TechSec, Day 2

Sorry for the delay on this, but with travel and some office things that needed attention I haven't been able to find the time to sit down and smash all of Day 2 into a neat little entry. Now, with snow piling up outside the home-office window, I think I've got an opening (barring small children throwing things at me). First up was the "Technology Lightning Round," my own personal brain-child, allowing some companies with cool technology who didn't quite make the cut for a full 45-minute presentation to each have 10-12 minutes to talk about what makes what they do unique and how it has the chance to change the industry. I pitched it to them as a chance to be an evangelist, to get people excited about their secret sauce, to use the time for an extended elevator pitch, to be a hype man. They took that advice to differing degrees. The guy who really got it was Randall Foster, CEO of Vumii, a company with technology that makes me go, "Wow." I wrote about him here, after ISC last year. Basically, the wow part is that Vumii makes a laser-based night-vision camera that can tell who's driving a car from about a mile away at night. It's pretty amazing (Foster says he's got some crazy stuff thanks to the fact that the laser can see through reflective windows, too, but I'll let him post those on Vumii's x-rated hidden site). But what Foster spoke about with his 10 minutes is the way that the laser vision can be incorporated, using IP technology, into an overall surveillance system. With a panoramic view of a situation, you can have cameras scanning different points of a 360-view, looking for problems. Then, when something suspicious is spotted, the laser can pinpoint exactly what's happening and communications can be sent out to the appropriate first responders. I think more than one person in the audience audibly oohed at a couple of the images Foster put up. What I liked best about the Lightning Round is that nobody presented their technology as the be-all/end-all solution. Rather, they all noted they were just pieces in an overall, holistic security system. They emphasized that they augmented what's already out in the field, and they all made a business-case argument for what their products can do. Andy Lynch, of aXonx, spoke about how his company's video smoke and fire detection can save huge amounts for warehouse owners and other locations where smoke detection is often not a priority because it takes so long for the smoke to get to the ceiling. In fact, many commercial buildings aren't coded for smoke detection, just sprinklers to put the fire out. Once the sprinklers come on, the damage is done, on a number of levels. He even pointed out that there was no smoke detection in the very ballroom we were sitting in. Everybody looked up. Why was that disconcerting? While codes still regulate video smoke and fire detection, they're not impenetrable, and for the security installer who's interested in getting into fire, but maybe doesn't want to learn all about panels, etc., this solution makes a ton of sense. It's just cameras and DVRs. Not too difficult of an installation and the potential ROI is huge for the customer you're maybe doing access control for already. You can see all kinds of videos here, though they use Windows Media Player, which I detest. Rob Hagens, CTO of Envysion, went over the business case for managed video, and you probably saw the write-up of that in the newswire. I'll reiterate that the SaSS model seems like a no-brainer if you can make the bandwidth and infrastructure work. Al Liebl, presenting Proximex's PSIM technology, didn't get people hyped the way I thought he would. His presentation made a lot of intellectual sense, and drew some nice correlations to the IT service world, in that PSIM software has the ability to draw together a number of different systems and keep track of all of the security operations in one console, much the way a network is monitored by HP Openview or LANDesk, but I just didn't get very jazzed about it. He didn't have any pictures of the software in action. I think a lot of people were left wondering, "what exactly is PSIM? How does it work? What does it look like? How is it different than software I've seen before? Or is it just the same stuff I've seen with a different acronym attached?" Anyway, one rule I've taken from the presentation is that you should always provide pictures and video, if you can. Show them, don't tell them (to paraphrase a Rush tune). Last up was Steve Rice, who came to talk about ISONAS' IP access control. He drew the short straw on a number of levels. First he was last of five (we went alphabetically), but second he's only been with ISONAS for a couple of weeks, replacing Jerry Burhans as VP of sales and marketing there, so, while he knew the technology and had the pitch down, I don't think he was entirely comfortable being grilled by Pat Egan about where the 30 percent in installation cost savings comes. Essentially, with IP there's no panel, and Rice feels it's now a one-man installation, so there are the savings right there, but Egan felt you'd still need two guys to power the mag locks, etc., and he didn't really see the benefit of the PoE, etc. Some grumbled in the audience that Rice had never actually installed his own product. I think that's probably true, but you've got to give the guy a break. Still, it raises an interesting question: Has every high-level sales executive at the major security manufacturing companies actually installed their own products? I doubt it. Would it probably be of benefit in the sales process? Seems like it would. From the Lightning Round, attendees moved back to the exhibit hall, which, to be fair, was pretty deserted. For a variety of reasons, the show floor just wasn't what we'd hoped it would be (though the companies there were exactly the companies that should be there), and attendees saw most of what they needed to see on Day 1. It sounds a little like making excuses, but I'm serious when I say the exhibitors who understand that TechSec is more of a think tank than a show, and that we expect participation and attendance from our exhibitors, who have the chance to network and learn right along with the attendees, those guys have a great time at TechSec. Exhibitors who are just trying to maximize business card collection shouldn't bother coming. It just isn't that kind of show. What value do you take away from sitting with four or five integrators for 30 minutes each, each of whom does $25 million in business every year and is just exploring the use of IP technology in their installations? Seems like that's worth a lot. But I'm not sales guy. One of the more lightly attended sessions, possibly because it was up against a great case study of how megapixel cameras were used in the Montgomery County schools, dealt with using video as evidence. Miles Cowan, the CTO of Insight Video Net, which makes software that helps you manage your video assets, was joined by Jim Abbot, a 21-year veteran of testifying in more than 800 trials as a video expert for Dallas County (thanks for the hook-up cousin Kate!). For me, this was the most interesting session of the event. If you can't use the video as evidence, that strips it of some serious value. Abbot made a bold claim early: If the video isn't 4 CIF at 30 frames per second, he'd rather have analog tape. This drew any number of objections: that's impossible to store, it takes too much bandwidth to move that around, why isn't 15 frames plenty, etc. But Abbot held firm, saying too often the video he's asked to testify with is insufficient to prove the case beyond a reasonable doubt and he'd rather not go in there with it. Further, he didn't think very many systems integrators had any idea how to make sure the video would be admissible in court and essentially accused them of installing worthless systems that present unrealistic expectations for the customers who will eventually be seeking justice. I found that pretty interesting. There seems to be a major disconnect between the technology providers and the court system. Further further, you might not be able to make the business case for storing video of that quality, but how pissed is the CEO going to be when you can't bring someone to justice because the system he bought isn't providing good enough images? That's a bit of a conundrum, there. One of the more popular sessions of the day came after lunch (I had cheese torellinis three meals in a row-lunch/dinner/lunch-because that was the only vegetarian alternative they had. You'd think I'd look into vegetarian options ahead of time at my own conference). "Intelligent Video: The Partnership Way" was packed. But then the analytics sessions always are at TechSec. Everyone is either curious about whether they really work or looking forward to telling everyone who'll listen in the Q&A period about how they don't really work at all. One attendee's remark under his breath: "Why are almost all analytics installations ripped out after less than six months? Should I ask the panelists that?" Which is why, now, panelists always start with what analytics can't do. Alan Lipton (OV) and Doug Marmon (VideoIQ) did this last year, and Axis' Jumbi Edulbehram started similarly. They can't pick a face out of a crowd. They can't find an object amongst shoulder-to-shoulder people in a crowd. They don't work when there's no light. They can't tell if a person is about to rob someone else. They can, however, watch a fenceline, or tell you when someone's going the wrong direction, or tell the difference between bus and a car, and when made a piece of a bigger system can provide some good value. Especially (and this was the thrust of the panel) if done at the edge, placed on board IP cameras (he does work for Axis...). These points were echoed by IP expert at large Mark Kolar (Cisco, AgentVI) and OnSSI's Ted Marolf, and IBM's Steve Russo. Most of what they had to say was pretty common sense: Don't over-promise, test in the field, ask the end user what he wants, use multiple analytics from multiple vendors when possible, have an apple every day, exercise regularly, that type of thing. A question from the crowd: If you have analytics at the edge, aren't you looking yourself into one kind of camera and one kind of analytics for the long term? If you centralize, can't you switch out the cameras and the analytics much more easily? Jumbi, et al: Well, the cameras have processors on board now, so you can switch out the analytics from companies like AgentVI and Via:Sys, which are downloadable from the Internet, pretty easily, whether they have new versions or new rules. And sending just metadata and alerts back is a lot easier on the bandwidth than sending all the video back and doing the analysis on the server at the end. He acknowledged, though, that there are times when analytics at the server make sense, such as when you're searching through archived video to find things that have already happened, rather than just trying to create alerts in real time. Remember, it's the partnership way. I don't think the general feeling that video analytics are basically worthless has left a lot of the industry yet. We need more success stories and specific incidents where analytics did something that no other sensor could have done in order to convince the skeptics. I mostly believe (kind of like a 6-year-old's opinion on Santa Claus), but I need to see analytics at work in more installations before I'm an evangelist (I've been using that word a lot lately - not sure why). Finally, TechSec closed with the panel a lot of people had been waiting for: The Future of Standards. Rob Zivney, VP of marketing at Hirsch, had kind of been promising a bit of a scrap to anyone who'd listen for the past two days and he mostly delivered. He led with an explanation of BACnet's progress with an IP access control standard, then posed this question to the rest of the panelists: Why is your standard the best and why is better than what BACnet's doing? For a while, no one took the bait. Jonas Andersson, chairman of ONVIF, and Rob Hile, chairman of the PSIA, both took pains to emphasize they're not "standards" organizations, but rather groups looking to create specifications that their members can adopt, and which will hopefully become recognized standards at some future date. Roger Roehr, a member of the Smart Card Alliance Board of Directors who serves as the chair of the Smart Card Alliance Physical Access Council, made it clear that the Smart Card Alliance just steals standards from other people and issues white papers about how to implement them. But Hunter Knight, one of the guys who started the OSIPS standards effort at SIA, was pretty clearly chafed by recent developments on the standards front. First, he didn't like the idea that SIA would be used as a "pass through" organization for standards created by PSIA or ONVIF. There is a clearly delineated standard for creating standards, he noted, as created by ANSI, and he needs to follow that in order for SIA standards to be recognized worldwide. He can't just take a document from another organization and send it up the flag pole. There needs to be a comment period, universal ability for participation (i.e., no pay to play), etc. Further, he accused PSIA and ONVIF of "balkanizing" the industry, "insuring that the standards effort in this industry will fail." Rather than teaming with SIA, as they could have, these two organizations, he said, tried to go it their own way. Both Hile and Andersson stressed, however, that their standards are not mutually exclusive, and Hile even said they might come together in version 2.0 of the device discovery standard. But the two groups do differ on how they think people should architect their products. While ONVIF has backed a web services model, PSIA has gone with RESTful architecture. (Follow those links for what exactly that means. They're not mutually exclusive at all. It's just that Andersson kept saying "web services" and Hile kept saying "REST." There's got to be something important there.) Why does all this matter? One PSIM manufacturer stood up and asked how a software maker was supposed to build in so many different standards and specifications without going bankrupt. Hile made the point that two years ago, there weren't any standards, so having a few was certainly better than not having any. Another attendee made the point that the lack of a clear standard was holding the industry back, much like people didn't dive into HD DVD players until there was a winner in the Blu-Ray/HD Video competition. Maybe there is a lack of interest in investing in IP security systems when there is some trepidation as to what the industry will eventually decide on in terms of how products talk to one another. What happens if you install a system now going with a PSIA-endorsed standard, but then that group collapses and everyone goes with OSIPS? Will it be much more difficult to add new sensors in the future? As usual, TechSec seemed to raise more questions than it answered. I consider that to be a good thing. This isn't a conference where dumb or unenlightened people go to hear smart and enlightened people tell them all the answers. This is a conference where one is made to think, is exposed to new ways of doing things, and from which one should come away with any number of new ideas for solutions to existing problems. I think, in large part, this show was the most successful yet. The speakers were consistently thought-provoking and there was real disagreement on the panels, especially those concerning storage and standards, about the "right" way of doing something. So little disagreement makes it to the light of day in this industry, where everyone is so polite and conservative in their arguing. But it's only through a good argument that many things get decided. Without someone to push back against your ideas, how are you ever to know whether they hold water? At TechSec, there was plenty of push back, and it was all for the better. See you next year.


Sorry I missed the event. By the way, I spent 5 years in the Local 1 IBEW as an installer of low voltage equipment and I make it a practice to install the products I am selling and marketing at least once.

Wish you all the best.

Jerry Burhans