Skip Links

Evolution = Integration

Print
Karel Vankeirsbilck, Vice President Internal Services, Belgacom, examines trends in the security landscape that point to an increasing convergence in the future

Safety and security is about dealing with risks: avoiding, solving and removing them as much as possible.

These risks are numerous, but the main concerns are those which could have calamitous physical consequences – such as fire, flooding, electricity failure and other interruptions in critical systems – and how we can prevent them from happening or detect them early enough to reduce their potential damage.

In addition, we cannot ignore our increasing dependency on technology. Security officers now routinely have to deal with electronic access control, identification technologies such as magnetic cards, smart cards, biometry, radio frequency identification devices (RFID), CCTV, alarm installations and sensors, communication tools (such as public address systems), fire, safety and environmental control installations, and many others I could add to that list.

On top of this, many of these are no longer stand-alone systems but are integrated into others, communicating over and interconnected with IT and building networks and personnel databases.

Whereas Corporate Security traditionally determines which employees are allowed access to specific buildings or departments, it is the IT function which now makes that possible by administering the access control system. In many companies we can already see that IT Security and Corporate Security report to the same person, and the company’s integrated security policy is implemented by a chief security officer.

It is clear that the integration of services and systems will only increase in the future. What’s more, in the big Belgian companies, of which Belgacom is one, this integration is about the protection of critical infrastructure (often of national importance), using security services and products that are absolutely essential to guarantee the continuity of the business itself. This protection, therefore, creates added value.

There are four trends which I believe will have an impact on the security landscape in the near future:

Convergence of physical security and logical (IT) security


Let me illustrate this first trend with an actual case. An organisation regularly puts its IT systems under so-called “penetration testing” using “ethical hackers” to try to break into the IT systems of the customer. Prior to such a test, companies often do a war dial: scanning the entire range of telephone numbers to determine the location of all the access ports, such as modems, routers and the like. Once the weak points have been identified, one can guess the passwords (if there even are any passwords) that allow entry with so-called dictionary attacks. In the organisation I am using as an example, they found a modem that was completely open, without any form of security.

It was discovered that this modem was connected to the main computer of the building’s air conditioning system. The supplier had deliberately installed the computer with open access in order to be able to do any servicing to the air conditioning system externally.

So, while the computer was installed in a heavily secured room, checked each night by a security guard, ethical hackers were able to turn the air conditioning on and off without any problem. This example clearly shows that an integrated security policy increasingly becomes a necessity.

Bringing the safety and security functions together

More and more companies are putting global risk management closer together with the operational structures that are connected to it.

In recent years, many key companies have combined the safety and security function and with success. Security resources (security and patrol officers) are used in a more flexible and efficient way to minimise risks from all causes, thereby adding an extra dimension to their assignment and results. This, of course, confronts the security manager with an extra challenge. It is rare to grow via security to the prevention function of a company: moving in the other direction, from where the head of prevention also takes on security, is often more obvious.

Four companies in Belgium that can be called progressive in the area of risk management and security policy – Carrefour, Belgacom, Proximus and Fortis – decided a short while ago to bring together their security and safety functions.

In the case of Belgacom, safety – which typically provides advice and does research – gained operational powers because of this cooperation.

On the other hand, security personnel had an interesting dimension added to their tasks. Bringing together the activities also led to cost reductions in the area of headcount.

Increasing globalisation


A third clearly distinguishable trend is globalisation and opening up of borders. In various industry sectors we see huge consolidation movements and a search for global purchase contracts, which lead to better prices due to economies of scale.

In the telecom world smaller players are disappearing and being absorbed by global companies. But these movements are also happening in the car, cement and steel industries. The head offices of these groups endeavour to purchase services and products from one supplier who can service their offices globally. When dealing with standardised products, this is happening fast.

The more products and services are regulated, however, the more difficult the process becomes and this sometimes puts local suppliers in a negative position, competitively speaking, due to over-regulation. This can lead to an oligopoly, where smaller local players need to satisfy themselves with smaller contracts, or accept the status of daughter company or franchisee.

The opening up of borders and increasing free trade is a process that has been going on for a while. This leads to problems for both the security and the business sectors in general. It becomes very difficult to check credentials and CVs, and even an elementary screening cannot be done in some cases. For companies that have certain responsibilities in security to the government, or those whose infrastructure is critical for the country, this is a real problem.

For security services there are also the problems of identification of and communication with visitors. We cannot expect security officers to know all possible identification documents or speak anything other than their native language.

I can illustrate the impact of this globalisation by referring to a group that used to offer only catering services in Belgium. After signing a global contract with a customer that has offices throughout the world, the group was forced to offer a complete array of facility services in Belgium. It thereby changed overnight from a catering company to an integrator of facility services.

Certification and compliance


The fourth trend that can be seen is the increasing role of security in compliance, and the security certification that sometimes accompanies this. Companies that are listed on the stock exchange need to comply with corporate governance and compliance rules.

In Belgium we have code Lippens, in the Netherlands code Tabaksblatt, and in the US the Sarbanes–Oxley or SOX Act. These codes will continue to contribute to a transformation of the security function, with companies being subjected to strong internal checks and the filing of better and more secure documentation.

Strictly speaking, regulation such as SOX is only applicable to guarantee financial openness and accountability. But it does deal with the integration of security in a risk management framework.

To comply with these regulations a company needs a robust security infrastructure that consists of risk analysis, drawing up policies, internal audits, monitoring and reactive processes.
Companies are increasingly required to hold records of all security communications and documents. Audits have to be held with regard to the storing of physical and electronic information. And plans have to be developed to determine which audits need to be implemented, which activities need to be tracked, where the audit reports need to be saved and to whom to give access to this information.

All these efforts have their impact on security and privacy and need input from security managers. By implementing these measures, insurance costs are reduced and the credit rating is improved, thus companies can borrow against cheaper rates.


When we look at the Belgian security landscape with these four trends in mind, we can see that the political world and the legislator are giving them hardly any consideration. The legislator is always too reactive, too singleminded and acts without taking into account the changing landscape in which private security in all its aspects operates today.

This has to change.

Just as in many European countries, the regulation and legislation in the area of private security has to become a proactive and useful instrument that takes the mentioned trends into account, and offers a jumping board for the further development of the sector, thereby also establishing better security for citizens and companies.

In other words, we are in urgent need of a regulation that means business and that does not drown both suppliers and users in details, heavy administration and an old fashioned, suspicious and negative vision of private security.

Belgacom Group is the benchmark Belgian provider in the field of integrated telecommunications services. For more information see: www.belgacom.be.

This page is an edited version of the article featured in the June 2007 edition of International.
Download the full article: application/pdf Evolution = Integration