Trends for 2019
February 2019, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management
Looking back at 2018, many in the security industry might hope it’s a year that doesn’t repeat itself in terms of company revenues and the amount of new business that became available. Sadly, 2019 does not hold more promise with those in the know expecting to see a zero-growth year in South Africa in terms of equipment sales. The rest of Africa and the world, however, tells a different tale, although there is little to be too excited about.
The reasons for the negativity in South Africa are not a surprise. Political uncertainty, lack of foreign investment, politicians talking up a good show and then failing to implement, labour unrest, high crime rates which will not result in more spend on technology, the national elections and the list goes on.
Looking north we see a different picture. Nobody is expecting a bumper year for security in Africa, but growth is predicted in most of the physical security markets, even if it is still in low single figures. The Middle East is predicted to show better growth in a very competitive market.
The numbers may not tell a good story, but the reality is that the industry will continue and we will see fiercer competition to grab any sales out there. If markets aren’t growing, the only option to increase your market share is to take business away from your competitors. In the security technology market, however this is not that simple anymore.
Gordon Moore, regional manager, Middle East & Africa, ADI Global Distribution told Hi-Tech Security Solutions that one of the biggest challenges he expects to face in 2019 is avoiding the ‘race to zero’.
When customers buy on price, there is always someone willing to shave margins to the bone just to get the deal. Add to this the lower cost products from Asia and we really have a ‘race to zero’ nobody can ultimately win.
How are companies going to deal with this problem? The only solution is to find margin in other areas, to add value as the cliché goes, through what may be non-traditional services for some companies. This is not a uniquely South African or African problem, and we should look for more value-add from security companies as they deal with diminishing returns on product margins. Installers and integrators are also looking at similar challenges and solutions as they find their product margins as well as their traditional service margins cut though competition. This may be a good year for acquisitions and mergers.
On a positive note for the physical security industry, the convergence between physical and logical security will kick up a gear in 2019 and those installers and integrators that have the right skills on board will have a chance to make this an area of growth. Everyone is aware of the cyber risks we face, but many seem to turn a blind eye and hope for the best. As noted in the section on cybersecurity below, that is a bad decision that won’t simply result in embarrassment, but real financial and reputational damage.
Kelly McLintock from ASIS International’s South African Chapter adds: “The ASIS SA team and I anticipate more and more customers will require integrators to meet cybersecurity standards, not only for the systems deployed on their site, but also pertaining to how integrators handle their sensitive information internally throughout our business operation.”
He continues that a definite strategy or framework of best practices will need to be developed for integrators to comply with when placing foreign devices onto a company’s network. “There is a significant installed base out there with default equipment passwords as their only security.”
It’s already here
For those who consider physical-logical convergence to be another buzzword and not something they will see in real-world settings, a visit to DellEMC may be in order.
The company invited Hi-Tech Security Solutions to a presentation held at the end of 2018 where the company looked specifically at its latest and some future offerings as they pertain specifically to the surveillance market.
DellEMC already provides all the components of a surveillance system except the cameras and VMS. It is also one of the largest OEM suppliers to the surveillance industry providing hardware for a large number of leaders in the market. Its latest developments offer end users hyper-converged infrastructure solutions on an enterprise scale that make it simple to set up your surveillance infrastructure and expand or contract them as required, as well as storage solutions that scale and are also designed for companies with multiple locations under surveillance. The company certifies various VMS vendors to ensure the software and hardware function seamlessly, again reinforcing the simplicity mantra.
Making use of products from VMWare (part of the Dell group), the company will be releasing software defined surveillance solutions, once again certified with a variety of VMS vendors. As hyper-converged solution, these products will allow for the quick installation and configuration of a complete surveillance solution, which is flexible enough to adjust as your requirements change. The use of onsite and/or cloud systems will be built into the solution, simplifying the whole process of commissioning and operation. All the users will need to do outside of the DellEMC solution is install their cameras (and the network, but you can also buy network technology from Dell).
The converged storage on offer will collate the storage available from multiple locations and devices, presenting the user with an image of one storage drive (such as a C-drive on your laptop), while the management software handles the technicalities. This has once again been designed for the surveillance market and its requirement of continually writing to disk with intermittent reads. The systems are redundant, meaning you can swap-out a server without shutting down the whole system, among the usual redundancies found in server systems.
DellEMC is also working on a federated analytics platform that will combine the best of edge and centralised processing.
Your world as a service
Moore also believes we will see an increase in the uptake of VSaaS (video surveillance as a service) as well as ACaaS (access control as a service) in the region due to the efficiencies and lower costs these solutions can deliver (depending on the situation, of course). He also believes that artificial intelligence (AI) will enhance these and other security services significantly in the next year or so.
AI was a popular buzzword in 2018 and will remain so this year, but we should see more companies actually delivering real value from AI systems. That is not to say we haven’t seen some interesting developments already, but in our view, the failures and miscalculations from so-called AI-enhanced systems have shown that we are not yet in a world where AI can be relied upon. We expect to see AI taking much the same as the path of traditional video analytics, which took some time to really deliver the results promised.
The trend to ‘as-a-service’ is one area in which everyone will have to brush up their IT and cybersecurity skills if they want to be a serious player. The alternative is to allow the IT crowd to brush up their physical security skills and move in on what for them is new turf – this is, of course, already happening.
McLintock and ASIS SA believe we will see cloud and/or hosted surveillance grow substantially in the next few years. “With AWS, Google and Azure here to stay and offering access to almost unlimited storage and processing power, and major players such as Axis and Avigilon driving cloud, why wouldn’t smaller to medium businesses or businesses with multiple sites not take up this option as the total cost of ownership (TCO) is lower?
“The new entrants into the market who grab this space will not only be the differentiators and disruptors, but also change how South African business handles surveillance.”
ASIS SA suggests the drivers for increased cloud adoption, include:
• Economics of scale as shared infrastructure equals lower cost of ownership.
• A true cloud video surveillance system – or VSaaS – with its associated benefits, is very different from a traditional DVR, NVR, or video management software (VMS) solution connected to the Internet for remote access or remote storage.
• On-demand self-service equals rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand.
• Technology longevity and APIs: Traditional systems have a shorter time to obsolescence. They may start with robust features, but their core feature set is fixed at the time of hardware purchase. You can download firmware updates, but the ability for technology updates is limited (plus updates are done manually and are support intensive). APIs are closed and generally require signing a maintenance contract. Cloud solutions are different; the provider sends automatic technology updates through the Internet to your on-site appliance. Your system is continuously evolving.
• Redundancy and reliability: You are no longer limited to the redundancy built into your DVR/NVR and the added expense of keeping backup servers running. Cloud surveillance data centres have double and triple redundancy. The shared infrastructure results in full server utilisation and economies of scale.
Simeon Tassev from Galix Networking also sees a significant rise in cloud services in 2019, but he notes that as cloud technology has matured, many people have discovered that it is a much bigger risk than anticipated. Even users of global cloud services from companies such as Amazon or Microsoft need to be aware of the security of their data.
These companies do put significant efforts into security, but many people think they guarantee security when using their services. It’s a case of reading the contract and finding out about the limitations in terms of these companies’ liabilities should something go wrong. Of course, the same applies to any cloud provider one chooses to use. This security awareness extends to file sharing services like Dropbox as well.
“In the cloud environment you typically depend on others to manage your server and data security, which is a problem,” Tassev explains. “Companies need to take on the responsibility of managing their own systems. One of the first steps to take is to assign roles and responsibilities to limit who has access to your data, making sure it is not open to one and all.”
You’re not securing your systems in terms of hardware anymore, but your data. This means you need to know where it is, the level of sensitivity of the various bits of information you have stored, who would need access to the data, and what kind of access is required by whom in what situation. This leads into the need for more effective identity management and authentication procedures for your cloud-based data. And, of course, on-site data as well (see the Suprema sidebar for some insights into biometric authentication in 2019).
Droning on about drones
Another area of growth in the physical security market will be unmanned aerial vehicles, or drones. McLintock explains that the drone is not novel and has been widely used in military operations or scientific research for decades, but with the lowering costs of drones and their improved capabilities they continue to gain a foothold in increasing numbers in the safety and security industry.
“As the increase in technology to support drones becomes more mainstream, with native integration into video management systems and radar systems, UAV technology has the ability to change the industry as a hole and will trend for a number of years to come. Unfortunately, local South African restrictions are slowing the adoption of this game-changing technology, but it is certainly a trend to watch for adoption in scenarios such as providing real-time insight into security and emergency situations for better control, precise intelligence gathering, comprehensive situational awareness and more informed decision making.”
Drones can also be deployed with the capability to react to specific situations, including unmanned weaponry (paint ball pepper ball gun mounted on-board), the capability to drop paint grenades, the ability to drop fire retardants directly into the centre of a fire, mapping and remote patrol, site inspection and more.
Security on the radar
Another area that seems to have suddenly exploded onto the security scene with many companies releasing or planning to release products is ground-based radar. The ASIS local chapter believes that radar will feature in a large way in 2019 due to the multiple benefits of covering large areas and events, and early alarm management. The simple reason is radar gives the user the ability to drop the false alarm rate to almost zero, identify and classify the target at a distance from the perimeter, no matter the weather. Of course, buyers should be aware of the various radar technologies available and their specific capabilities and limitations.
“Radar simply has to be brought in as one of the security trends for 2019,” states McLintock, “with a number of vendors bringing their offering to market, including major cross-platform players such as Hikvision, Axis and Avigilon, as well as niche players such as OWL Ground Aware, Magos and Blighter.”
AI and machine learning
With the ability to learn and develop from a vast network of connected IoT sensors, the evolution of artificial intelligence has the capability to enhance security operations, improve situational awareness and facilitate real-time decision making, says ASIS SA. Security systems can now connect with building controls and other critical systems through software that learns and apply algorithms and actions to specific events learned. Specific drivers for the AI trend include:
• Analytics: artificial intelligence through video analytics is evolving at a rapid rate and achieving a level of maturity which will proliferate into 2019 and beyond, says McLintock. The increasing cost and reliability analytics and AI, and the ever increasing cost and reliability of labour in South Africa is definitely driving demand and migration towards this technology, it is proven to be of value. AI is not a silver bullet, however, but rather an enabler.
• The maturity of the detection algorithms in analytics has hit the point where analytics makes sense in terms of finances, reliability, ease of use, and ease of deployment. Protecting our perimeters and businesses using analytics leads to much lower false alarm rates (pushing them to almost zero), which directly impacts business costs.
• Facial analytics, human and object recognition/detection. With the majority of the manufactures now making these AI-enhanced analytics available and the accuracy getting to the upper 90th percentile, the question is how will South African business use this technology and will the old boots on the ground brigade acknowledge and use this game changing technology?
“Increasing labour costs and the reliability of analytics and AI place them at the top of the list of trends to watch,” McLintock continues.
The cyber security question
With companies like Liberty Life acknowledging a breach of their systems and global giants like Maersk losing hundreds of millions of dollars as a result of a ransomware attack, cybersecurity is not something anyone can ignore, whether a corporate or a home user – or if you deal with physical security.
Looking at the cybersecurity, a frequent contributor to Hi-Tech Security Solutions, Craig Rosewarne from Wolfpack Information Risk had this to say regarding the cybersecurity outlook for 2019: “I believe in 2019 we can expect more of the same but with a specific twist.”
1. Governments – Politically or terrorist-motivated attacks against critical infrastructure networks.
2. Companies – An increase in extortion based attacks, especially where sensitive personal information is stolen and companies are offered the choice to pay the criminal instead of a hefty fine and the associated reputational harm.
3. Individuals – In 2018 we saw a large increase in sextortion attacks and scams. Thanks to the large volumes of breached information, attackers are able to create more ‘personalised’ messages to trick their victims – watch this space.
Supporting this sentiment, security mover and shaker Kevin Pearman told Hi-Tech Security Solutions he expects to see a major breach on the African continent in 2019. This will be accompanied by a double-digit increase in cyber-attacks driven by the lack of cyber governance in many African countries. This will have the result of focusing many governments on the importance of governance as well as some form of central cyber command structure to prevent catastrophes.
Pearman is also excited about the adoption of digital identities in certain African countries. A digital identity will change the way almost everything in these countries works, from voting through to personal and corporate finance, and even micro-finance. Naturally, he says that a transformation like this is a journey, not simply installing a bunch of new products, but his work in Africa has seen many governments realising the benefits of digital IDs, both on a national and individual level. Now we need to wait for these governments to push the digital agenda and we will see some major changes.
Vox’s Mayleen Bywater adds, “This year will likely be characterised by the sophistication of attacks rather than too many new forms of malware and attacks. Perpetrators are getting smarter and they will be more precise and defined in their execution. As such, businesses will continue to have a sense of unease in terms of their security posture as they move their data to the cloud, adopt a hybrid and or a multi-cloud strategy and utilise more cloud applications, including social media.”
Extortion or mining
Bywater adds that the top three cyber-crimes in South Africa remain phishing, impersonation or social engineering, and ransomware. “Data breaches continue to be a key driver for criminals to make their money by holding businesses or individuals’ data ransom. The easiest way for them to gain access to data is still via email and the human firewall, which is the biggest risk for most businesses.”
Galix’s Tassev has a similar, yet somewhat different view. While ransomware and extortion will remain a threat, he sees an increase in cryptomining as more of a threat in 2019. Last year saw many individuals and companies falling prey to this form of malware, and due to its profitability, Tassev sees it increasing this year. (Cryptomining malware is installed on a victim’s computer or downloaded into their browser from an infected website from where it mines cryptocurrencies without the user’s permission, using their computer resources and bandwidth. While cryptomining malware generally does not steal information or do lasting damage, users can find their systems slowing down and becoming unresponsive.)
As far as regulations are concerned, Bywater notes, “Locally, the PoPI Act is imminent with the Information Regulator busy putting processes in place to monitor and enforce compliance of the act. The Cyber Crimes Bill was passed by the National Assembly in late November and is nearing being signed into law. Companies must familiarise themselves with the bill both in terms of how it protects them from cyber criminals as well as the risk they face if they or their staff commit a cyber-crime. Both pieces of legislation guide local companies and push them to achieve a robust security stature.”
Tassev says the industry really needs regulations that force companies to disclose breaches in order to allow the real victims – the people whose personal information was not properly secured – to take measures to protect themselves.
Skills, skills and skills
Skills and training should be part and parcel of any organisation’s agenda these days, but in the converged security world it’s worth stressing the need for user training. Technical training for physical and cybersecurity employees is a given, but Tassev notes that focusing on awareness and training when it comes to cybersecurity is something all your employees need to be exposed to.
As noted before, the weakest security link is the person and with social engineering, phishing and other mechanisms to gain credentials and access to corporate assets, it is critical that employees are trained to be aware of what they are doing when, for example, they click on links in emails. Cyber-awareness training is a global issue at the moment and staff should be kept aware of what’s happening to ensure they aren’t responsible for their companies being breached or held to ransom.
Tassev says there are many options available for this type of training and business leaders need to ensure their employees have an understanding of good practices in terms of what is required of them when faced with a strange looking invoice or a surprising lottery win – and this includes the top tiers of companies as well as they are often the juiciest targets.
These are a few of the expected trends in the general security market this year.
If you think we’ve missed anything important, feel free to send an email to email@example.com and we’ll cover it in the next issue.