Given everything the world has been through in the last year or so any move back to some kind of normality has to be welcomed. It does, however, see the return of old challenges and the arrival of new ones. With that in mind, Lucinda Thorpe, Business Development Executive at Newgate provides a quick look at the future of physical security in a post-pandemic world.
An overview of the security landscape
In one sense, the security landscape will, largely, be returning to normal. Lockdown restrictions limited (or eliminated) foot traffic and stopped people from gathering in crowds. The easing of these restrictions should see people begin to get out again and to get back together in groups. This means that current security precautions will need to be ramped up to deal with the increased activity.
In another sense, however, COVID19 has changed all business sectors, including security. COVID19 itself may be on the way out but it is definitely not gone yet. Until it is, it will need to be factored into all business decisions, including (arguably especially) ones related to security. Even after COVID19 itself has been eradicated, businesses will have to think about the possibility that a new virus will replace it.
This thought is neither speculation nor scaremongering. There have been numerous pandemics in recent years. They have simply been on a smaller scale. With hindsight, this was probably a matter of luck. Modern transport can take people, wildlife and plants around the world at unprecedented speed. This means that it can also carry viruses around the world at unprecedented speed.
Nobody wants to see either another global shutdown or another health crisis. This means that businesses of all kinds need to develop a strategy for operating securely even if another pandemic strikes. The pillars of this strategy are likely to be: crowd control, access control and privacy. In practical terms, this is likely to translate into compartmentalization, automation and data security.
Crowd control has always been one of the biggest challenges in security. Firstly, the very nature of crowds has inherent dangers. Their momentum and mass can lead to accidents. When they do, it can be very hard to reach the people who need help. Secondly, crowds also provide cover for malicious actors. These may attack the crowds themselves or use “crowd cover” to perpetrate other attacks.
Over the years, businesses (and public authorities) have developed increasingly sophisticated (and occasionally controversial) approaches to crowd control. In particular, the use of video-monitoring is now largely seen as essential and is being supplemented with facial-recognition technology. This helps security personnel to manage large numbers of people at speed.
In a post-COVID19 world, there is likely to be a lot more emphasis on preventing excessively large crowds from gathering in the first place. How this will be managed is likely to depend on the environment. For example, in enclosed spaces, particularly indoors, automated systems could alert when an area was reaching capacity. New arrivals could then be prevented from entering the area until it was safe.
Realistically, however, there are going to be occasions when large crowds are inevitable. In these situations, the emphasis is likely to be on managing traffic flow and ensuring the appropriate provision of “safe spaces”. The purpose of these spaces would depend on the situation. For example, they could be used to let workers put on PPE or as places to give first aid or hold lost children until their parents arrive.
Access control applies even when there are no crowds. In fact, the absence of crowds may encourage certain kinds of malicious actors. Crowds do provide cover but they can also provide many sets of watching eyes.
Even companies that are, technically, 100% digital and remote will have physical assets to protect. All digital assets reside on physical storage media somewhere in the world. If you’re using a third-party cloud vendor they will (or should) protect you against external threats. You do, however, still need to protect yourself against internal threats.
Most companies are not 100% remote and digital. They will have on-site staff and physical assets they need to protect. In many cases, this protection starts by limiting who has access both to staff and to property. The first delineation is between public spaces and private spaces. The second delineation is between different private spaces.
Workplaces are likely to need to become increasingly compartmentalized and to have increasingly robust access controls between each compartment. This in itself is nothing particularly new or linked to COVID19. What the pandemic has made clear, however, is the importance of frictionless, preferably contactless access controls.
This suggests that the way forward may be a combination of biometrics and automation (with human supervision). There would need to be substantial improvements in both for this to be a practical, mainstream, option in the real world. Where there is a will, however, there is usually a way and COVID19 has created a lot of motivation.
Even though GDPR was largely a reboot of existing data-protection legislation, it did significantly amplify the conversation about privacy. Since GDPR became a reality, it has become increasingly obvious that physical security often rests on digital security and vice versa. Essentially, there is no point in locking your physical door and leaving your digital window open (or doing the opposite).
Technically, this is one of the few areas of life where COVID19 didn’t make a difference. In reality, this is one of the areas of life where COVID19 shone a brutal spotlight on existing weaknesses. One of the saddest aspects of the pandemic is the way it was exploited by scammers and other criminals. Some of them used old-school “spray and pray” tactics but others used highly-targeted attacks.
The only real defence against this is to implement the very highest standards of physical and digital privacy. What’s more, if companies are to make a success of remote or hybrid working, these protections have to be extended to employees’ own homes.
In fact, even if companies want, or need, to keep all employees on-site at all times, it would still be advisable to encourage staff to protect themselves outside of the office. Quite bluntly, if employees have their home privacy compromised, they may well become (unwitting and/or unwilling) security threats to their employer.