Features Research
What to expect in 2016

Depending on whom you ask, security is either pacing itself for a marathon or breaking into a sprint. This year we asked experts in five fields — M&A, home automation, CCTV, cyber security and mobility — to give us their take on the directions they see the industry taking and how these may alter the competitive climate.

Mergers & Acquisitions
Leonard Sudermann, president of Calgary-based Securex Financial Corp., which provides financing to security alarm companies, sees little activity in the year ahead and a tougher competitive environment.
The consolidation at the upper end of the industry that started a few years ago, he says, is done; the larger players, such as Voxcom Security Systems and Protectron, have been consolidated by ADT.
Moreover, he does not expect to see much consolidation in the lower end of the market. Few companies are well enough capitalized to be able to finance their internal growth, combined with an acquisition.
Some companies could acquire capital through dealer programs, but, with only one major player in the industry right now, there’s a dearth of programs available to the smaller dealers.
“And ADT now is ratcheting up their terms, making it harder for the other companies to compete with the better financed, door-knocking firms, the Vivints and that,” he says.
SecurTek Monitoring Solutions and Counterforce, which also does acquisitions, are among the few that have dealer programs, Sudermann adds. And while some companies would like to sell, there are not a lot of buyers.
“There may be some activity, on the right terms and conditions with vendor take-back financing, for example. I see it as being fairly limited. I see Securex being involved to a degree, but I don’t see it throughout the broader industry,” he says.
This lack of M&A activity, he adds, marks a change for an industry where there used to be a great deal of consolidation. “That consolidation was driven by companies like Voxcom and Protectron. Chubb is out there still, and Honeywell. But they don’t do a lot of acquisitions. It’s not their business model.”
Looking beyond Canada, the London, U.K.-based market research firm Memoori Business Intelligence is predicting M&A in physical security will start to increase.
“Mergers and acquisitions in the physical security industry have been on a roller-coaster ride over the last 15 years. With an upswing in 2015, [Memoori] predicts that industry M&A will start a new cycle of growth during the next few years,” a recent article by the firm states.
In 2015, the article says, the value of deals increased to US$5.7 billion. The two most high profile deals — the acquisition of Axis Communications by Canon for US$2.8 billion and the merger of Kaba Holdings and Dorma Holdings — accounted for more than 80 per cent of the total value of acquisitions that year.
An increase in acquisition activity in the middle market during the last three years, along with ongoing problems of terrorism and political and economic uncertainty in some regions, are, the article says, “making the industry generally confident that investment will continue to flow into the physical security market.
“We forecast that the trend in M&A across the physical security industry will increase to US$6,500 million [US$6.5 billion] by 2020. We expect that some of the major conglomerates may sell off parts of their security products businesses, and this will provide a great opportunity for the specialist manufacturers to continue their M&A strategy.”
In the video surveillance sector, Memoori expects “leading Chinese manufacturers, which have significant market shares in some western markets, could have good reason to acquire western companies with leading IP technology at the enterprise level.”

Home automation
Several trends will affect the home automation market this year, says Blake Kozak, principal analyst at IHS. During the last year, the market has seen a slow down in growth primarily because many early adopters already have a system.
“So the challenge some companies are having is identifying how to educate their existing folks. You look at a lot of the traditional service providers — an ADT, Protection 1, Monitronics — there was an incredibly large number of legacy systems out there. We need to continue to see those being converted.”
Many companies have done a good job with that, he says, but they face a further challenge: another reason for the slowdown is that there has not been much expansion of the home automation pie.
While the total number of smart-home subscribers is increasing, the historical 18 to 20 per cent penetration rate for monitored systems in North America has not increased significantly.
Fragmentation, too, Kozak says, will continue to affect the market over the next year or so, especially in regard to connectivity, with Thread, HomeKit, ZigBee, Z-Wave, the various forms of WiFi and Bluetooth. Both Bluetooth and DECT ULE will likely play a larger role in the market, he expects, while it’s unclear how Thread and HomeKit will affect the market over the next year.
“What’s interesting will be: will this add to the fragmentation? The challenge is, even IKEA is starting to come out with their smart-home and automation solutions and really targeting a way to get into the market at a lower price. That adds to the fragmentation: when you have a company such as IKEA coming out with different offerings.”

CCTV
In CCTV, says Katie Brink, industry analyst at Cleveland, Ohio-based The Freedonia Group, we will see products, such as cameras and monitors, become increasingly commoditized.
Prices have fallen, and, as manufacturing capabilities have grown stronger, it’s become more difficult to compete. Thus, many companies have focused on trying to diversify and stand apart from the competition. That’s brought a move to introduce special features, such as thermal imaging cameras, extreme-weather cameras and high-light or low-light cameras.
However, while some end users will always want the latest and best technology, she adds, most people setting up a security system aim primarily to meet their needs and work within a budget. “So features such as thermal imaging or the high-light situation tend to be more niche or used in high-security areas where there’s a real need for security, vetting and paying attention to the perimeter,” she says.
“As a result, there’s been more of a shift towards the analytics, the video management, making the systems more flexible so that you can leverage them better. That’s really what will drive video surveillance going forward because, with analytics, you can help monitor people who are doing the monitoring — so the security guards do their jobs more efficiently.”
This may help reduce the number of guards needed because, rather than requiring many guards to watch several screens, the system can detect a problem, bring it up and point it out to a single person who is reviewing the screen. Or it could reduce the number of screens: there could be just two or three, and a guard can pull up the one needed when there’s an issue.
Another trend that will grow in importance, especially in retail, Brink says, is the use of analytics and leveraging the software not only for security but also for other purposes to help drive revenue. A store can use analytics to monitor operations or see if their marketing is working effectively.
“Going forward, the amazing capabilities of analytics, which have been growing more capable and will continue to do so, are going to help with that,” she says.
“In each industry, as manufacturers and software developers work with the end users and say, What needs do you have? How can we leverage the analytics to help you out in other ways, I think it’s going to increase the use of video surveillance.”

Cyber security
Kevin Lonergan, senior analyst at Toronto-based IDC Canada, says his company has seen strong growth in managed security services in Canada over the last few years, and they expect the trend to continue.
This is happening mainly because Canadian businesses, outside large enterprise organizations, are having difficulty finding and retaining highly-skilled IT security professionals. “Our survey results show that Canadian organizations ranked a lack of security staff availability as the No. 1 reason for migrating to managed security services,” he says.
“They need to have people there, available or on call 24×7, and there’s just not enough professionals out there to fill in all those gaps. Staff retention is also a big problem. Because they’re in such high demand, these people will jump around.”
According to the survey, Lonergan adds, another major reason for the move to a managed model was lack of security threat knowledge (ranked third in importance). Organizations now have four or five different mobile devices they have to support and make sure are secured. “The attack surface has grown so much, and it’s hard to find people who have knowledge of all these different threats.”
Survey data also showed the main roadblocks organizations face when trying to improve IT security is a lack of budget and lack of non-IT employee security knowledge.
“Organizations are saying that, despite email being 25 years old and people being on the Internet for 20 years, people are still clicking on links they shouldn’t; people are still falling for simple phishing scams. They just don’t have the knowledge,” he says.
“So, despite knowing that there’s a lack of proper security knowledge amongst their employees, organizations still admit to training very little of their staff on a yearly basis.”
Karl Sigler, threat intelligence manager at Chicago, Ill.-based Trustwave, says poor password security and management remain top of the list of things to look out for in 2016. The strength of passwords as an authentication control is more important than ever before.
“Cyber criminals are increasingly using automated password-cracking tools to identify passwords in a matter of seconds. This is because all too often users stick with default passwords or don’t want to have to remember a long, complex sequence of numbers, letters and characters.”
Through 2016, Sigler says, e-commerce will continue to be a prime target for cyber criminals, who are seeking Personal Identifiable Information (PII) and payment card data. Trustwave has seen e-commerce grow as their “Top Target Asset” for the past three years. Rising from 48 per cent in 2012 to 54 per cent in 2013, it is now at 64 per cent for retail breaches in 2014. “It is safe to say that we expect compromises of e-commerce sites to continue to dominate our investigations through 2016 and beyond,” he says.

Mobility
Daniel Bailin, director, strategic business development and innovation at Austin, Tex.-based HID Global, says the trend to using mobile phones to open doors will continue to grow. Interest in this technology increases as smart phones become more central to people’s lives. We’ll also start to see “wearables,” smart personal devices used now mainly to track activity levels, being used to open doors.
Generally, people want more options in access control than just the smart card.
“When smart cards were the only choice, we picked smart cards. But, just as there are many choices in this mobile phone world, we’re going to see the same expectation [in access control]. Part of this overall trend is called the consumerization of IT. The idea is that, I have a flexible, personalized experience in my personal life, and I expect to have that same range of choices in my enterprise life.”
Moreover, Bailin says, while some of these new products will continue to support NFC, the technology used with smart cards, more and more use cases in future will also support Bluetooth.
“The advantage of Bluetooth is that you have a somewhat longer read range, so it will make it a little bit more user friendly. And you open up some new use cases that you didn’t have when you were just supporting NFC,” he says. “Smart devices over Bluetooth give you more options for how you interact with the door.”
For the near future, mobile credentials will likely co-exist with cards or whatever other credentials are already in an organization’s system, says Katie Brink at Freedonia. In some companies, for example, executives have a card but are also issued mobile credentials. The rest of the employees may just have a card.
Currently, their use has been mainly for security. Some hotels have mobile credentials for room keys, sometimes allowing guests to check in via a mobile app. Universities have used them for student IDs, where they’re also used to access dormitories or buildings after hours. It’s easier to get in (they hold their phone up to the reader at a door), they don’t have to worry about losing a card, and the phone is always with them.
However, Brink adds, the common belief is that mobile will dominate. “As it becomes the standard to have a smart phone and technology develops, it’s eventually going to switch — and for many uses beyond security,” she says.
“But it will take time. It depends on companies’ needs. Some end users want the latest and greatest, or want to stand out to customers, especially hotels or universities that are trying to attract and retain students. Those are probably areas that will move quickly. But for a regular office, which already has cards, what’s the point in upgrading to a new system? You might upgrade when you start having issues.”  

Linda Johnson is a freelance writer based in Toronto.