Physical Security: The 4 Hot TrendsIs it Time to Put Some Glass Between You and Your Customers?
In this overview, industry experts share details of some of the key physical security trends they are seeing now, as well as emerging for 2010.
"I'm seeing the IT departments taking over security because physical security departments are already strapped for money -- they're seeing their budgets cut even further," says Jim DeStefano, who headed up physical security head at two major Philadelphia financial institutions for more than 10 years. "I used to joke about it: Whenever you go to see the physical security department, they're usually in the basement, never at the executive level."
That said, these trends definitely have executives' attention:
1. Fortifying the Branch
The recent move of the New York City police commissioner to require any new bank branches to have increased security measures -- including bullet resistant glass partitions at teller stations -- is one sign of the move toward increased security measures in the bank lobby.
"The bloom is off the rose a little bit," says Diebold's Randy Benore. "Ten years ago, the open branch was the hot new thing to do. Everyone was building their new branches with the open look." Now, institutions have come to understand the benefits and liabilities of openness. The open branch is going away in major cities, and bullet resistant glass above the teller line is coming back because of likelihood of holdup in urban areas, he notes.
The move away from open has a lot to do with what the tellers will be doing, Benore says. If it is a transaction-based teller, to process deposits or withdrawals, the bullet resistant glass may be the way to go. The open branch approach helps when tellers are used to cross-sell other products.
There has been a lot of discussion within the banking community on these types of security deterrents, says Doug Johnson, Senior Policy Advisor for the American Bankers Association (ABA).
2. Physical/Logical Convergence
Convergence of the physical and logical security within financial institutions is something that has been happening actively for the last five years. Though much work has been done in individual institutions, it remains ill-defined, according to Jeff Spivey, ASIS former chairman and president. "If you ask vendors what their definition is, it will be different that what a bank internal's discussion is about it. Part of it is technical, convergence of policy and procedures and convergence of cultures and departments."
The convergence is designed to provide two basic benefits: better level of security performance and lower price, lowering risk and improving an institution's abilities to prevent events. At regional banks, the day is here for their operations to be on network platforms with converged systems.
Some key considerations for institutions that are considering convergence include the final payoffs in governance and running the two departments under one umbrella, Spivey says. "There are SOX compliance and GLBA payoffs. There aren't the gaps you usually see between the two different groups when they're run separately in different silos. Gaps in culture, communication, true security gaps, are blended once they are brought together."
The ongoing trend of convergence isn't just in the national and regional institutions, but has reached down to the community bank level, says John Pearce, ADT Director of Commercial Marketing. "It is growing more momentum, with IP-enabled technologies coming down in scope and price for those cash-strapped community banks to use on their platforms," Pearce says.
The point where physical security has moved toward the IP backbone is here, says Benore, despite the economic recession. "It's been a tough time in the last year," he says, but predicts that once capital reserves come back, spending on security changes will, too.
3. Increased Outsourcing
While many of the physical alarm systems at institutions have traditionally been connected to central reporting stations and law enforcement, institutions are also now increasingly looking toward outsourcing other portions of their security operations to offer cost efficiencies, including turning over some of the day to day monitoring and security operation jobs, notes ADT's Pearce.
"This is not a technology-driven trend, but an economic one," Pearce says. Improving efficiencies in security operations is a greater trend in larger institutions, he notes. Other services institutions are outsourcing include video management services. Remote video monitoring allows the institution the ability to have 24-7 coverage without the headcount of additional security personnel.
DeStefano still sees a lot of smaller banks using VCRs rather than DVRs or network video recorders for monitoring, which may lead to liability issues. "Again it's because of lack of funding for many small banks," he says. "But they need to understand that there is a certain liability issue that comes into play." When a bank has to turn over evidence to the police, and the VCR tape that has been taped over repeatedly for months only shows an image so blurry and grainy that they're unable to get a discernable photo of a face, this becomes a problem.
Some of outsourcing isn't necessarily a good thing for an institution, says DeStefano. "They're basically putting the possibility of blame on an outsourcer if something does go wrong," he says. "There's protection of customers, employees and of your brand. If an institution is hit by crime, whether it is robbery or internal crime by employees, the brand becomes tainted, and people aren't going to put their money in that bank."
4. The Need for Greater Internal Controls
The headlines may have bank robberies taking the spotlight, but Diebold's Benore says all security controls and banking institutions need to be evaluated - inside and out. "Especially the longer the branch has been there -- it should be examined and possibly upgraded to the newer technologies," he says. "A safe or chest may be upgraded, or locks changed to electronic locks."
One area that needs more attention from both logical and physical security: the internal threat. Benore has seen an increased call for audit trail capabilities from institutions. The biggest losses are being seen through network attacks -- internal or external, he says. As an example: On a recent visit to a small regional bank with 40 branches, one of the senior IT people was called away during the meeting because a $500,000 breach and loss the night before from Russia.
"The robberies get the headlines, but big money losses are through network attacks," Benore says.