Dashboards and cross-platform software systems are tech trends that can help security professionals organize data into actionable intelligence. A software manufacturer uses cloud technology to manage incidents, an airport uses data to track parking lot use, and a health insurance provider uses a real-time dashboard to provide improvements in everything from visitor management to officer dispatch times.
High velocity and high volume. This basic definition of Big Data is logical to most security professionals. However, the industry has been grappling with the practical applications of all that information. Some practitioners see Big Data as a solution looking for a problem while others are waiting to see where the technology will lead.
Most industry professionals are just overwhelmed, according to Brian McIlravey, CPP, executive vice president of command center applications at Resolver in Toronto, Ontario, Canada. “In the old days we didn’t have quite as much information to deal with,” he says. “We had access control and cameras. It was easy to take data out and track small trends. The difference now is the sheer amount of data available.”
However, this difference is one of scale—not efficacy, according to McIlravey. “Companies shouldn’t need to search for answers in Big Data. It should be a perfect fit,” he says. “It should shout ‘we have found a problem in the data!’”
Following are the stories of three security professionals who listened to the data and heard it shout. Their experiences, they contend, are portents of Big Data successes to come.
“We want to be more efficient for our benefit and for our customers’ benefit. We are looking for real-time situational awareness across our organization,” explains Brian Weaver, telecommunication analyst for the Minneapolis-St. Paul International Airport, Metropolitan Airports Commission (MAC) in St. Paul, Minnesota. “MAC wants to capitalize on existing information we already have and use that data creatively while still keeping it secure and safe.”
Two years ago, MAC purchased a software platform to pull data from various sources and share it among MAC stakeholders. MAC, which operates the Minneapolis-St. Paul Airport as well as six other regional airports, generates data on everything from flight arrivals to parking statistics to access control data.
Approximately 300 end users operate the platform. This diverse group includes baggage handling system operators, tarmac operations, police, airlines, and Transportation Security Administration (TSA) representatives. “All these different groups are collaborating using the same information for their business needs. That’s why that data is so important,” says Weaver. “The goal is to control that data, use it, and audit it. The platform provides us a great deal of command and control.”
Weaver and his team use the platform to link video and data. For example, MAC will be using a point of sale (POS) system connected to the parking ramps. Customers will be able to pull into the lot and park their vehicles for 30 to 60 days. In some cases, drivers will claim to have lost their tickets forcing MAC to charge a standard, maximum fine.
Once implemented, the platform can tie the POS system to security’s license plate reader (LPR) software. By combining these two systems, the specific vehicle is linked to its transaction data, providing the accurate parking duration. “We can then say ‘no, your vehicle has been here for 60 days,’” explains Weaver. (He notes that the use of LPR data is restricted by both state and federal statute and MAC works within those guidelines to ensure that it does not collect or view the personal data of drivers.)
Weaver is currently in the process of expanding the program to newly constructed parking ramps. He will be running algorithms against the LPR data to determine how many drivers from different states are parking in certain areas of the ramps. This information helps elevate security within the organization by contributing to MAC’s strategic efforts. “This data will help the marketing department, parking operations, and police,” according to Weaver. “Say 500 cars are from Wisconsin or from Iowa. We can then target marketing to those particular states. Parking and police can track lost or stolen cars to a smaller physical section of the parking area and generate vehicle counts for ramp occupancy.”
Similarly, the data will eventually guide the parking group that manages the parking structures. The data can provide statistics on how long people park and where they park. “The data is not being fully used,” says Weaver. “It hasn’t been linked or tied into the various systems. It’s smart data but there is no intelligent means to search it or reorganize it.”
MAC currently has 25,000 parking spaces and the construction will add 5,000 new spaces. New data-gathering technology is being planned to integrate these systems into the project. For example, MAC is including an enterprise-level intercom system and associated mapping of those intercoms to tie back to the system, along with video camera feeds using geographic information system (GIS) locations.
Another big data project includes airline flight display data. Airlines use an overlay of that data—arrivals and departures—on the security camera feeds. This allows security and airline personnel to look at the video from a gate and instantly see that flight information data.
Using a grant from the TSA, Weaver obtained approval to significantly upgrade the system last year and has started connecting even more systems via the platform. “This summer, we are rebuilding our lab environment for testing the data interactions, then we will push solutions out to the production environment by the fall,” says Weaver.
An example of a project already in the works is integration of video, alarms, and the baggage handling system. If a bag jams or the belt is inoperable, the stoppage will trigger an alarm. Simultaneously, a video feed will automatically show the baggage jam to determine what is causing the problem and dispatch maintenance staff accordingly. Weaver hopes to tie various other airport systems together along with security camera feeds in a similar manner.
Weaver notes that while some of the projects in the pipeline are hypothetical at this point, they are all feasible if integrated properly. Even something as simple as a sensor for a burst pipe, for example, can be tied in with cell phones, GPS systems, and maintenance dispatch. “The video system has traditionally been only a security tool, but now we are looking at the organization-wide applications for real time situational awareness,” says Weaver. “It’s a better return on investment and we are providing a business use case for this data.”
As senior director for global security technology, investigations, and services for Microsoft Corporation, Brian Tuskan knows that he had a head start in the race to use Big Data. “I see a lot of security directors get in trouble with the latest hardware that doesn’t integrate,” he says. “The benefit of working for Microsoft is the integration. Whatever tech we build within our infrastructure has to be on the Microsoft platform.”
The advantage is critical for Tuskan, whose overall responsibility for enterprisewide security means he must understand and manage the physical security needs of the global organization with the help of 18 full-time employees and 350 contract security officers.
Leveraging the advanced state of integration at Microsoft, Tuskan and his team built software to monitor the data gathered from physical security devices to assess the health of the overall program. “We already had a tool that many data centers use to manage the health of their servers,” Tuskan explains. “It measures run time and failure rates, for example, to help you plan for life cycle and repair maintenance.”
Two years ago, one of Microsoft’s third-party contractors approached Tuskan with the idea for using the same type of system to assess every IP device on the network. Microsoft approved the project, and now more than 15 types of devices, including duress alarms, cameras, and access control points, are monitored.
More than 27,000 security devices are constantly pinging the operations center, providing real-time information on their operational health. A dashboard organizes and displays the data. The systems center operations manager then uses an algorithm to analyze that information.
Mapping software allows for easy visualization of the equipment. Not only does the software help avoid the problem of finding out that a camera has failed after an incident, it also shows security all the hot spots—what needs to be repaired immediately and what sensors are near failure. “Now, we can build in a budget for repair and maintenance,” says Tuskan. “The data informs a priority matrix detailing what needs to be worked on first and allows for an accurate rollout of maintenance and replacement.”
With two complete years of data gathered, Tuskan’s team plans to do an assessment to quantify the cost savings.
One unexpected benefit of the program is its value to the device manufacturers. Security will be able to provide accurate failure rates for all types of equipment. “The software allows us to see when devices are failing in real time,” says Tuskan. “In the future, we hope to be able to predict when devices will need servicing or replacing.”
Based on the success of this project, Tuskan and his team have turned Big Data loose on Microsoft’s security operations centers. Several years ago, the company merged all 15 of its local security operations centers around the world into three global operations centers.
A year ago, security was able to reduce those three centers into one global operations center, located outside of Seattle, and a call service center in India. “We saw the power of the cloud. We took data that we used to house in our own servers and pushed it to the cloud,” Tuskan says. “We had availability, redundancy, and a robust IT environment.”
Using data on operations center calls, Tuskan found that close to 90 percent of activities in the operations center were noncritical. “These were routine events,” Tuskan explains. “These calls were: ‘I’m locked out of my office’ or ‘there’s a door forced open alarm in the cafeteria.’ All this noise for only a few truly significant events.”
Tuskan’s team is currently using data to hand off the routine inquiries to a third party, leaving the fusion center free to focus on incidents that require decision making. To do this, Microsoft is turning the existing security operations center into a virtual security operations center or VSOC. Instead of having operators managing multiple calls on mundane issues, they will only focus on high-level, life safety, mission-critical calls.
Security recently held a four-day summit with all key stakeholders to determine what technology would exist in a perfect version of a VSOC. A process mapping expert attended the meeting to focus the group and organize the results. “Dream states get very expensive,” says Tuskan. “But you have to have that discussion. There’s a balance where you need to determine how to change operationally and evolve over time into this new way of leveraging technology.”
Security is evaluating more than 116 technologies to determine whether they can contribute products to the VSOC. Tuskan and his team must now assess them to see whether they fit into the overall vision of the project.
Tuskan says they are looking to build a tool for operations that will pull out the information needed and put it on a white wall—a single-view platform. Key decision makers could carry a device that displays the command center virtually anywhere, even in a hotel room halfway around the world.
No matter how high-tech the solutions get, Tuskan notes that the goal is to get appropriate solutions to meet quantified needs. “We can accurately assess what sort of funds we will need. Many security departments are forced to budget through fear. We use data.”
In charge of building security for an insurance company, Jonathon Carrell manages 24 facilities in four states and protects the 4,000 employees who use them. Almost two years ago, Carrell wanted to use data to help guide his team of around 20 in-house employees and 50 contract staff members.
“All of our data was largely trapped in silos with few viable options to correlate data between systems. For the most part, we were left with the lackluster reporting tools built in to each individual system,” says Carrell. “These tools have often proven to be pretty limiting and not very conducive to meaningful data analysis.”
When Carrell started assessing the company’s data collection and analysis system, he found that some functions had reporting features built in. However, most of these were inflexible and provided information only from predesigned fields. Much of the existing data could not be retrieved or filtered. The few systems that did have custom reporting allowed the user to choose a specific field, but did not allow more complex analysis, such as through nested queries, for example.
However, had the reporting function been flexible, it would still have been insufficient, according to Carrell. “Even with the best reporting, we still couldn’t blend information from multiple databases,” he says.
Carrell purchased a product manufactured by Tableau in Seattle, Washington, that allows him to pull data from multiple sources, blend it, and place it into a real-time dashboard.
After Tableau was installed, Carrell began integrating the company’s various reporting systems to automate different processes. The result is live data connections companywide. “If someone is terminated, that is noted in the HR system and then goes to security’s watch list. Then the visitor management system deactivates the former employee’s badge,” explains Carrell.
Efficiency was the driving factor from senior management, according to Carrell. “I wanted to know what we were spending our time doing and how we could better allocate staff,” he explains.
An early discovery was that the operational specialists in the security department were running audit reports for access control and video management systems. However, the staff members responsible for those systems were already trained to do those reports and were far more familiar with the systems in question. Switching audit reporting duties resulted in greater efficiency and accuracy.
Carrell has used the system to assess the security department’s performance. “After tracking our alarm response time over the last two years, we noticed a big difference between the dispatch times of our in-house staff and our contract staff,” he says.
To combat the problem, Carrell established a mentorship program for in-house staff to tutor the contract staff. Though there’s still a gap in performance, that gap has closed significantly and now meets corporate targets. “Our plan is that the mentoring program will slowly and steadily improve contract performance until it matches our in-house team,” he says.
With the project’s success, Carrell says that the rest of the company has become more open to sharing and analyzing data. “We’ve witnessed a huge push to begin integrating our systems largely for operational benefits, but this also had an interesting side effect,” he says. “Once we began talking about how the different systems could interact and communicate with one another, we began considering a broader spectrum of questions that could be asked when blending data between various data sets.”
For example, after replacing an aging access control system, Carrell and his team began to explore the possibilities to determine whether they can integrate video management or tie into HR or internal audits. “At first, we had some pushback from employees,” he says. “But over the last year, we’ve seen a lot more openness.”
Carrell says that the system sells itself as security successfully integrates more systems. Employees become more confident and they can easily see how they could benefit from the technology.
“The ability to easily correlate data among corporate systems gives us a much broader lens to evaluate not just what’s happening now, but in some cases, to identify corporate risks before an event takes place and take action,” says Carrell.