Companies are thinking differently about resilience and risk, and the daily headlines make clear why.
As a result of COVID-19, every company, regardless of industry, is aware of its security posture. The founder of a small urban food-delivery business and a Fortune 500 executive with a global supply chain face the same questions: Where are the threats to my personnel and assets, and how can I maintain business continuity?
A decade ago, executives might have struggled to understand their vulnerabilities to climate risk or civil or political unrest. Today, in a fast-moving globalized world, they have to answer for a variety of threats: extreme weather, economic distress, geopolitical ambiguity, terrorism, infrastructure collapse, individual acts of violence, and pandemics. Consequently, C-suite leaders are escalating the priority of corporate security strategies, believing them as essential to a business’s long-term health as growth is.
It’s clearer than ever that prosperity requires newfound resilience.
Seeing the Threat Matrix
Every security threat has a spatial dimension—that’s why a geographic information system, or GIS, has become a key technology for mitigating risk and responding to disruptions.
A GIS map brings instant context, showing stakeholders in real time where risks and vulnerabilities threaten assets, people, and communities in any scenario.
The technology fulfills a centralizing role in security, providing a common operating picture of location-specific factors like weather, traffic, social media chatter, and evacuation plans. It can perform tasks as basic as showing which roads are still passable in the midst of flooding, and as sophisticated as showing a real-time view of a corporate campus during an emergency. Perhaps most importantly, location intelligence—geospatial insight that enables better business decisions—helps companies prepare to meet threats before they even arrive.
Corporate Security, Then and Now
Corporate security is practically as old as business itself. The term “riding shotgun” dates back to the days of stagecoaches and highway robbery, when Wells Fargo hired employees to sit upfront in carriages transporting currency, holding a shotgun to deter thieves.
Today, corporate security is harder to define because it encompasses multiple disciplines. Strategically, it covers enterprise risk management: the policies and procedures an organization deploys to strengthen itself against adverse events. One important example is using location intelligence to ensure that data warehouses and data back-up centers aren’t located in risk-prone areas, like those subject to flooding.
At the operational level, corporate security extends well beyond weather-related events. For instance, the recent spate of flash mob robberies at US retailers has earned the attention of corporate security teams. Other security teams are focused on executive protection—gathering risk intelligence and monitoring where key employees travel around the globe—and special event management.
The objectives and outlook of corporate security teams have changed as well.
In the past, physical security was often the focus—implementing locks and access controls, running security cameras and a CCTV network. Many in the industry came from law enforcement backgrounds, and a castle mentality prevailed—the inclination to raise barriers against possible threats or intrusions.
Today’s security and resilience professionals are more apt to talk about a “threat landscape”—a kinetic, dynamic paradigm in which a bank, for instance, might be vulnerable not only because it stores currency, but because it could be a symbol for non-state terrorists to attack. Accordingly, more people with intelligence backgrounds are entering the field. These professionals are using GIS technology to produce location intelligence that is more proactive than reactive; it helps identify areas at possible risk—from geopolitical, climatological, or other threats; uncover bottlenecks; and inform contingency plans to mitigate adverse effects and enable continuity.
A Changing World
Globalization is reshaping the breadth and depth of the span of responsibilities for corporate security.
As companies expand into new and more dispersed marketplaces, they increase exposure to a wider array of risks—a concern the pandemic has made abundantly clear—and so they require a robust resilience strategy and high-caliber security professionals to manage it.
Regulatory bodies and insurance and reinsurance organizations have also begun exerting pressure on companies to improve security and accurately assess multiple categories of liabilities in locations around the world. With climate change poised to transform sectors like real estate and agriculture, resilience is becoming a priority for industries that may not have been considered highly vulnerable to risk in the past.
What’s happening today is not unlike the aftermath of 9/11, which also had a resounding effect on how businesses think about threats. The attack helped raise awareness around “black swan” events—highly improbable, difficult to predict occurrences that can cause maximum damage. As a result, business executives have increasingly funded the creation of corporate security centers that are continuously on guard against dangerous developments in the geographies where the business operates.
Centralizing Corporate Response to Threats
Large companies in particular are centralizing and coordinating responses through a security operations center (SOC) or global security operations center (GSOC). These nerve centers monitor operations nationally or internationally around the clock, managing the flow of information and collecting and evaluating data as it pertains to risk. Most operations centers use GIS technology to show the company’s activities in real time worldwide—and create user-defined operational pictures of any activity that needs attention. The centers are similar in function to the state-operated fusion centers formed after 9/11 to facilitate a pull-push exchange of important information between agencies.
Companies often need this caliber of domain awareness because law enforcement may not be able to provide the degree of detail necessary for a corporation to mount the appropriate response to an incident. Operations center teams can get an understanding of events before they’ve come to fruition or as they’re occurring, and push information up the chain of command more quickly than outside organizations can.
This kind of centralized, location-specific intel proved invaluable during the pandemic. Security professionals who had been monitoring storms and other incidents quickly pivoted GIS technology to track and communicate updates on case counts, local shutdowns, and employee health and safety.
Securing Events through Location Intelligence
One of the areas that GIS-equipped security centers have most transformed is special event management.
Employing the latest technologies, a company can have a real-time view both vast and intimate of a large-scale complex event. A smart map or dashboard makes clear the layout of infrastructure like buildings and underground facilities, as well as points of interest like fire alarms and defibrillators, medics and cops, and areas where suspicious activity has been reported.
Layers of information can be peeled back or added as needed. Or security personnel might toggle between hard and soft zones of inner and outer perimeters—focusing, for example, on the neighborhood surrounding a site to understand the situation better.
Linked up with other platforms, GIS-based analysis can go even deeper.
Professionals in the field carrying out tactical site surveys can update mobile devices to identify points of interest and immediately sync to the common operating picture. Using drones capable of real-time imagery capture, operations teams can quickly enhance a basemap with images of temporary structures like tents or barricades. The use of 3D technology allows for analysis of viewsheds and lines of sight—the ability to determine who can see what and be seen where. GIS visualizations reveal where shade will fall at a given hour, or how far a flood might overrun on a neighborhood.
Unlike a static security operation plan written on a whiteboard or frozen on paper maps, a location-aware dashboard enables security personnel to be dynamic, responding in real time to where assets and threats are.
Forecasting and Mitigating Extreme Weather Risks
Another area where centralization and location intelligence have bolstered corporate security is in anticipating and quickly responding to extreme weather events.
When weather disasters strike, each state marshals its own resources and handles its own response. But national or global companies exposed to the same risks may have to respond simultaneously across those locations.
The 2018 flooding through the Ohio River Valley and down the Arkansas River, for example, touched some retailers with a presence from Nebraska down to southern Arkansas.
A major chain with a GIS-savvy GSOC can begin to model the storm even before a raindrop has fallen, forecasting where and what the impacts will be and what precautions should be taken. Those models might show where rainfall could prompt river flooding, illuminate which roads and areas could be affected, and predict other downstream consequences.
The security team can communicate with offices and stores to let them know a bad storm is on its way, and to ready flood mitigation resources. Store staffs can also prepare for surges in activity, including traffic and high demand for certain products.
Beyond ensuring its own business continuity, a security operations center can use location data to support the community and liaise with state and local government, deploying resources like water or tools to places in need. The effects of weather events tend to radiate outward, putting pressure on communities and areas further afield. People who are evacuating may need to find shelter or temporarily regroup in parking lots. A smart map can identify these areas before the need arises.
The same principles apply with other types of disasters. In the case of an earthquake, a GSOC can overlay shake maps on the company’s network of offices, warehouses, or stores to understand which are affected by an earthquake. Or during a tropical storm, a map with a layer of power outages can contextualize data about facilities and the grid in order for business leaders to make smart, fast decisions.
The Future of Corporate Security
Far removed from the days of shotguns and stagecoaches, the field of corporate security is radically evolving.
We’re already seeing the latest cutting-edge applications, including advances in indoor location tracking that use geomagnetic positioning and the frequency of metals within the building to yield a more accurate picture than ever before.
GeoAI promises to help companies process massive amounts of information with potentially huge benefits for security. Machine learning makes it possible to study millions of pictures and videos and learn to detect anomalies, like too many people crowded in one location, or a fire breaking out. Computers can learn to look for those anomalies in security data and video in the future.
And with new cloud-based innovations, companies that use GIS technology can now practice distributed collaboration. Organizations that traditionally compete to attract customers can now collaborate on security by sharing maps and information related to shared threats.
However sophisticated the technology might become, the fundamental goal of corporate security remains unchanged: to get the best data on which threats exist and where, and put plans in place to mitigate risk and maintain business continuity.