So Where Is All The Good Stuff We Keep Hearing About In The Security Industry?

Despite the fact that this industry has been where I've remained entrenched for somewhere around thirty of the thirty eight years my career has so far stretched, my opinion of it and the way it conducts itself tends to languish in negative territory more often than not. I bemoan the absence of objectivity or scientific rigor applied to many of the tradition-based practices held dear by some, and the way many practitioners are led by the nose down alleyways forged by equipment vendors who have long-standing vested interests in barring the way to innovation or change, lest anyone begins to notice that so much of what we advocate has so little bearing on the actual outcomes of security efforts in real terms.

We fill endless column-inches in the trade press with groundbreaking stories of fabulous features now coming built-in to so many of the devices we're recommending our client's should spend their budgets on, then totally fail to see them utilized once the job gets into the hands of the contractors who're somehow eking a living out of what's become little more than an offshoot of everything else in the ELV trade.

While the ICT sector evolves, we plod, barely able to gain the slightest crumb of attention from the C-Suite - all far more focused on the anti-phishing initiative somebody with a cybersecurity qualification just told them was the big new thing.

I wallow - year after year...because I've never been good at seeing the light and getting out when the going is good - in this state of despondency, as I attempt to impart a few crumbs of wisdom upon young minds as they pass beneath my gaze, just now and then thinking to myself "you know...maybe I'm just being a bit of a grumpy old shit... Maybe actually we're doing a great job..."

Then something like the Matt Hancock incident pops up.

Like everything - every product, every industry, every attitude - there exist a range of spectra along which all things sit. There are good and there are bad, both of which are defined by a range of somewhat subjective viewpoints that apply to the specifics of the occasion and the circumstances. Budget and resource play their part in the security sector just as much as threat and risk, and often even more so. It must be irksome for the small business owner operating on a tight budget to see how she can get unified security and accepted standards for her digital assets out of the box from cloud providers at the same price per scale factor as any other company on the planet, whereas she will get a highly variable and not very consistent range of offerings from companies of different scales and classes when looking for the protection of her physical assets. No wonder she might be tempted to throw that requirement at her ICT sub-contractor too... I mean, if it's not going to be something clearly defined with an absolute deliverable in terms of bench-marked performance then why not just go with the cheapest?

But for a government department, in a country with what's supposed to be one of the most mature physical security markets in the world (labeled for years the country with more cameras per capita than any other), and a range of industry representative bodies who are supposed to drive quality and excellence across their ranks, how do you get a situation where a camera in a senior official's office is pointed the wrong way and then footage is both observed and captured by an unknown individual and distributed to a media organization?

Setting aside the wonders of technology (none of which are by any means recent innovations) that automatically detect when a camera has been moved or the scene radically changes, or those that maintain auditable logs of where, when and by whom video has been played back or displayed live, or that integrate with Identity & Access Management Systems to provide unequivocal authentication of users each time they log on, how many pieces of basic good practice in security and surveillance management had to be cast aside in order for this video footage to make its way onto the front pages of the tabloids?

Whomever it was providing the Service & Support for this government owned system, were they not following the most basic of procedures for its maintenance and control?

In the same way as one does not simply walk into Mordor, one does not simply turn a camera around.