Governance, risk and compliance (GRC) strategies are at a pivotal time where the convergence of physical security and IT systems is allowing facility managers and security professionals to optimize risk management programs and streamline proactive threat protection. Following Johnson Controls debut of the OpenBlue Security Lifecycle Management offering, we sat down with Greg Parker, Vice President of Innovation and Portfolio Management at Johnson Controls, to discuss the state of the industry and how building owners can act preemptively amid the swiftly evolving landscape of security risks and solutions.

What are your main takeaways on the state of the security industry in 2023?
The conversations we’ve had throughout the year and at industry events such as GSX all led back to rising data threats and increased privacy regulations. In the coming years, having a governance, risk, and compliance strategy will become an integral part of business planning and operations. IBM’s 2023 Data Breach Report found that the global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years. The challenge though, is that businesses are currently facing competing priorities, so they are looking for ways to streamline operations while also building up risk management programs.

The solutions generating the most excitement this year were those that brought real-time visibility into the full building system, bridging the frequent and troublesome gap between IT and physical security teams. Practitioners are looking for tools that will provide insights and context behind their facilities' threats, as well as help to maximize the efficiency of operations.

What do you believe are the biggest threats in today’s security landscape? How can building owners begin to mitigate threats?
The security landscape for building owners is multifaceted, encompassing physical security threats like break-ins, environmental risks such as natural disasters and cybersecurity vulnerabilities brought about by the growing reliance on smart building technologies. This dynamic landscape highlights the importance of regularly assessing and adapting security measures to address emerging threats and maintain a resilient security program.

The Johnson Controls Tempered Airwall gateway offering, which provides zero-trust security within the fabric of OpenBlue Security Lifecycle Management, was made with this in mind. In order to mitigate threats, building owners must have a clearer picture of their networks. Having a zero-trust cybersecurity architecture protects, connects and centrally manages access to security devices to proactively protect devices and simplify network management.

How are the priorities of security stakeholders evolving based on those emerging threats?

Johnson Controls recently collaborated with Forrester Consulting on a survey of security decision-makers regarding the future of smart buildings and found that 63% said improving occupant safety is a top priority for their building systems. When speaking directly with our customers across various industries including higher education, healthcare, facilities and more, they are currently looking to:

• Enable system-wide monitoring and optimization to achieve equipment and operational efficiency.
• Secure resources and expertise to keep all systems updated with critical patches.
• Leverage technology that factors in all building systems and operational elements such as HVAC, security, emergency response, medical and more.
• Access external resources and expertise to keep up with security updates due to labor shortages and a lack of internal support.

What are the biggest pain points that are making it difficult for building owners and operators to mitigate risks effectively?

Monitoring and managing security infrastructure is challenging for a variety of reasons. Our survey with Forrester also revealed that physical and data security still exist in silos in many cases and that organizations need help with continuous monitoring of building security systems.

Building security decision-makers are struggling to receive actionable insights. Nearly two-thirds of security decision-makers struggle with getting information from all necessary systems for the full context of security threats.

• 64% of building security decision-makers feel they need to collaborate more with IT.
• 63% of respondents said they sometimes struggle to manage and verify uptime and health of video surveillance or access control systems.
• 58% indicate their cybersecurity teams lack 24/7 visibility into all building systems.
• Only 42% of security decision-makers indicate their teams have 24/7 access to alerting/monitoring from all building security systems.

How can building owners proactively mitigate risks and keep up with the rapid evolution of threats and solutions?

Building owners should develop an integrated risk management program, which can leverage data collected by many of the building systems they’ve already implemented. Risk management bolstered by connected solutions can help them stay ahead of the potential vulnerabilities that can cost time, money and reputation.

According to the recent Forrester survey, companies with the ability to monitor and manage all building systems continuously struggle less with identifying and responding appropriately to threats. Check out Johnson Controls new OpenBlue Security Lifecyle Management Services offering that’s providing building owners with peace of mind in knowing that skilled engineers are leveraging secure zero-trust connectivity and data insights for proactive health monitoring, rapid remote support, and ongoing updates of their security systems and devices.

In today’s landscape, building and facility owners can’t afford the financial, reputational and, most importantly, safety risks associated with compromised security devices. Turning to an integrated partner will help integrate data and analytics platforms, connect and optimize risk management programs and streamline proactive threat protection.