A&S talks to Joachim Stark, Global Director of Digital Video Surveillance at IBM Global Technology Services, about the company's decisions to enter the electronic security field. Given the growing complexity of corporate and government security requirements, the IT giant found that its prowess in managing and processing information was highly welcome. IBM executives, however, found that decision-making timelines are a bit more drawn out than would be the case in the IT sector.
A&S talks to Joachim Stark, Global Director of Digital Video Surveillance at IBM Global Technology Services, about the company's decisions to enter the electronic security field. Given the growing complexity of corporate and government security requirements, the IT giant found that its prowess in managing and processing information was highly welcome. IBM executives, however, found that decision-making timelines are a bit more drawn out than would be the case in the IT sector.
IBM has long been recognized as an industry leader in the IT sector. Given that a number of things that IBM was doing also touched upon physical security (referred to as a "conversation of logical and physical security"), corporate executives were soon eyeing opportunities in electronic security.
Logical security, said Joachim Stark, Global Director of Digital Video Surveillance at IBM Global Technology Services, involves network and computer access as well as data protection. Physical security is about video surveillance, access control, and intrusion and fire detection.
In the mid 1990s, IBM was working on — just to name a few — smart cards as well as developing operating systems for smart (Java) cards; this led to access control for corporate buildings and offices.
"We noticed that similar levels of security and access control were involved with systems, corporate servers and personal computers," said Stark. "We started to look at the necessary combination among these various fields."
In addition, he pointed out that IBM had been working on supervisory control and data acquisition (SCADA) systems. "Our technicians have taken data from SCADA systems to work on the data management and process side of SCADA-based solutions when they became TCP/IP-based."
At the same time, IBM developed its IBM Security Framework (ISF), which looked to develop overall standards for security that were in line with Control Objectives and for Information and related Technology (COBIT), and to bring best practices into a standard framework. The initiative also looked at how to deal with people, data, application, network and physical security. "It's a holistic approach to security," said Stark.
The divisions of the ISF are: people and identity; data and management; application and process; network, server and endpoint; and physical infrastructure. Each of these is also provided with IBM's professional service, managed service, and software and hardware support teams. Identity assures that the right people have access to the right assets at the right time; information protects critical data in transit or at rest across the lifecycle; application ensures application and business services and security; system infrastructure stays ahead of emerging threats across system components; and physical security leverages increasing capability for digital controls to secure people or property in physical space.
Capabilities
The business segments that IBM can service include everything from aerospace and defense, banking and consumer products to education, retail, telecom, transportation and wholesale distribution. This means support for business intelligence, customer relationship management, enterprise resources planning, financial management, human capital management, product lifecycle management, security, security and actuators, strategy and change, and supply chain management.
IBM focused first on solution architecture and market strategies for these customers, leveraging its IT expertise as well as innovative technologies for specific segments. "We were active in a number of areas, including access control and smart cards," said Stark. "These, however, were not traditional smart cards, but those with encryption to run software commonly applied to key public infrastructure." IBM's intent was not to enter the physical security space as a direct competitor to established players, but rather to work on areas that had demand for technology-driven innovation. One example was security processor-based smart cards and the software to run them.
According to Stark, IBM has always set the objective of applying capabilities to manage complexity so that it would be easier for clients to get value. "We also 
planned and built our RFID solutions with large customers to benefit solutions like supply chain management." Examples are warehouse supply and logistic management where shipped goods on a palette packaging level are automatically read and inventoried when passing, say, a warehouse gate. Again, the attention was given to technological and market development rather than to manufacturing actual sensors and readers.
Stark elaborated: "We wanted to plan RFID solutions in the broadest sense. We wanted to examine how the technology could be used to collect data, while maintaining security and privacy."
The company's labs have been working for more than 10 years to develop what academics call "computer vision," which is the basis for video analytics. "Our approach was to have different groups (brands) in IBM find out what value each of them could provide to the market and bring them together for further client value." This involved its software division, which was working on operating systems; the services team, which was looking at developing opportunities with regard to technology implementation; and, finally, identity management, which worked with trusted third parties to determine the most effective solutions that would truly meet customer, rather than IBM sales, objectives.
This led to the formation of IBM's Emerging Business Opportunities — a corporate-wide incubator — in the late 1990s to take a number of initiatives from different brands to see where, when and how they could be combined. "This involved various technologies such as wireless, open-source software and, ultimately, electronic security. The group was tasked with finding ways to grow the business, and one of the areas with the best prospects was determined to be electronic security."
The group focused on driving new IBM businesses from the startup process to the first 24 months. "We put teams together to work on the hardware, software and services to form an A team, while incorporating client insights into the value proposition," said Stark. "We also wanted to verify that, in various client markets, value could be contributed if IBM were involved. We wanted to deliver total solutions and conduct experiments to prove to ourselves and the market that clients would benefit from an integrated approach."
In 2002, IBM formally established its electronic security team. "IBM has had a lot of software expertise in this area. Where IBM could differentiate itself was in this total-solution approach rather than cookie-cutter individual product sales and technologies. We leveraged underlying products and technologies. Furthermore, our technological contribution also added value to the solution layer."
"We also noticed similar activity by other IT players," Stark continued. "We were all aware of what was going on in the market because most of us are actively involved in industry consortia or associations. Many of us, especially those with expertise in IT, saw the same potential." While for the past several years, everyone has been talking about the entry of big IT players into the market; in reality, this involvement was going on for a much longer time. "It's just that it became more noticeable, more transparent," said Stark.
There were, however, challenges. The timeframe that IBM had set out for its special team to get going as a growing market portfolio proved to be too short. "Imagine what's involved with any startup. You have to decide whether to engage in products, solutions or both. In parallel, you have to work with other ecosystems to determine when you want to cooperate and when to compete."
From the marketing perspective, IBM executives also had to figure out how to translate IBM's IT expertise into that space. Likewise, IBM had to learn the lingo of electronic security to understand client needs and solution requirements. "We then mapped those to IT and IT process layer terminology to respond with solution value that is mapped back into client businesses," explained Stark.
"We had to leave the IT lingo and approach to enter a new field — though not a 
totally different game — to find a business strategy that would help us effectively leverage IBM for different customers. From my observation, there were a lot of unrealistic expectations about what electronic security could deliver. One of the biggest was how fast the industry would migrate to IP networks and IP-based devices; adoption of these solutions and products by the market was not as fast as expected."
What has long been in IBM's DNA is designing networks with proper bandwidth and utilization. "We've been looking at use of video surveillance to determine how we can scale out without creating bottlenecks. We're working to develop an IT infrastructure that is appropriate for use with electronic security."
The challenge in the early days, he recalled, was to show that IBM could provide value both to its own organization and potential customers. "We needed a few successful projects, a few early wins to demonstrate ROI. We had to chart out technological roadmaps for our customers to follow."
By mid to late 2006, IBM started to see more mature deployment and coverage. "We used digital video surveillance to drive the space using a service approach." A team was established as an element of IBM's global services group. "We commercialized the research to achieve a full-service role by serving as the prime integrator while choosing to work with various consortia."
One of IBM's most visible wins was a citywide surveillance project for the city of Chicago; others included a seaport in Italy and other critical infrastructure projects around the world. In Chicago, IBM is in charge of setting up an entire infrastructure and running that back to the operations center. This involves transmitters, cameras, routers, encoders and wireless networks as well as the central intelligence and control center.
"IBM is working with local installers to construct a subassembly of cameras, encoders and routers. We're also working with advanced analytics so city administrators know what's going on throughout the city at all times," shared Stark. "This project involves many phases over multiple years. The scale is immense; the amount of sophistication involved is incredible."
Meanwhile, the IBM data center provides appropriate software and innovative electronic security. "This is really IBM's core territory — we are an enabler of processes. With video analytics, city officials can not only monitor, respond and dispatch in real time, but also do forensic searches." City officials thus have the ability to determine if suspicious behavior that they are not even looking for (for example, multiple vans simultaneously stopping in front of critical buildings at unusual hours) was occurring. "They want to recognize such threat patterns so that alarms can be triggered when appropriate," said Stark.
Of course, there are always difficulties and challenges with any project as IBM works with a number of technology partners. "We manage the ecosystem by ensuring that all partners work together to optimize the process," stressed Stark.
IBM is now in discussion with cities all over the world to roll out similar types of public-security projects. "It's a new business, so we don't have the same level of skill or skilled employees around the globe," pointed out Stark. "In addition, our relationships with various customers may not be as mature." This varies from country to country, and even within the same region.
There is, however, still a lot of room for further technological development. "We have to give our customers a better understanding of the technology by delineating the capabilities from science fiction," said Stark. "For people who don't understand video surveillance, there are often unrealistic expectations about what the technology can do. Others are skeptical to a far greater degree than is justified; they claim to see no value whatsoever in video analytics."
To get around this, Stark recommended that the technology and what it can deliver need to be narrowed down to meet realistic expectations. "I'm not saying IBM has all the answers. We do, however, come at this from a different angle, an IT solution angle that complements and adds value to physical electronic security. Articles like this are great for promoting thought leadership!"