According to Gartner, fragmented and isolated physical security systems are “no longer fit-for-purpose in the dynamic and escalating threat environment of the 2020s.” These outdated systems are missing key capabilities and, worse, are being integrated with other Information Technology assets, substantially increasing your vulnerability.
Risk, Risk Everywhere: Three Areas of Concern
To help you better understand the risks associated with legacy physical security systems, we have organized them into three broad categories:
- Financial risks
- Operational risks
- Technological risks
Key insight: Risks are shared across categories.
For instance, much of your financial risk is tied to your technology purchases, and those systems come with specific operational risks. In other words, you cannot meet today’s threats with small tweaks. You must adopt a different approach.
The Obvious & Less Obvious Financial Risks
Let’s start with the most obvious financial risk: the cost of your legacy physical security systems, including hardware, software, maintenance and updates. For many enterprises, these costs stretch into the millions of dollars over the lifetime of the systems and include:
- Initial purchase
- Hardware refresh around the fourth year
- Periodic upgrades to memory and storage
- Software annual maintenance and upgrades
Using legacy systems puts you on the hook for all of that. And, of course, you’re locked into whatever systems you purchased. That’s what makes legacy systems so financially risky: you are making a long-term bet in a rapidly changing environment.
Less obvious but potentially much more costly: potential legal liabilities. While a security system cannot prevent all losses or legal liability, a poorly implemented or maintained system can exacerbate your liability and loss if an event occurs. Legal liability can include financial losses from:
- Theft
- Lost business
- Downtime
- Personal injury
- Shareholder lawsuits
- Brand damage
- Higher insurance premiums
The Operational Risks Related to Legacy Security Systems
A security system must help you maintain a clear view across your enterprise and control your physical environment. Older systems typically are not connected and cannot easily provide access to the data you need to monitor and take necessary actions. These delays can be costly, both in terms of the legal liabilities described above and in terms of the cumulative time required to manage and respond to events. Even with older systems that appear to be performing well, there is the hidden cost and risk of:
- User errors
- Delay in reaction times to events
- Managing multiple apps is not easy for operators
- Additional training costs
And the operational risk of legacy software only grows over time, because as your legacy systems age, the number of employees with the expertise to operate and maintain them also grows smaller.
The Technological Risks You May be Facing Today Already
Last, but certainly not least, there are significant technology risks, including:
- Older, unsupported operating systems
- Lack of security patches and bug fixes
- Unforeseen vulnerabilities due to the system not being designed for interconnected operation
- Insufficiently trained employees use the system incorrectly, creating vulnerabilities
Start Mitigating Risk With These Three Steps
The risks and costs described above are not hypothetical. They are all occurring now at your organization, if you are using legacy physical security systems. Change can seem daunting, but it doesn’t have to be costly or complex. It all starts with a plan. Here are some steps that you can take today:
- Conduct a risk assessment, looking at financial, operational, and technological risks
- List your goals are for physical security: include proactive and reactive use cases
- Take a step back and ask how much risk you are willing to take, and whether your organization might be better served by shifting that risk to a security partner
At Arcules we help companies gain greater control over their physical security, while reducing costs and complexity. We do it by offering integrated security as a service. Want to learn more? Join us for a webinar on March 9th to learn more about the pitfalls of legacy security systems and how to avoid them.
