During an assessment visit, Mike Tibbs immediately understood why his client was so eager to revamp his institution's security system. "He wanted to show me a secure area of the facility that required punching in a numeral code into an electronic lock," says Tibbs, who is vice president of operations at Corporate Risk Solutions, Inc., a Kansas-based consulting firm. "He entered the code a couple of times and the door failed to open. Finally, a volunteer came along and explained that the code had been changed the day before. She punched in the code and the door opened. How easy could it have been to compromise that system?"
In fact, that's a question corporate leaders and site selectors are increasingly asking since 9/11 heightened potential attack awareness, and as system hackers concoct clever new ways to bring computers and other high-tech systems crashing to a halt.
Companies are collectively spending millions in pursuit of answers. According to the Security Industry Association (SIA), an Alexandria, Va.-based organization that represents physical security manufacturers, the demand for security systems in North America grows by more than 6 percent annually. SIA figures indicate that North American companies spent $11.6 million on security systems in 2005, and the organization predicts that by 2010, the demand for systems - from those that authenticate e-mail messages to biometric scanners to "smart cards" that not only control facility access but let employees pay for coffee and donuts in the company commissary - will increase to $21 million per year.
In fact, smart cards, probably the most prevalent access-control systems used in corporate facilities, are the linchpin of tech-based security systems worldwide. In North America alone, the Smart Card Alliance, a nonprofit group that promotes the use of smart-card technology, says 200 million smart cards were shipped in 2006, and predicts that the smart-card industry will grow close to 30 percent annually over the next five years.
Smart cards' microchips allow for the download of information ranging from visitor access shelf life to employee identification particulars, including the level of access each is granted. "Using smart cards, access permissions can be granted at different access levels," says Tibbs. "For example, someone who must access human resources data would not have clearance to enter secure research and development areas. Likewise, someone not cleared to access financial or other sensitive data would not be able to access it."
Smart cards represent just one layer in some companies' overall security plans. Once the stuff of science fiction, biometrics are playing an increasing role in corporate security protocol as well. Designed to read fingerprints, retinas and facial features, biometrics recognize the physical characteristics of individuals and grant - or deny - access according to those features. While governments explore the use of face-reading systems in situations such as passport control, just how much private-sector companies in the United States are spending on the technology is tough to track. However, according to industry analysts, U.S. spending on identity projects including biometrics tallied in at $620 million in 2004, and spending on those projects is predicted to rise to nearly $1.7 billion by 2009.
Meanwhile, Tibbs says mainstream companies and healthcare institutions are using certain biometric technology in more mundane ways. "As the technology becomes more affordable and more reliable, companies are using fingerprint readers as a backup to smart-card access systems in some situations," he says. "Biometrics can be used to back up smart-card systems in the case that someone forgets to bring a card to work, or to add another layer of security in certain areas such as R&D labs."
Technological advances have also enhanced the ways video and digital camera security systems work to keep companies secure, says Tibbs. Cameras can track people and things as they move throughout a facility in real time: "For example, if a briefcase is left in a particular spot, the system can show exactly when it was left there and when it was moved, if it was."
But according to Randy Vanderhoof, executive director of the Smart Card Alliance, corporate intruders don't always come through the back door. Increasingly, they come through computer systems, too, bent on pilfering sensitive information or infecting networks with viruses that can cost companies millions to stamp out. That's why, he says, corporations are upping the ante when it comes to accessing computer files and tracking digital communications that don't use paper and don't bear physical signatures: "It's all about how you manage life in a digital world."
To do that - and to ensure compliance with sensitive record retention demanded by the Sarbanes-Oxley Act, as well as changes in the Federal Rules of Civil Procedure mandating that e-mail be part of the evidentiary discovery process in court cases - companies are investing in systems that create digital signatures that not only track the movement of information-laden documents but verify their origins as well.
According to Vanderhoof, logging onto computer systems increasingly means inserting a smart card into a designated port and providing a personal identification number before data access can be granted: "The system will encrypt the information in the document, create a digital signature to verify its origin, and someone who knows my key on the other end can access the document."
This tech-based pursuit of security is not
without its wider-ranging ramifications. As companies pile on systems,
they increase their facilities' needs for high-quality, reliable
electric and other utility services. The increase in technology hasn't
much changed the way electricity and providers pursue their own methods
to meet the demand, according to Ed Legge, spokesperson for the Edison
Institute, which represents electric utility providers nationwide, but
it probably has increased utility customer cost.
industry, we always have to work to find ways to meet demand," says
Legge. "The rise in technology has increased demand, that's for sure,
but technology is also becoming more and more efficient. And the
increased cost of operating technology, such as security and other
systems that are always on, is part of the cost of doing business."
so, the increased demand for utilities - electric or otherwise -
challenges site selectors to find locales where those services are
redundant, reliable and of high quality. "We look at utilities very
robustly, whether it's water or gas or electricity, and take them right
along their lines from the site to their origination points," says Jim
Kupferer, managing director of Fluor Global Location Services Group.
Still, there's more to site selection
post-9/11 than a reliable grid. According to Kupferer, security
technology is the domain of corporate IT gurus. But security measures
that reside outside the facility's walls are site selectors' business.
And, for the most part, those external measures are likely to be more
low tech than high.
"In the past, we would normally look for
sites that were fully cleared of trees and open to development," says
Kupferer. "Now we're looking for wooded sites - with brush, even
wetlands and more acreage - anything to create a buffer for added
security around the facility."
Those site requirements have
traditionally been applied when siting particular operations such as
power plants, sensitive manufacturing facilities, and data-controlling
operations such as call centers. Now, though, security-conscious site
seekers of every stripe are embracing the notion that security beyond
the walls is necessary to complement measures that lie within. And
they're looking even further down the road for security support.
you look at overall security you look beyond the immediate area, to
where the nearest Army base is located, then at the community's
emergency preparedness plan, then at the state's preparedness plan,"
says Kupferer. "Security goes beyond what's inside the facility."