.