Reposted from Security Management Magazine
Harvard Business Review recently asked a group of technical leads from McKinsey & Company to identify the leading technology trends in their areas. Security Management asked Quang Trinh, PSP, vice chair of the ASIS Security Applied Sciences Community Steering Committee and professional services manager for Axis Communications, to discuss each of the trends from a security perspective.
Following is a synopsis of each trend and Trinh’s analysis, which has been lightly edited for clarity.
1. Look out for combinatorial trends.
McKinsey advisor Lareina Yee examined the trends McKinsey had identified the previous year, including “space technologies, clean tech, AI, and immersive reality technologies.” The trend she sees this year is the challenge of combining these technologies to create unique, value-producing products and initiatives.
“When looking at how you plan to invest in technologies over the next year,” she said, “try to think holistically and consider how they may work together to unlock new opportunities.”
Trinh: This is quite evident in the physical security industry with trends such as cybersecurity and data privacy technologies being implemented in unison.
In the topics of artificial intelligence (AI), a combination of cloud, on-premise, and edge based applications are working collectively together to balance the solution for the customer and offer a more scalable approach. Especially in the realm of computer vision, where there are benefits for image processing at the edge, on-premise servers, and cloud computing, depending on the outcome desired.
This ecosystem approach is allowing multiple technology trends to work in a collaborative effort to solve a customer’s use case needs.
2. Prep the board for tipping-point technologies.
Many game-changing technology developments, such as 5G, AI, and cloud computing, have moved from early adopter status to the mainstream curve. McKinsey’s Klemens Hjartar said this means the way organizations think about and budget for IT must change as a result.
“These aren’t the sexiest investment,” he said, “but automating processes, investing in data foundations, cleaning up tech debt, and continually renewing the IT architecture are needed for the business to have a chance of taking advantage of the new technologies coming online.”
Trinh: These tipping-point technologies are more difficult to measure ROI. Most executive boards don’t prioritize investments and budgets unless there is a compelling correlation to profitability, operational efficiencies, or effectiveness of the technology to impact business in a positive way. I agree that the department heads of an organization need to better prepare board level executives on the impacts of these technologies to their operations. IT technologies are evolving each year and remaining stagnant because of the “if it’s not broke, don’t fix it” mentality can cause negative impacts to business in the long term. In the physical security industry, it took several years to transition an analog industry to digital, and the topics of cybersecurity and bridging the needs of OT (operational technology) and IT groups required a lot of collaboration and explanation to address each side’s risk perspective.
3. Free the engineers you already have.
Aamer Baig from McKinsey sees the potential for corporate belt-tightening in 2023 leading to hiring freezes or layoffs in technology staff. He said it would be a mistake for organizations in such a situation to ask their technology staff to “simply do more.” Rather, he said, find ways to maximize the time they can spend on technology by removing administrative and bureaucratic burdens.
“This isn’t just a productivity issue, it’s a talent issue,” he said. “If you want your company to become a destination for top engineers, you need to create a work environment where engineers can do what they love.”
Trinh: As this relates to the physical security industry, we have security engineers that can be more efficient if they are trained on the tools that can help them be more productive and efficient. The physical security industry is now impacted from emerging technologies such as AI, robotics, and analytics. These security engineers need companies to invest in their individual development because the lack of experienced engineers is causing staffing issues for companies trying to tackle these technology trends. While it’s always nice to hire someone outside with the knowledge, investment in personal development can lead to better staff retention based on how companies structure their personal development plan for internal employees.
4. Get your head in the cloud.
Will Forrest is the second McKinsey consultant to note technology reaching a tipping point and moving from trend to mainstream. He specifically said now is the time to capitalize on laying a solid foundation for cloud computing.
“In 2023,” he said, “companies should focus on building out strong cloud foundations that allow them to take advantage of the most important benefits that cloud provides, [such as] scaling applications or automatically adding capacity to meet surges in demand.”
Trinh: The concept of cloud is starting to mature with many large organizations. The topic of scalability has become quite important as these companies’ workforces have grown during the last few years. But the COVID-19 pandemic also caused a lot of companies to lose talent and find ways to augment the loss of their workforce through a cloud strategy.... Workforce augmentation and automation was something that could also offer value for companies looking to do more with less.
5. The cloud is changing security.
Security, in the context of this trend, is referring to protection of information assets. Advisor Jan Shelley Brown said previously, security concerns were the reason for slow adoption of, and movement to the cloud. That has changed, however, and ushered in a new way for organizations to think about information security, one focused on risk management.
Cloud service providers have greatly enhanced their security protections. The conversations have shifted, she said, to consider what reliance on the cloud means to an organization’s risk posture, as she asks the question: “What if one of the big [cloud service providers] goes down?” This is the exact scenario Security Management tackled in its December issue of Security Technology.
Trinh: As security breaches become more frequent and costly, cloud solutions offer services that have more enhanced security than what many organizations have in-house. These cloud solutions follow industry standards such as ISO 27001 and SOC 2. They also implemented technologies like AI to detect anomalies and were proactive in scanning and indexing vulnerabilities and risks in real time.
The physical security industry had challenges applying cybersecurity principles to its physical security systems, which included edge devices like IP cameras, video management systems, and access control systems. The mentality of air-gapped systems meant many security practitioners ignored cybersecurity risks and stated that the system had no connection to the outside world via the Internet. With the velocity of cybersecurity patches and firmware, many physical security practitioners soon learned that managing the devices and having them connected allowed for better management, insight, and compliance. Once liability and accountability around cyber breaches redefined the importance of these separate air-gapped systems, the door opened for connected services such as the cloud to play a bigger role in scaling the security needs and management of the system for OT and IT teams.
6. Decentralized AI is changing the playing field.
According to McKinsey consultant Vinayak HV, a developing trend is the democratization of AI functionality. Formally the playground of researchers with massive, centralized, proprietary datasets, new products and applications, such as ChatGPT, have allowed a much wider swath of people and organizations to make use of AI technology.
“The big challenge and opportunity for companies in 2023,” he said, “will be to take advantage of these decentralized AI capabilities—and what this technology might mean for their business models.
Trinh: Decentralizing AI has both pros and cons. The challenge with AI and the tools developed around AI is the ethical use of the tools and who and how the data is being trained on, supervised, or corrected by human interactions. Taking ChatGPT as an example, the output of ChatGPT is based on all the training data it collects. During that training, who or what mechanism is used to fact-check certain datasets used for retraining? In the case of ChatGPT, the user’s interactions are also used in the retraining of the platform.
As organizations look to incorporate AI into their business operations, the challenge will be filtering out all the bad data. AI, machine and deep learning are all predictive algorithms; the outputs are not absolute but have a high probability based on the input. The output is also susceptible to GIGO (garbage in, garbage out).
Decentralization allows for innovation and more people to use the tool but also has the side effect of producing outputs that are not desirable if they are not supervised or corrected. As the physical security industry grasps the potential impacts of AI techniques in images, videos, acoustics, and other sensor data, will proper expectations be set for the industry and the customers looking to solve their problems? It will take a collective group of industry leaders to covey a common message and expectation of the technology influences on the industry.
See Original Post