By Jonas Ramos
FM Middle East looks at the holistic approach to security management, the way security services are delivered here in the UAE and the technology and systems that support them.
Over the last twenty or so years the international security industry has evolved from a labour-intensive, low skill-based manual operation to a technology-dependant and sophisticated profession.
In today's current climate, security is a major international issue. However on a business level, unless security is viewed as ‘business critical', the security function is often regarded as a necessary evil, with an associated cost and a low perceived value.
Consequently, although it may seem obvious that every organisation needs to have a formalised security management policy, the role of ‘security manager' is invariably assigned to an individual with little or no specific training and even less higher management assistance or guidance.
The easiest and most obvious route for the ‘security manager', who will often have the role integrated into other ‘non-core' functions, is to turn for guidance to the most visible members of the security industry - and that is normally the security contractor.
But as Brad Campbell, senior security consultant at Viridian Consulting, points out: "Unfortunately most security contractors don't have the training, experience or expertise to actually see any aspect of security beyond the supply and installation of security technology, together with manpower. This results in the common perception that security technology and a security officer watching monitors gives you effective security management."
As the security remit changes and develops, this approach will often result in a portfolio of separate unrelated pieces of kit that may work effectively but which are discreet from each other and offer no interoperability or integration capability.
Campbell believes that for any organisation you need to look at security management from a holistic viewpoint, where you incorporate the actual management philosophies and architectural constraints with the development and deployment of technology. This should ensure the resulting security management function provides the most effective solution, while also providing the best value for money.
"Rather than installing technology and trying to adapt the business to work round it, a holistic approach requires that management understands the business and provides an overall solution that enhances current business practices while helping to secure the business effectively."
This is a view mirrored by Adil Abdel-Hadi, managing director of International Electronic Security. "Organisations need to safeguard their assets, personnel and profitability. To achieve these objectives, they need to formulate and implement security policies - policies that need to be viewed as part of a wider management function and that should be integrated into the organisation's whole corporate philosophy. Put simply, the security policy has to be derived from the overall corporate policy and it needs to assist the organisation in attaining its goals."
Security management is also a fluid process that needs regular reviews and should be viewed as an on-going project of improvements and refinements. "Many companies make the mistake of only reviewing their security policy when an undesired event occurs," says Abdel-Hadi. "If you are serious about security, you need to implement professional methods to assess your security needs and you need to review these methods continuously."
If issues surrounding policy are universal, the Middle East has its own unique set of problems and demands when it comes to implementation and the technology that supports it.
Simon Precious, director of the Solutions division, Transguard Group, has many years' experience designing and implementing security systems in the UAE and understands all too well the issues around bringing hi tech solutions to a traditionally low tech environment.
"I don't think it is unfair to say that as a general rule the industry here lags behind the rest of the world. The technology is here, the money is here and to a large extent the willingness to implement that technology is here. What is often lacking are the skills and ability to make use of the technology to its full potential, combined with issues over the reliability and cost of the underlying infrastructures."
When it comes to the underlying infrastructure, and to the telecoms networks in particular, Campbell is a little more candid. "Concern over the strength and reliability of the systems is one thing, but the costs here are extremely prohibitive. Unless the nature of an organisation's core business really demands it, it is hard to make a cost-based business case for effective and efficient information and data sharing across multiple sites or facilities. The cost of the bandwidth and provisioning is just too high."
And as Precious explains, this automatically imposes restrictions on the scope and capability of the security management policy. "Elsewhere in the world, real time data sharing is a prerequisite for organisations, not just for their security remit but across all their information systems. When the cost of such a universal tool is a factor, it is obvious that companies will look to adapt their policy to avoid such costs. In other words the systems are dictating policy rather than policy dictating systems - which is never a healthy situation to be in."
Both Precious and Campbell are hopeful that the introduction into the market of a second telecoms provider will encourage competition and ultimately drive costs down and reliability up.
Even with total organisation and management buy-in, technology-driven security management systems often have a common weak link that impacts greatly on the way the whole system functions: the system/operator interface.
"There are a number of issues surrounding this and unless they are effectively addressed, there will always be problems. No matter how sophisticated, sturdy and reliable your system, it will only be as good as the person operating it. And that is not just a criticism of the actual operator as there are issues over management capability. The knowledge gap between here and the rest of the world over best practice and reporting function expectations are immense in many cases," says Campbell.
It is not just about skills sets and training although these are two of the main problems. "Investment in training is way below what it should be here, not just in our industry but across the board," believes Precious.
"The quick-fix route is to import those skills you need from overseas at the lowest possible rate. Unfortunately, the skills we require are not directly transportable and there will always be a system-specific training requirement. We have seen many systems in the UAE which are far too complicated for the competency of the operator. Customers have often been the victims of vendors who have not considered fundamental system/operator interface issues."
Campbell also believes that suppliers need to take some of the responsibility and too often forget the multilingual nature of the UAE. "Many stick to the traditional mouse and keyboard with English as the universal language, when alternative more intuitive interfaces could alleviate many problems.
"One route is to work within the limitations the client gives you. Simplified interfaces with multiple languages and intuitive touch screens are an obvious solution and although they may restrict the functionality of the system, they should at least help guarantee the efficiency and accuracy of the functionality they do have."
Having said this, if you do get the right ingredients, in terms of client buy-in, budget, qualified operators and competent system designers, there is no reason why the result cannot match the best in the world. Transguard Solutions has just designed and built Emirates Group Security's Control Centre.
"As an integrator designing the system/operator interface we were fortunate to be working with properly trained operators, so the system's functionality was matched accordingly. We were also fortunate to work alongside a client who knew exactly what they required from their security system. As a result Emirates Group Security has achieved TAPA (Technology, Asset, Protection Association) certification through the vision that upgrading systems and procedures is the way forward in the aviation security industry," explains Precious.
Convergence of systems over IP networks is an issue here just as elsewhere in the world. And although they are the current buzz words in the security industry, many security managers are not aware of the disadvantages of IP solutions and the problems they potentially face. "There are the fundamental issues of functionality, fit for purpose and legacy systems, but one aspect that is often overlooked is the danger of not keeping the security network both separate and secure from the rest of the organisation's networks, and their maintenance people."
Precious, Campbell and Abdel-Hadi recognise that the industry here lags behind certain parts of the world, but that in some ways this is just a by-product of the regions rapid route to success, combined with a traditional reliance on a labour-intensive solution to most problems.
Campbell is convinced that the market is currently far too unsophisticated and apart from at the high end is too reliant on the quickest, cheapest route rather than looking to long term system capability and total life costs, "a mindset that needs to change."
Abdel-Hadi identifies training as the key to development while Precious is optimistic that the UAE market is ultimately capable of competing with the best in the world.