The cheapest systems often fall short in terms of compliance, expansion ability and cybersecurity
Several months ago, I wrote about how to choose the right physical security system for cannabis facilities. My article highlighted the importance of choosing an open-architecture solution that provides a single, unified view of cameras, access control and other sources, to ensure regulatory compliance, improve operational efficiency, reduce costs and scale for future growth.
Open-architecture security systems allow you to right-size your investment in security. You can buy only the hardware, service and storage needed now, with the knowledge you can add to your system later as your needs change.
Because open-architecture systems don’t lock you into proprietary hardware, you’ll have a larger choice of products from a wide range of manufacturers. Here are some tips to help determine initial features to invest in and how to design your security system to scale for future growth.
– Know your regulatory compliance requirements: First up are the non-negotiables. Each jurisdiction has specific compliance requirements for security, and operators may not fully understand how this can affect things like server space to meet video retention specifications or access control logs.
If your cultivation facility requires 200 cameras to ensure complete coverage and your state requires you to retain video footage for 90 days, how much storage do you need? The answer depends on multiple factors, including camera resolution, how many frames per second are recorded and whether you’re recording 24 hours a day (as required in some jurisdictions). There’s no way around it: You’ll need to do these calculations to know you’re buying enough data storage to comply with regulatory requirements.
Cloud-based storage is an option that reduces on-site hardware costs. If your requirements mandate multiple months of video storage, a hybrid system may make more sense. For example, if 90 days retention is required, consider a solution with 30 days storage on-premises that can also upload to cloud storage. As the on-prem system reaches capacity, it continuously uploads the older video to archive. This approach meets your 90 days of compliance while minimizing upfront server costs.
Law enforcement or legal teams may need to be able to review evidence history to determine if the video was downloaded or deleted. And so other features you may need for compliance could include remote connectivity for regulators to view video, watermarked video to ensure the video hasn’t been tampered with and audit logs for compliance officials.
Employee access credentials may also have special requirements. For example, you may need to keep a log of lost or stolen badges and choose a system that can immediately deactivate them to ensure they can’t be used by unauthorized persons to enter your facility.
Regulations vary significantly from jurisdiction to jurisdiction — and can be changed with minimal notice. Choose a security system that can easily be adapted and respond to new requirements, as well as your future growth.
– Don’t scrimp on security: Security hardware costs have dropped significantly in recent years as new manufacturers have entered the market. IP cameras are now mass-produced around the world. Choices for storage hardware and video appliances abound and it’s tempting to make decisions solely based on cost.
Something to remember: All security hardware requires software to operate. That’s why it’s important to look beyond just price. As operators large and small have learned, the cost of replacing insufficient or unsecure hardware is far more expensive than buying the right product upfront.
What does “unsecure” mean when related to hardware? It means there are products with cybersecurity holes that could allow your network to be breached. Breaches can allow theft of customer data or installation of ransomware to lock up an entire network. Recently, the U.S. House of Representatives passed a bill banning the Federal Communications Commission from approving devices from manufacturers that pose these types of security threats.
Because of those threats, some open-architecture security software companies will not support any hardware from those manufacturers. It’s an unnecessary risk when there are affordable options from manufacturers whose products meet cybersecurity standards.
Quality is also essential for hardware servers (also known as network video recorders or NVRs). NVRs with inadequate processing power and memory can result in video loss and the inability to view live and recorded video at regulated levels. These limitations also impact the ability to add additional cameras to systems when needed.
Value isn’t valuable if you’re fined because of missing video, can’t meet storage retention requirements or have to repurchase a larger appliance to meet unforeseen needs. My recommendation is to find a consultant who works specifically with your jurisdiction to design a secure and compliant system.
– Plan for growth: What will your operation look like five years from now? If cannabis is legalized across the country, many operators will seek to expand into new jurisdictions. Do you hope to expand into other states? Because regulations differ from state to state, your security platform needs to scale to meet different requirements.
Reliable high-speed internet that can provide remote access to video is another consideration. Many cities now require visual verification of intrusion alarms; law enforcement won’t respond unless an intruder is visually confirmed. Bandwidth is also important for cloud-based or hybrid systems. Multi-site or multi-state operators will also want enterprise-level capabilities for video, access control and intrusion that brings all data into a single platform.
Avoid proprietary cameras or recorders. You may be locked into a product that may not scale to your future needs. Proprietary products are also vulnerable to component shortages and tie you to pricing with no alternatives.
– Think about the bigger picture: Federal decriminalization will accelerate one of two business paths for many operators: either expansion of their enterprise or acquisition by a larger operator. Your security equipment is a part of the total value of your enterprise. During an acquisition, remember that potential buyers will calculate any additional security spending required in their potential offer. Your investment in quality, open-architecture IP cameras, access control and intrusion panels will reduce the cost of replacing proprietary or low-quality security hardware that may not meet the buyer’s standards or work with their existing platform.
– Do your homework: As you can see, there is a lot to think about when selecting a security system. For potential new operators, engaging a consultant for system design with cannabis experience is strongly recommended. This is vitally important in states where a limited number of licenses will be issued. Mistakes made on the initial submission may eliminate operators from consideration.
Another advisable strategy is to thoroughly vet the potential systems integrators who would install your security systems. The right choice for your facility should have previous cannabis industry experience — preferably in your jurisdiction. They should also help guide you toward quality, open-architecture manufacturers for the reasons mentioned above. Also, ask about service response times; some jurisdictions set time limits on how long a camera can be offline, for example. Do they offer remote support?
Finally, If you’re a multi-state operator, or plan to be one in the future, understanding the geography they can support is another consideration in making the right partner choice.