The Added Value of Security Data for Proptech

By James Kendall, Snowflake on October 14, 2022 | |
data concept

According to Snowflake Inc., a data warehouse usually consists of data sources from operational and transactional systems.

James Kendall headshot
James Kendall is a security systems engineer at Snowflake.

But wait, doesn’t that describe an access control system? And if so, why is it taking companies so long to consider security systems as one of the fundamental data sources for any data warehousing solution?  I mean, the data has always been there – right?

There are in fact several challenges or should we say “opportunities” here:

  • How do you get the data there?
  • What do you do with the data once it’s there?
  • How do you effectively restrict access to the data?

These are all very valid concerns which require some serious discussion and planning, but the business benefits that can be realized through achieving this might span wider than you think.

Of course, there are some typical “security” use cases, but the real value extends far beyond the walls of the physical security department and presents us with an opportunity to start transforming our team and systems from a “cost center“ to a “business enabler,” which naturally brings many benefits back to the security team (e.g., budget, headcount, reputation, relationships).

Here are a few considerations:

  • Reducing risk and maintaining compliance
    • Building rules and policies
    • Laws and regulations
    • Audits
    • Certifications and accreditations (International Organization for Standardization/National Institute of Standards and Technology)
  • Asset/vulnerability management
  • Space utilization/density measurement
  • Maintaining standards and consistency
    • System integrity – programming and configuration
  • Responding more effectively
    • Alarm metrics
    • Site performance
    • Anomaly detection/machine learning

To provide some contextual examples:

  • How can we guarantee (or provide our clients/auditors guarantees) that our systems are 100% compliant with standards, rules, policies, laws, audits, certifications and accreditations without having a platform that is constantly analyzing and comparing our requirements and standards with the real system configuration and either alerting us or fixing the issue automatically?
  • How are we currently tracking all our network-connected assets, managing product life cycle and assigning accountability for management and maintenance of these devices? Is this transparent to the wider business and in particular cybersecurity teams?
  • Are we sharing any anonymized attendance or utilization metrics from our systems with other teams? The more data points that can be collected to understand the usage of a building, the better space can be planned or used – which in turn drives improved user experience, more efficiency and reduced costs.
  • How do we know our systems are performing effectively without being able to take a holistic view on the situation? Can we guarantee the system workflows in place for our panic alarms are all configured as we think they are?
  • How can our stakeholders guarantee that our teams are controlling access to their rooms/areas effectively if they aren’t able to continually see what is happening?
  • If we are looking at our security from a single dimension, how can we effectively identify and prioritize risks?

The journey of this data has moved particularly quickly over the past few years. Native reporting through the access control graphical user interface has transitioned to the use of data visualization platforms and now (with the advancement of data warehousing solutions) the possibility to cross-reference data sets (enriched data) to make smarter decisions that impact the wider business.

The future holds great opportunities for more predictive analysis through machine learning and we will soon find ourselves in a position where we are identifying risks and opportunities we perhaps never even considered.

The challenge now is to understand how to begin this journey.

Firstly, we should accept that data is endless, and unless we know what we want to achieve, it’s very easy to find ourselves going around in circles without any tangible benefits.

So we need to ask ourselves – what action do we want to be able to take because of our data?

For instance – do we want to maintain system configuration standards/parameters by defining baselines and continually analyzing to identify and remediate anomalies?

Or do we want to know if Employee X accesses our New York office, but his laptop logs on in our London office? Should the badge or the laptop be disabled automatically?

Once we have established this and our data is flowing to our warehouses, we need to ensure our data quality/integrity (e.g., correct naming conventions).  This will allow us to understand the results of the data much more easily and correlate data sets seamlessly.

Of course we can use our data warehouse to identify these issues and clean up our systems too! But once completed, we open the door to a whole host of other opportunities, many of which we may not yet even be able to see.

Want to know more? Join SIA’s Proptech Advisory Board and get involved!