Skip to main content

Digital evidence management: A catalyst for the digital transformation of SecOps

digitalisation
(Image credit: Ditty_about_summer)

The vast majority of corporations have made digital transformation a top priority, enabling IT teams to enhance operations through the adoption of cloud-based infrastructure, for example, that brings improved functionality, simpler regulatory compliance and lower costs. Yet, scratch below the surface and it’s clear that different group functions are progressing at very different rates.

Physical security is one area where digital transformation is lagging behind. In fact, research conducted by Genetec, The State of Physical Security 2020, suggests that only 37 percent of global security respondents are actively evaluating new technologies. In stark contrast to many other sectors making substantial efforts to move to off-premises infrastructure, 61 percent of security professionals reported they had no plans to move to the cloud. This results in very poor visibility for IT teams, as crucial elements of an enterprise’s physical security infrastructure continue to operate on legacy, analogue and siloed infrastructure that is impossible to audit, inefficient to operate and difficult to protect from cyber threats and privacy breaches.

Within physical security departments there is often a misplaced lack of trust and misunderstanding of the cloud. As evidenced by a refusal to consider it on security grounds when so many other critical functions of the organization – such as finance and HR teams – are already making extensive use of cloud-hosted systems. In part, this is due to a significant proportion of senior physical security professionals coming from law enforcement or the military, bringing operational intelligence to their organization rather than a technology background. It therefore falls on the shoulders of the IT department to educate their colleagues around these misconceptions.

The IT department’s role in DX

Given the discrepancies between the value of digital transformation and security’s lack of digital expertise, IT teams need to become the driving force behind digital transformation projects and change this status quo. As all IT professionals know, user buy-in is essential for any digital transformation project so it is sensible to begin with a relatively quick-to-implement project with clear measures of ROI. With this in mind, I believe the logical place to start is by initiating a conversation about how video footage is currently being managed and shared with external stakeholders. 

For instance, under EU law any member of the public can file a data subject video request to obtain CCTV footage. GDPR Article 15 states “the right to obtain copy… shall not adversely affect the rights and freedoms of others,” this short clause presents a real logistical challenge when every frame of video could contain many other third parties.

Without digital evidence management in place, data subject video access requests can be a convoluted and time-consuming process. It’s not uncommon for employees to be manually redacting identities, burning footage on to physical storage media such as DVDs and couriering it to the relevant party. This is not only exceptionally time-consuming and process-driven. It also creates a chain of custody issues as the organization loses control and oversight over how that copy continues to be stored and shared.

On the other hand, a digital evidence management system streamlines the handling and processing of these requests, while ensuring each request adheres with EU GDPR regulations - driving efficiencies at every stage and enabling a rapid return on the investment. Organizations need to look to these kinds of solutions, not only to help shore up inefficiencies but to serve as security’s first step towards successfully transforming, ensuring better-connected, digitally enabled operations.

Evidence acquisition

Taking a digital approach means data privacy personnel can collect evidence and organize it by adding it to cases – i.e., including only what is necessary. By adding evidence to cases, you can automate the security, access and retention policies of given information. Furthermore, evidence can be uploaded from an array of different sources, such as body worn cameras or mobile devices, while evidence can also be collected from the public by publishing a link to an upload page to assist investigations.

An effective system should also be able to support an array of different video formats, as it dramatically reduces the time spent on manual conversion of different video formats from disparate systems. At face value this might not seem like the biggest benefit, but moving from a manual to a digital process eliminates a lot of the time and costs of dealing with compatibility issues and courier fees.

Redaction

Given the stringent privacy regulations, when evaluating possible solutions, you should make sure that your Digital Evidence Management System provides a smart solution for video redaction, allowing users to better protect the privacy of bystanders or witnesses it also means staff don’t need advanced video editing knowledge to redact video elements.

Digitizing evidence management not only saves on cost, it also enhances compliance and shareability with third parties like law enforcement. Of course, rules need to be in place, such as user privileges, as assigned by the administrator, but leveraging digital management systems equips security teams with the tools to manage costs, improve operations and simplify Article 15 compliance.

Evidence sharing and collaboration

Digital evidence management systems host the exchange of information with other stakeholders inside and outside your organization by linking them through email, eliminating the outdated analogue approaches, like DVDs, and the cost of registered mail. Of course, there are digitized alternatives, such as File Transfer Protocol (FTP) and other cloud-based file hosting solutions. But even though files stored on these sites and platforms are secure, the data can be vulnerable if login credentials are compromised. As anyone who has a client’s username and password, which are often in plain text form and sent via email, could possibly violate any information on an FTP site.

Furthermore, FTP sites lack detailed audit trails, so if ever a breach occurs, there is little information to detect who caused the violation and who has been impacted. Links to FTP sites do not expire either, further exposing companies that do not manage or update their settings regularly.

Integrations with existing systems

Often, organizations will already have DSAR (data subject access request) systems, so taking a digital approach to evidence management allows for direct integration and the removal of silos. It also allows for smarter ways of working. For example, digital tagging via keyword or map-based search to find digital evidence further enhances the ability to use the platform for collaboration. Access to information is controlled by user permissions and activity is tracked within the system’s audit trail report, which include detailed information about the user, activity type, and timestamps - providing a clear chain of evidence.

Final takeaways for the IT Team

Inherent distrust can be a valuable trait for physical security personnel and can help them to perform their jobs to a high standard, but there needs to be a change of mind-set with regards to digitizing operations if organizations hope to achieve true digital transformation. IT professionals must take a leading role in driving their organization towards digitization and introducing a Digital Evidence Management system could be the catalyst to achieving this. Not only can it enhance operations and efficiency. It can also eliminate a compliance blind spot and help to generate buy-in from a function that has traditionally been slower in its adoption of digital transformation.

Jean Phillippe Deby, Building and Industrial Commercial Lead, Genetec

Jean-Philippe Deby is Building and Industrial Commercial Lead at Genetec. He is responsible for developing new initiatives in Europe.