TheFiveTechnologicalForcesDisruptingSecurity: HowCloud,Social,Mobile,BigDataAndIoTAre TransformingPhysicalSecurityInTheDigitalAge 1stEditionEditionSteveVanTill
https://ebookmass.com/product/the-five-technological-forcesdisrupting-security-how-cloud-social-mobile-big-data-andiot-are-transforming-physical-security-in-the-digitalage-1st-edition-edition-steve-van-till/
Instant digital products (PDF, ePub, MOBI) ready for you
Download now and discover formats that fit your needs...
Critical Security Studies in the Digital Age: Social Media and Security Joseph Downing
https://ebookmass.com/product/critical-security-studies-in-thedigital-age-social-media-and-security-joseph-downing/
ebookmass.com
People-centric security : transforming your enterprise security culture 1st Edition Hayden
https://ebookmass.com/product/people-centric-security-transformingyour-enterprise-security-culture-1st-edition-hayden/
ebookmass.com
Physical Security Principles
https://ebookmass.com/product/physical-security-principles/
ebookmass.com
A Dance With Obsession: A Bodyguard Romantic Suspense : (Dunn Security Group Book 1) Lizzie Owen
https://ebookmass.com/product/a-dance-with-obsession-a-bodyguardromantic-suspense-dunn-security-group-book-1-lizzie-owen/
ebookmass.com
Undying: A Hellequin Universe Novella Steve Mchugh
https://ebookmass.com/product/undying-a-hellequin-universe-novellasteve-mchugh/
ebookmass.com
Coral Reef Rescue Coral Ripley
https://ebookmass.com/product/coral-reef-rescue-coral-ripley/
ebookmass.com
Basic Principles and Calculations in Chemical Engineering, 9th Ed. 9th Edition David Himmelblau & James Riggs
https://ebookmass.com/product/basic-principles-and-calculations-inchemical-engineering-9th-ed-9th-edition-david-himmelblau-james-riggs/
ebookmass.com
Biology in focus. Year 12 2nd edition. Edition Sarah Jones
https://ebookmass.com/product/biology-in-focus-year-12-2nd-editionedition-sarah-jones/
ebookmass.com
Calling on Quinn Blue Saffire
https://ebookmass.com/product/calling-on-quinn-blue-saffire/
ebookmass.com
https://ebookmass.com/product/until-the-end-juno-rushdan-2/ ebookmass.com
TheFiveTechnological ForcesDisruptingSecurity
Bethesda,MD,UnitedStates
SteveVanTill
Butterworth-HeinemannisanimprintofElsevier
TheBoulevard,LangfordLane,Kidlington,OxfordOX51GB,UnitedKingdom 50HampshireStreet,5thFloor,Cambridge,MA02139,UnitedStates
© 2018ElsevierInc.Allrightsreserved.
Nopartofthispublicationmaybereproducedortransmittedinanyformorbyanymeans,electronicor mechanical,includingphotocopying,recording,oranyinformationstorageandretrievalsystem, withoutpermissioninwritingfromthepublisher.Detailsonhowtoseekpermission,furtherinformation aboutthePublisher’spermissionspoliciesandourarrangementswithorganizationssuchasthe CopyrightClearanceCenterandtheCopyrightLicensingAgency,canbefoundatourwebsite: www.elsevier.com/permissions
ThisbookandtheindividualcontributionscontainedinitareprotectedundercopyrightbythePublisher (otherthanasmaybenotedherein).
Notices
Knowledgeandbestpracticeinthisfieldareconstantlychanging.Asnewresearchandexperiencebroaden ourunderstanding,changesinresearchmethods,professionalpractices,ormedicaltreatmentmay becomenecessary.
Practitionersandresearchersmustalwaysrelyontheirownexperienceandknowledgeinevaluatingand usinganyinformation,methods,compounds,orexperimentsdescribedherein.Inusingsuch informationormethodstheyshouldbemindfuloftheirownsafetyandthesafetyofothers,including partiesforwhomtheyhaveaprofessionalresponsibility.
Tothefullestextentofthelaw,neitherthePublishernortheauthors,contributors,oreditors,assumeany liabilityforanyinjuryand/ordamagetopersonsorpropertyasamatterofproductsliability, negligenceorotherwise,orfromanyuseoroperationofanymethods,products,instructions,orideas containedinthematerialherein.
LibraryofCongressCataloging-in-PublicationData
AcatalogrecordforthisbookisavailablefromtheLibraryofCongress
BritishLibraryCataloguing-in-PublicationData
AcataloguerecordforthisbookisavailablefromtheBritishLibrary
ISBN:978-0-12-805095-8
ForinformationonallButterworth-Heinemannpublications visitourwebsiteat https://www.elsevier.com/books-and-journals
Publisher: CandiceJanco
AcquisitionEditor: CandiceJanco
EditorialProjectManager: HilaryCarr
ProductionProjectManager: PunithavathyGovindaradjane
CoverDesigner: MarkRogers
TypesetbySPiGlobal,India
ABOUTTHEAUTHOR ...................................................................................xiii PREFACE .......................................................................................................xv ACKNOWLEDGMENTS ..................................................................................xix
CHAPTER1
FromPackagestoPeople....................................................1
TheConsumerizationofSecurity.....................................................3
EarlyClouds,SunnySkies................................................................4 AnIoTStory......................................................................................5
FromPremobiletoMobileFirst......................................................7
BigDatainItsInfancy......................................................................8
SocialSpaces....................................................................................9 Dot-ComReduxinPhysicalSecurity.............................................11
TechnologyAdoptioninPhysicalSecurity.....................................11
Section1TheCloud
CHAPTER2 TheRun-UptoCloud..........................................................17
CloudMeetsanIndustryofLateAdopters....................................17 SkatingtoWherethePuckHasBeen...........................................18 SaaSbyAnyOtherName...............................................................19 MarketersRunWithIt....................................................................20
InternetProtocolBlazestheTrail.................................................21 BeforeWeCalledIt"Cloud"...........................................................22 FiveEssentialCharacteristicsandWhyTheyMatter....................22 ServiceModels:ApplicationsvsInfrastructure............................25 DeploymentModels:PublicCloudsvsPrivateClouds.................26
CHAPTER3 TheTippingPoint................................................................29
TheDriversofAdoption..................................................................29
ABalancedViewofCyberRisks....................................................30
BeyondStack-a-Box.......................................................................30 AreWeMoreConservativeThanOurCustomers?.......................31
WhatAboutResidential?................................................................73
Biometrics&MultifactorAuthentication.......................................74 Transformation...............................................................................75
What’sMyMobileStrategy?...........................................................76
Section3TheInternetofThings(IoT)
CHAPTER8 WhyIoTMattersinSecurity...............................................83
Security:AlreadyanIoTBusiness.................................................84 GroundZero....................................................................................85
WhatIsIoT,Anyway?......................................................................86 AProjection....................................................................................87
It’sAllAbouttheData....................................................................89
Cheaper,Smaller,andMoreDiscreet...........................................90 BigWaveorTheBiggestWave?....................................................91
IoTWillBecomePartofEverything...............................................92
TheIndustrialInternetofThings...................................................94
CHAPTER9 AllSecurityIsNowCybersecurity......................................97 LifeImitatingArt.............................................................................98 AGlobal,Residential,Commercial,andEven UniversalRisk.................................................................................99
CloudSecurityRedux ButWorse..............................................100 DeviceAuthentication:DoIKnowYou?.......................................101 OrphansWithoutGovernance......................................................102 TheUpdateTreadmill...................................................................103 APathForward.............................................................................105
CHAPTER10 IoTTechnologyandStandards..........................................107
TheNeedforStandards...............................................................109 ArchitectureMatters....................................................................111 BuildingBlocks.............................................................................112 GatewaystotheFuture................................................................114 WirelessWhirlwind.......................................................................115 TheStandardsBattlefield............................................................117 CurrentStateofPlay....................................................................119 StandardsOrganizationsandConsortia......................................120 ProprietaryFrameworks..............................................................123
CHAPTER11 TheNewPlayingField.......................................................127
What’sOldIsNew—AtLeastforStartups..................................128 LargeTech&TelecomEyePhysicalSecurity—Again................130 ConsumerizationandIoT.............................................................132 WillIoTbeDisruptive?.................................................................134
Section4Data:Bigger,Smarter,Faster
Section5Social+Identity
CHAPTER17 SocialSavesLives..............................................................191
VirtualSocialMediaWorkingGroup............................................192 TheUnitedNations.......................................................................192 SocialMediaforEmergencyManagement(#SMEM)..................193 PowerShift...................................................................................193
NotYourKid’sSocialMedia.........................................................195
CHAPTER18 OntheInternet,NoOneKnowsYou’reaDog..................197 IdentityasaService.....................................................................198 WhatIsanIdentityStandard?......................................................199 AuthenticationvsAuthorization...................................................199 AuthenticationStandards.............................................................200
CHAPTER19 SocialSpaces.....................................................................203 WhatDoesitMeantobeaSocialSpace?...................................204 It’sAllAboutIdentity....................................................................206 CommunicationandCrowdsourcing............................................206 SecurityasaCustomerExperience.............................................207 Disruption.....................................................................................208 Strategy.........................................................................................209
Section6TheFuture
CHAPTER20 TheSecretsoftheUniverse..............................................213 AdoptionScorecard......................................................................214 MyGeneration...............................................................................218 ANewMissionforSecurity..........................................................219 WhatGoesAroundComesAround..............................................219
AbouttheAuthor
SteveVanTillisthecofounder,president,andCEOofBrivoSystems,apioneeringcloudservicesproviderofaccesscontrol,videosurveillance,mobile,and identitysolutionsdeliveredasaSaaSoffering.Healsoservedsince2011as chairmanoftheStandardsCommitteeoftheSecurityIndustryAssociation. Heisafrequentauthorandspeakerfornumeroussecuritypublicationsand forumsandtheinventorofnumerouspatentsinthefieldofphysicalsecurity. In2009,StevewashonoredbySecurityMagazineasoneof“thetop25most influentialpeopleinthesecurityindustry.”
Mr.VanTillwaspreviouslyDirectorofInternetconsultingforSapientCorporation,whereheledclientstrategyengagementsforthefirstwaveofthedotcomera.Atthehealth-careinformaticscompanyHCIA,Stevewasresponsible forInternetstrategyfordataanalyticsservices.Stevealsohasover10years’ experienceinwirelesscommunicationsasVicePresidentofsoftwaredevelopmentatGeoStarandasDirectorofSystemsEngineeringatCommunications SatelliteCorporation(Comsat).
StevelivesinFulton,Maryland,withhiswife,Robin.
Preface
Wearefortunatetobelivinginoneofthemostexcitingtimesinthehistoryof moderntechnology.Dozensoftechnologicalcurrentshaveconvergedand amplifiedandremixedwitheachothertoacceleratethepaceofinnovation beyondanythingmankindhaseverseen.Wearesimultaneouslylivinginatime whenphysicalsecurity—or,moretothepoint,lapsesinphysicalsecurity—has becomearegularandunfortunatepartofthedailynews.Butphysicalsecurityis nolongerjustphysical.Modernsecuritysystemsarenowthoroughly cyber-physicalsystems,whichmeansthattheyhaveinheritedboththepowerandthepitfallsofthedigitalworld.
Thepast30yearshavewitnessedmanymajortechnologyexplosionsthathave changedthewayweinteractwitheachotherandourworld.Millionsgained theirfirstcomputingexperienceduringthePCera.TheInternet—withalittle helpfromsomefriends—coalescedtheseindividualcomputingexperiences intothecollectiveexperienceofsocialnetworksthathavethepotentialtoconnecteverypersonontheplanet.Thesmartphonethenassuredthatwedidn’t havetoleavehomewithoutit.Andnow,beforeoureyes,wearewatching theriseoftheInternetofthings,alongwiththebigdataandanalyticsystems necessarytomakesenseoftheunprecedentedvolumesofdatatheycreate.
Physicalsecurityisrightinthemiddleoftheseupheavals.Itisbeingtransformedbythefivetechnologicalforcesthathavebecomethesignaturechange agentsofourera:cloud,mobile,IoT,bigdata,andsocialnetworks.Howand wherethesechangesaretakingplace,aswellastheeffectstheywillhaveonthe practiceandbusinessofsecurity,arethesubjectsofthisbook.
Thetechnologyadoptionlifecycleisawidelyusedframeworkforunderstandingtheacceptanceofnewtechnologies,anditfitsthechangewearewitnessing acrossthephysicalsecuritymarket.Thelifecycleconsistsoffivestagesofadoption.Theso-called“innovators”and“earlyadopters”and“earlymajority”are atthefrontend,whilethe“latemajority”and“laggards”takeuptherear.
WhenIventuretoobservetoindustryinsidersthatthephysicalsecurityindustryhasgenerallyfalleninthemiddleoftheadoptionpack—somewhere betweentheearlyandlatemajority—mostofthemremarkthatImightbea littletoogenerous.Theindustryisslowerthanthat,theysay.ThelanguidadoptionrateofInternetProtocol(IP)technologyisacaseinpoint,wheresecurity productswerelatetothegamebyagood10yearscomparedwithourbrethren inIT.Morerecently,foramarketshiftasmajorascloudcomputing,theindustryhasbeenjustbarelyinfrontofthelaggards.Needproof?Contrastthecurrentsub-five-percentcloudadoptionrateincommercialsecuritywiththe eighty-plus-percentadoptionacrosstherestoftheITspectrum.
Thiscircumspectionisn’tallbad:customersknowwhattobuy,producersknow whattomake,andinvestorsknowwheretoplacetheirbets.
Buttheplayingfieldischanging.Thefiveforcesoftechnologicaltransformation—cloud,mobile,IoT,bigdata,andsocialnetworks—havebecometoo strongtoignore,eveninacontextofcautiousadoption.Incombination,they areproducingsecurityproductsthatarevastlybetterthantheirforebears.In combination,theyareloweringthecostofentryforinnovators.Incombination,thehistoricalbarrierswillnotstand.
Whiletheinterplayandinterdependencebetweenthefiveforcesareimpossible toignore,thisbookisorganizedtoexamineeachoftheseforcesinturn.Naturally,thereissomecrossoverwithineachtopic,butforthemostpart,youcan followyourinterestsalongthelinesofthefivemajorsections.
InSection1,welookatthecurrentstateofcloudcomputinginthephysical securityindustryandhowitisdisruptingtheon-premisecomputingparadigm. Whiletheindustryhasalwaysrecognizedthepowerofcentralizedcomputing foralarmmonitoring,ithasbeenparadoxicallyslowtowidenthatstancefor cloudcomputingingeneral.Bythesametoken,thesubscriptionmodelof software-as-a-service(SaaS)shouldhavebeenacinchforanindustrythat hasbeenlargelystructuredaroundrecurringrevenuebusinessmodels.Instead, theinertiaofperennialconcernsaboutcloudsecurityandreliabilityhasdampenedtheaccelerationcommonacrossothermarkets.We’lllookatwhat’shappeningnextasfearssubside,distributionmodelsadapt,andnewentrants disruptthestatusquo.
InSection2,welookathowmobiletechnologiesarechangingsecurityadministration,theinteractionbetweenbuildingsandtheiroccupants,andidentity andaccessmanagement.Asinalmosteveryothersoftwaredomain,thenotion of“mobilefirst”ischangingtheproductprioritiesofsecuritysystemdevelopers andchangingthejobdescriptionofpractitionersfromguardstoCSOs.Previouslyconstrainedtothedesktop,professionalswhointeractwithmodernelectronicsecuritysystemsarefreedfromtheirdesksyetretainthesamerichnessof
data,command,andcontrol.Aseverymajorsecurityeventremindsus,the ubiquityandconnectivityofmobilenetworksareanindispensabletoolin emergencyresponse.Onalessdramaticnote,mobileischangingthecustomer experienceofemployee,tenant,andguestinteractionsfromaninconvenience toapositive“customerinteraction”opportunityforsecurityorganizations.
InSection3,weseethattheInternetofthings(IoT)phenomenonfindsoneof itsmostfertilefieldsofuseinthephysicalsecuritydomain.That’snosurprise, becauseconceptually,theelectronicsecurityindustryhasbeenusingIoTsince wellbeforeitcrestedthecurrenthypecycle.ThelargestcontributionthatIoT willmaketosecurityisintheproliferationofsensorsthataddtothedataavailablefordecision-making.Evendevicesthatarenotformallyapartofthesecuritysystemwillgenerate“dataexhaust”withsecurityvaluewecanallmine.But alongwiththisriseofavailabledata,therewillbeahugeincreaseintheavailableattacksurfacetobeexploitedbyhackers.Thechallengeforpractitioners willbetoleveragethesetechnologieswhileharnessingthedataandprotecting bothphysicalandnetworkinfrastructures.
InSection4,smartdata,theuseoflargescaledataanalysisisexaminedasan up-and-comingtoolinthefutureofsecurity.Butwearenotthereyet.Whilebig datahasmadehugeinroadsinfieldsfrommedicinetophysicstoretailbehaviorandstockmarketanalysis,ithasbeencuriouslyabsentfromthephysical securitydomain.Thedelayedadoptionofcloudcomputinghasbeenamajor impedimentinthisregard,becauseitistheplatformonwhichbigdatasystems naturallyflourish.Instead,whatwefindacrosstheelectronicsecuritylandscape isanarchipelagoofmillionsofsmallsystemsthateachkeeptheirdataseparate fromtheothers,therebythwartinglargescaleanalysis.
InSection5,socialnetworkingtechnologiesareviewedasanexampleofhow identityandaccessmanagement(IAM)ismovingontonewplatforms.Using theorganizingprincipleof“socialspaces,”weidentifyhowsocialtechnologies willimpactthephysicalsecuritydomain.Theuseofsociallog-ins,previously confinedtoaccessingvirtualspacessuchaswebsites,isbecomingavailableasa meanstoauthenticateourselvestorealphysicalspaces.Thisworksbecause socialidentitiesareauniqueidentifierthatcanreplacethemanytokenswe carryaroundforeachindividualspaceweinteractwithtoday.Currentlyused bybillionsofpeople,socialnetworksmayalsoprovetobeavaluablecommunicationchanneltoenhancethepracticeofsecurity.Withthenetworksin place,crowdsourcingmaybecomeawaytoharnessthepowerofthecrowd forparticipatorysecurity.
Inclosing,welookatadoptionratesforeachtechnologyandwhatthese changesmightmeantothefutureofthephysicalsecurity.Theconsumerization ofcommercialsecurityisathreadthatrunsthroughmanyoftheanticipated
changes,shadowingtheconsumerizationofITthathasbeenremakingthat industrysincethenewmillennium.
I’vetakentheliterarylicenseofopeningthisbookwithasomewhatpersonal narrativethatdescribestheoriginstoryofBrivoSystems.Thisstart-upwasmy vehicleintothesecurityindustryandfollowedapaththatwoveitswaythrough allfiveoftheseforces.Ihopethatinsharingthisjourney,Icanconveythedeep passionandoptimismthatIhaveforourindustryandourfuture.
SteveVanTill
Bethesda,MD,UnitedStates
Acknowledgments
Abookneverhasjustoneauthor,becauseexperienceistheauthorofeverything,andit’salargestagewithmanyplayers.
First,IthankmywifeRobin,whoquietlysupportedmethroughthemany weekendsofforegonesocialplans,the4:00a.m.dailywritingregimen,and myalmostconstantobsessionwith“thebook”overthesepast2years.
IofferspecialthankstoBobFealy—aninvestor,amentor,and,mostimportantly,afriend.WhileBobwasthepresidentofDuchossoisTechnologyPartners,hewasamongthefirsttounderstandthevisionofInternet-enabled devicesimprovinglifeformillionsofpeople.Hisongoingsupportandadvice werecriticaltothegrowthofthecompanythattookmeonthisjourney,asIam suretheyaretothemanyothershehasadvised.
IwouldalsoliketothankthecofoundersofBrivo—Carter,Mark,andTim—for convincingmetoleavemydayjobtocreateasuccessfuldot-comcompanyand livetotellaboutit.
AndIthankallemployeesofBrivo—presentandpast—forthepartofyourselvesthatyoucontributedtothesuccessofthisstoryandforyourhelpin changinganindustry.
FromPackagestoPeople
ThestoryofhowIcametolearnaboutthefivebigforcestransformingsecurity startsoffinanunlikelyplace.Thesummerof1999inNewYorkCitywasoneof thehottestonrecordinacentury.MyfellowentrepreneursandIhadback-tobackinvestormeetingsalldaytosecurefundingforournewdot-com.
AswesloggedalongtheradiatingManhattansidewalksinourbusinesssuits, Ifantasizedaboutjumpinginfrontofthegiantsprinklerstheyhookuptofire hydrantsondayslikethat.Theair-conditionedlobbiesofferedarespiteof10or 15minuteswherewetriedtobecomehumanagainbeforeannouncingourselvestoournexthost.Ourlastmeetingofthedaycouldn’tcomesoonenough. Wepitchedourthen-novelbusinessmodelofane-commerceserviceforautomaticallyreplenishingconsumableproductslikediapersandcleaningproducts,commoditiespeopleneededeveryweekoreverymonth.Unlikethe upsanddownsofordinaryconsumerdemand,thisbusinesswouldprovide apredictablerevenuestreammonthinandmonthout,deliveringtheinvestor catnipknownasrecurringmonthlyrevenue(RMR).
Earliermeetingstaughtusthateveryinvestorwantedtoknowhowwewould physicallysecurethisstreamofperpetualproductsagainstthetwintidesof crimeandvandalism.Asoneinvestorputit,“it’sfinetodeliverthingstopeople’sdoorsteps,butonlyiftheystaythere.Nobodywantsrecurringdeliveriesto becomerecurringthefts.”
Toanswerthisrecurringquestion,wehadalreadysketchedoutacrude,backof-the-envelopedrawingofadishwasher-sizedconnectedappliancewherewe dubbedthe“SmartBox.”Thedesignwasahybridofasafeandanoversized mailbox,withelectronicaccesscontroltyingitbacktoacentraldatabase. Dynamically,assignedkeypadcodes—credentialsinsecurity-speak—would provideaccesscontrolforitsfrontdoor.Thecentralwebsystemwouldassign credentialstopeoplewhowereauthorizedtoputthingsinortakethingsout: deliverycompanies,homeowners,familymembers,orperhapsevenaneighbor pickingupaborroweditem.Theentirecostoftheproduct—hardwareand
ongoingaccessmanagement—wouldbebundledintoamonthlysubscription plan,justlikecellphones.
Afterourlongwaitintheornateconferenceroom,asingleharriedbankerbarged inlookinglikehe’dalreadyheardenoughpitchesforoneday—orperhapsan entirelifetime.Theprofessionalskepticismwaspalpable.Wewereinthemiddle ofthedot-comboom,andideasforonlinebusinesseswereadimeadozen.
Wetookhimthroughourpitchdeckalittlefasterthanusual.Likemostinvestors,hewasconcernedaboutsecurity,packagetheft,whowouldhaveaccess, andhowitwouldbemanaged.Asifforthefirsttime,weunfurledoursketch oftheSmartBoxontotheconferenceroomtable.Itoldhimitwouldprovide physicalsecuritywithasteelframeandinformationsecuritywithdigitalsignaturesandencryption.BecauseitwasconnectedtotheInternet,italsoservedasa remotelogisticsensorthatprovidedstatusupdatesaboutpackagedeliveries andaccesseventsviae-mailortext.
“Soit’salsoaninformationservice,”Iexplained.“Wethinkthatwillhelpmake itstickybecausepeopleliketoknowwhat’sgoingon.”
Withthat,hewasdone.Runningahandthroughaheadfulofsilverhair,alittle exasperatedperhaps,heleanedforwardandtookanotherlookatourrough sketch.Hisnextwordschangedthecourseofourprofessionallivesandultimatelythecourseofphysicalsecurity.
“Youre-commerceideaisstupid.Noone’sgoingtowantthat”—Icanhear Amazonlaughingfromhere—“Butyour box now that’s somethingIwould beinterestedin.”
Thatmomentmarksthebirthofthefirstconnecteddevicedesignedtoprovidesecureaccesscontrolfromamultitenantsoftware-as-a-service(SaaS) platform.Thedeviceitselfwasnobiggerthanalargedishwasherorsmall washingmachine,butithadadoorandacontrolpanelandanInternetconnection.Doesthatsoundfamiliar?Itsh ould.Commercialofficebuildingsare equippedthesameway.Thedot-combusttookitstollonouroriginalideafor consumerlogistics,butwithsomegoodadvicefrominvestors,wewereableto pivotthetechnologyandbusinessmodeltocommercialaccesscontrol.After all,abuildingisreallyjustabigbox,andeveryoneofthemcannowbea smartbox.
Butthisisn’tabookaboutthecompanythatinventedtheSmartBox,norisit aboutthatconnectedappliance,exceptasavividexampleofthefiveprimary forcestransformingphysicalsecurity.Ittookmedownmyownpathwayinto cloud,mobility,Internetofthings(IoT),bigdata,andultimatelysocialnetworksappliedtoasecurityproblem.Moreimportantly,itisanillustration ofhowinnovationintheconsumerproductsegmentcandrivecommercial
productdesign.Itexplainswhysecuritytechnologynowlooksalotmorelike consumertechnologythaneverbefore.Itshowshowwecanexpectourindustrytoevolve.
Wesetouttoprotectpackages;wewoundupprotectingpeople.
THECONSUMERIZATIONOFSECURITY
TheevolutionoftheSmartBoxintoanaccesscontrolsystemprovidesbotha hopefulandcautionarytaletotheentiresecurityindustry.Hopefulbecause innovationisalwayswelcome;cautionarybecauseyouneverknowwhereor whenorhowdisruptionwillappear.Commercialsecurityisarelativelysmall industry,servinghighlyspecializedverticalmarkets.Untilrecently,thethought ofconsumerproductsinfiltratingthesemarketswasnotespeciallyworrisome. Newsecurityproductsdon’tusuallycomeoutofleftfieldanddisruptthismarketthewaythatsmartphonesdidtocamerasortheclouddidtoenterprisecomputing.ButIexpectwewillbeseeingmoreofit.Isaythatassomeonewhowas partofdoingjustthat,ifonlybypureserendipity.
EmergingIoTproductsinresidentialautomationandsecurityhaveshownthat theycandoabetterjobatalowercostthanmanylegacysystemsdesignedyears ago.Nosurprisethere,justthesteadymarchofnewtechnologyreplacingold. Evenso,virtuallyeveryindustryhasatribalcomplacencythatsays“itcan’thappentous.”Andyet,foreveryoneofthem,wecanfindabundantexamplesto showthatanythingandeverythingcanbedisrupted:healthcare,automobiles, energy,insurance,investing,andlodging.Evensuchindeliblyphysicalenterprisesastaxisandtransportationarenotimmune,asamplydemonstrated byUber,Lyft,andothers.
TheconsumerizationofITdescribestheeffectofnewtechnologyemerginginthe consumermarketandthenmovingintotheworkplace.Foremployeeswho wouldratherusetheirmorehighlyevolvedpersonalelectronicsthanaging, company-issuedrelicsarethecarriersofthistrend.Alloftheseproductssuch assmartphones,tablets,andmobileappsthensetthebarforthetoolsusedin aprofessionalsetting,andthecyclebeginsanotherround.Intheshortspanof timesincewebandmobilebecameawayoflife,wehaveseenthistimeandagain. Consumertechnologyexperiencesriseexpectationsforworkplacetechnology, andtheinnovatorswhoareabletoclearthenewbarcomeoutwinners.Userinterfacesonbusinessproducts,forexample,havetrackedthedesigninsightsandconventionsthatfirstappearedinconsumerapplications.Tabletsforworkandplay areoneandthesame.Consumerpopularitydrivesprofessionaladoption.
Thedebttoconsumertechnologygoesfarbeyondwhat’svisibletooureyesor clickablebyourthumbs:itgoesrighttothecoreofwhat’spossible.Wewould
nothavemobilecredentialsinsecurityunlesswefirsthadmobilepaymentsin thegrocerystore.Wewouldnothavemobilevideounlesswefirsthadmobile gaming.Wewouldnotevenhavethebroadbandpipesforit,sincethebandwidthneededforremotesurveillancewasfirstdrivenbyconsumerserviceslike YouTube,Netflix,andHulu.
Noonesawthatcoming—northeoutcomesofmanyoftheothertechnology forcesthatarenowtransformingthepracticeofphysicalsecurity.Wewilllook atfiveoftheseforces,withasectionofthebookdevotedtoeach:cloud,mobile, Internetofthings,bigdata,andsocial.
EARLYCLOUDS,SUNNYSKIES
TheSmartBoxwentfrombeingafront-porchconsumerconveniencetoanelectronicsecurityfixturealmostovernight—ifyoucount6monthsofnonstopreengineeringasovernight.Thewebappsportedanewuserinterfacedesignedfor physicalaccesscontrolworkflows,butunderthehood,itretaineditsoriginal cloudarchitecture.Thecloudbackendwasdesignedtoservetensofmillions ofconsumersmakingonlinepurchasesandcheckingfordeliverieswhilebehind thescenesprocessingtransactionswithmillionsofsmartlockboxes.Thismission demandedarobustplatformthatcouldserveeveryshopperwhovaluedsecure deliveryandeveryshipperwhovaluedcustomersatisfaction.
Thatwasachallenge.
Atthetime,therewasnothingofthisscalethatoperatedasbothawebservice forcustomersandadistributedtransactionplatformformillionsofsmart devicesspreadacrossageographythesizeoftheUnitedStates.Therewere large-scalee-commercesiteslikeAmazon,whichwasalreadydoingafewbilliondollarsayearinsalesatthetime.Andtherewereprecursorslikethewellestablishedcreditcardnetworksthatinteractedwithmillionsofpoint-of-sale terminalsontheirownprivatenetworks.Buttherewasnothingweknewofthat combinedinteractivityofawebsitewithamachine-to-machine(M2M)distributedaccessnetwork.TheSmartBoxserviceisneededtobeavailabletoanyone withabrowser,processmillionsoftransactionsperhour,and—most importantly—besecure.Afterall,thepromiseofsecuritywasthecorevalue propositionofthebusiness.
Ihadworkedonconsumer-scalesystemsinpreviouslives,andIwasconfident thatwebtechnologycouldsupportthisvision.Iwasequallyconfidentthatan enterprisearchitectureapproachwouldn’tstandachance.MydaysasaconsultanthadtakenthroughenoughFortune500companiesstuckinthatmorass, spendingyearstodisentanglecomplexenterpriseresourceplanning(ERP)systemsbeforetheycouldsupportacustomer-facingwebbusiness.Thecritical
differencewassoftwaremultitenancy,asystemarchitecturethatallowsallyour customerstointeractwithasingleinstanceofsoftware. Salesforce.com wasan earlyandarticulateevangelistofthisfundamentaldesignprinciple,andwe wererighttherewiththem.
Intermsofabusinessmodel,itwasclearthatasecuredeliveryservicewould havetobesoldthewaymostcloudservicesaretoday—asamonthlysubscriptionthatpeoplecouldpayforastheywerereceivingvalue.Thiswasnotaradicalconcept,eventhen,butitwasnowherenearasprevalentasitisnow.To understandtheleapoffaithinvestorsmadewiththismodel,rememberthat therewaslessbroadbandthandial-upInternet;Amazononlysoldbooksmade ofpaper,NetflixstilldeliveredDVDsbymail,anditwouldbeanother6years beforeSpotifysoldmusicasaservice.Mostofthebusinessworldstilldeeply rootedintheone-timewidgetsalesmodel,andrecurringservicesweretesting manynewwaters.
TheSmartBoxbroughtthecloudintophysicalsecuritybywayofconsumer logistics.Oncethereengineeringwasdone,wethoughthalfthebattlewasover. Itseemedclearthateverythingwouldgotothecloudeventually,includingthis newworldofaccesscontrolwehadjustdiscovered.Andwithinthenext 10years,mostthingsdid:banking,telephony,entertainment,mail,chat,photography,books,transportation,petcare,hospitality,evenpizza,andhundreds morethatwouldfillupthispage.Inshort,almosteverythingexceptcommercialsecurityhasstubbornlychosentofollowalongerroute.Butthecloudsare breaking(ahem),andthemoreforward-lookingcompaniesintheindustry havebeguntoplaycatch-up.Manystillcan’tquitetaketheplunge.
People,ifyoudidn’tgetthememo,we’reallgoingtothecloud.
ANIoTSTORY
Attheturnofthemillennium,lessthan3%ofadultAmericanshadbroadband athome.Inanenvironmentofsuchpatchworkconnectivity,itwasfar fromcertainthathomeownerswouldunderstandthepowerofasmart appliance—orwhatwouldnowbecalledanInternetofthings(IoT)device. Itneededanalways-onInternetconnectionandanalways-upcloudservice, bothofwhichwereoutsidetheexperienceofthevastmajorityofconsumers. Itisdifficultnowtoimaginehownovelaconnecteddevicewasatthetime,but theyweresorarethattherewasn’tevenanagreeduponcategorytodescribe them.ThetermIoThadjustrecentlybeencoinedin1999,butnoonehad heardit,anditenjoyednoneofthebuzzwordstatusithassinceacquired.
PeopleweredelightedbytheearlyIoTtechnologiesthatseemedtoinchus towardafuturelike TheJetsons.Theyweremagicalanddazzling.Lessobvious
