Physical security information management (PSIM): The basics

The concept that’s become known as Physical Security Information Management (PSIM, pronounced P-sim) was introduced to the physical security world in 2006. The idea is that all the stuff of security is actually data. Data that, once contextualized and analyzed, becomes information for making better business decisions. It is applying the concepts of information management and business intelligence to the practices and technologies of physical and homeland security.

In a companion article you’ll find a list of specialized PSIM solution providers.

Why PSIM matters

First, some background. At the moment, improvisational, fragmented, off-the-cuff security management is the norm. It’s common to find security operations and traditional command-and-control centers using paper-based processes and not sharing information. Business units and IT departments rarely have access to data in corporate (a.k.a. physical) security departments. Events are managed separately.

[ See related stories: Physical security risk and countermeasures and Scenarios: How physical and IT security can work together. ]

Access-control-related events are monitored and managed separately from intrusion detection systems, and separate also from environmental sensors and other alerting systems. Many times the people and systems are not even located in the same facility, inhibiting information sharing and correlating. Computers, software and networking are still approached with suspicion. While most security departments use personal computers and digital video storage, there is not a general acceptance of interoperability between systems, or of information sharing in general.

Unfortunately, it’s likely that current trends will widen this gap even further.

Enter Physical Security Information Management

PSIM is the foundation of next-generation security management. It’s not a single product, but rather a set of processes and supporting technologies for physical security management and reporting.

Effective PSIM requires both integration of technologies and coordination with the IT and security processes governing the management of organizational data. The theory has thrived amid dynamic change in the security industry precisely because of its composite nature and multiple benefits. PSIM helps extend security services, improve efficiency and effectiveness, and allow for better accountability. There are several key trends making it more valuable and affordable today:

— Data management best practices are more pervasive. Regulatory compliance and management best practices dictate that computer systems and data be handled in standardized ways, such as according to the guidelines established by the International Organization for Standardization. Security departments are, in general, not compliant with these best practices.

— Business executives are demanding more data. Business decisions are made throughout organizations by analyzing data. Security departments will be forced share security and risk data in ways business executives can understand and appreciate.

— Software for aggregating and correlating security data is more available. (See, for example, SIEM: Dos and don’ts for security information and event management.) Innovations in software development make traditional processes seem less modern.

— Businesses continue to adopt computers, software and networking for performing critical functions. This makes data more available and automation more easily employed.

— The costs of networking sensors and systems continue to drop.

Situation management--one way PSIM is applied

PSIM principles may be used to produce better situational awareness, prompting better security and business decisions. Situation management software creates useful information out of raw video by contextualizing it--unifying video, alarm and sensor data--which improves situational awareness and makes incident responses more efficient.

Many access-control and video management products perform very basic situation management. They may link video of someone walking through a door to a log of when a keycard is swiped there, or associate security camera footage with individual point-of-sale transactions.

But situation-management software is far more sophisticated, capable of visually presenting multiple related events as a single group. It can combine the several separate sets of information registered during a break-in, for example: the door-open alert from access control; the lock-failure alert from a keycard system; the motion-detection alert from a hallway sensor; the video feeds from two or three nearby cameras. The software combines all this into a single view of the available information.

Security directors want to know what’s going on, so they install surveillance cameras, alarms and intrusion-detection systems, and hire security guards. But although these precautions may answer the question, “What’s happening?” they aren’t much help with the follow-up questions, “How important is it?” and “What should I do about it?”

That’s because they don’t correlate the activities they record with those registered by other systems. Therefore, the security personnel watching the cameras may not have enough information to recognize that the person who seemed to swipe his card and walk through the door was not in fact granted access. Similarly, the access-control system recorded the door opening, but it didn’t associate it with the simultaneous lock failure. The individual systems still think everything is fine.

Customers know they need a solution to this problem. The security-advisory firm I founded, Hunt Business Intelligence, interviewed 15 security-system integrators and 40 executive-level security directors about how they plan to deploy PSIM over the next 18 months. Although most organizations were not familiar with the theory, nearly all of them described a desire for improved situation management. To get it, they were turning to integrators, alarm-monitoring equipment, and access control and video management systems.

PSIM is a market of distinct technologies

A PSIM system combines several technologies to:

— Aggregate, correlate and analyze data from various sources, including alarms, environmental sensors (which monitor things like temperature), intrusion-detection systems and video surveillance.

— Present a situational view of data.

— Guide standard operating procedures by documenting efficient best practices for every situation.

— Identify trends by searching through data from current and past events to create reports.

— Audit operator behavior by recording all responses to all alerts for later analysis.

This overview does not include video management systems or video analytics-- although both are common and important components of PSIM architecture--because video management doesn’t fall into the same category as situation management. But video remains very useful in verifying alarms, and the digitized video itself is a valuable data source for a PSIM system.

Replacing the outdated command center

One of the most common laments of the security executives Hunt interviewed was that the security command center wasn’t keeping up with their organizations’ other business units. IT has its network operations center; IT security has its security operations center; corporate security has its command-and-control center. But the physical security command center still “looks like a 1980s police department, complete with a pot of Hills Brothers coffee,” at least according to one executive, who is the CISO and head of corporate security for a Fortune 500 company in the United States. To him, the physical security operation seems more like a campus safety office than a corporation’s business unit. Frustrated with security’s disconnect from the rest of the high-tech company, he cried, “What does command and control have to do with my business?”

He, like so many other IT-savvy business executives, makes decisions based on data, which is organized into useful information. One executive at a very large transportation organization complains that his company’s security command center hoards information. “The paper-based operation relies so heavily on the intuition of the ex-cop security employees that it simply does not give me the data I need to make risk-management decisions,” he says.

In general, end users of situation-management software are satisfied, feeling that the products live up to expectations and improve security operations. For those replacing or enhancing an existing command center, situation-management software extracts extra value from every existing system--more relevance, context or data from alarm, access control and intrusion detection systems, and so on. For those customers without a command center, situation management software makes a suitable foundation for incident response.

Measuring value and ROI can be fairly straightforward with situation management software. One end user, who manages a multi-state utility, says it helped his company comply with federal physical-security surveillance standards in a complex environment. He could have simply deployed cameras, but that would have required more hiring workers to monitor them. By using situation-management software, he was able to increase the number of cameras tenfold without adding a single employee. “Regulations drove us to use the software, but the ROI made the wisdom of the decision obvious,” he said. (Editor’s note: see another ROI study pertaining to surveillance operations.)

PSIM market growth

Adoption of situation management software is still in its early stages; less than $100 million worth was sold in 2009. That is likely due to the perception that PSIM is a fundamentally different technological and procedural approach to security management, not simply an improved way of doing traditional event management. That sense of newness breeds caution.

PSIM spending in general follows the same trajectory that IT security information management (IT-SIM) spending did a decade ago. However, because PSIM incorporates a much greater scope and volume of data--sourced from simple and complex sensors, detectors, networks and computers--than does IT security, it naturally costs more than its IT counterpart. So while IT-SIM spending is expected to reach $1 billion in 2012, PSIM spending that year may be four times that.

The PSIM market reached $1.5 billion in 2008, divided approximately equally between software revenues and services (consulting and integration) revenues. By 2012, services are expected to command about 25 percent more of the market than software. If it hits its $4 billion dollar projection, the market’s compound annual growth rate from 2008 to 2012 will be 28 percent.

In Hunt’s conversations with end-user executives in seven industries, we asked how much money they are likely to spend on PSIM technologies over the coming years. Many North American and European organizations with more than $1 billion in annual revenues have already budgeted and planned for PSIM-like technologies, often expecting to spend over $500,000 on PSIM in the next three years. We have insufficient data to support an estimate of expected spending in other regions, but many technology companies, after establishing a marketing presence in Asia, sell as much there as they do in North America. If PSIM vendors become effective at selling in Asia, revenues from that region could be considerably higher.

Alternatives and conclusions

Because security directors and integrators are so familiar with video-management systems, it is possible that they will be considered a good enough solution for a PSIM-like architecture, especially as vendors better integrate access control, video analytics and external sensors into a single view. However, such architecture would be less functional and valuable overall than a genuine PSIM architecture with cross-platform event correlation and reporting.

Therefore end users with complex environments seeking to comply with security regulations, as well as those who want to improve efficiency, effectiveness, accountability or transparency, should consider situation-management software.

Steve Hunt is the founder of Hunt Business Intelligence. Reach him at steve.hunt@huntbi.com.

Also see:

• Video surveillance as a service (VSaaS)
• Checklist for converged access control
• Infosecurity SIEM for event management
• 19 ways to build physical security into your data center