printer friendly version

SMART and secure estates in Cape Town

In February, SMART Security Solutions hosted its highly anticipated SMART Estate Security Conference of 2024 at the prestigious D’Aria Wine Estate in Cape Town. The event, attended by a full house of delegates and sponsors, was a power-packed day of information, networking, and demonstrations. The delectable food from D’Aria’s kitchen was a delightful addition, and we couldn’t help but forgive those who discreetly went for a stroll and returned with a few bottles of wine to savour at home.

The sponsors for the Cape Town event were:

• Gold sponsor: Gallagher Security.

• Silver sponsor: Axis Communications.

• Silver sponsor: DeepAlert.

• Silver sponsor: Fidelity Services Group.

• Silver sponsor: My Estate Life.

• Silver sponsor: Nemtek.

• Ring was also on hand to provide a few high-tech products to give away in a lucky draw.

After fortifying ourselves with coffee and breakfast snacks, the programme commenced with the first presentation from Lesley-Anne Kleyn, a Management Consultant from the Marathon Group, who also has many years of experience in the security and risk assessment market – especially in estates. Kleyn’s presentation was titled: The (Serious) Business of Estate Security.

The (Serious) Business of Estate Security

Lesley-Anne Kleyn.

Kleyn divided her presentation into two parts. The first focused on five best practice principles for estate security solutions, while the second examined four common errors residential estates make. We briefly summarise the five principles below, although Kleyn provided more detail in her talk.

Principle 1: Every estate must have one precise, defined, overriding purpose attached to its security solution.

Principle 2: An estate security solution involves two primary parties. Only one party can take the leading and guiding role, and this party is not the security services provider. In short, the estate itself must take the lead over the entire security process, using a service provider (or multiple providers) to deliver on its requirements. It is crucial that the security solution is based on the requirements of the estate rather than a service provider’s business model if it wants to end up with an integrated and proactive solution that works as each estate requires.

Principle 3: Kleyn divides the third principle into two related parts. One can have a security solution that is cheap, fast, or good, but you can choose only two. Cheap and fast will not necessarily be good, while fast and good won’t be cheap. A good solution that is relatively inexpensive and phased in over time is more likely to meet the needs of an estate, provided the estate starts early enough (before a nasty incident makes security an emergency).

Choosing the right combination requires the second part of the third principle, made up of three exercises:

1. A comprehensive audit of existing solution (collecting and analysing field-tested data, not experienced opinion).

2. Risk determination to establish a data-driven risk baseline (by the HOA).

3. Then, you make a Cheap/Fast/Good choice based on your security strategy derived from the first two points.

Principle 4: There are four pillars each security strategy must consider if it is to deliver the results required:

1. Physical barriers.

2. Human resources.

3. Technology.

4. Processes.

Principle 5: Finally, Kleyn highlighted the five critical areas of any residential estate:

1. Network infrastructure.

2. True command and control of property.

3. Outer perimeter.

4. Access and egress control.

5. Proactive and reactive maintenance.

Four common errors

The four common mistakes estates make when implementing security solutions are:

1. The tendency to limit communication investments, resulting in inadequate network infrastructure.

2. Perimeter surveillance blunders include the type of cameras used, the mounting poles, and the design (where the cameras are ‘looking’).

3. Industry jargon may seem out of place when discussing security solutions for estates, but it is easy to get carried away with marketing and hype rather than examine the realities of the design, products, and integrated solutions one requires. An example is the trend of throwing the term ‘AI’ into everything.

4. Artificial intelligence (AI). It is easy to think AI will solve all your problems, but one must understand the context of where to use it and for what it can be successfully used.

Managing human risk

Jenny Reid.

Jenny Reid from iFacts was next to discuss the risks people pose in an estate. This is a broad area, and covers everything from security service providers and the staff they employ to the estate’s staff, domestic staff that come onto the estate regularly, and contractors that can be called in at any time for emergency repairs. It also includes temporary guests and deliveries, which have increased dramatically over the past few years, with multiple vehicles entering estates daily.

One of the most ignored risks comes from homeowners and tenants themselves. We’ve all heard about syndicates renting houses to scope the estate and help themselves to other people’s belongings, but rentals can also be a problem – especially in the age of Airbnb, where unknown people arrive and think they have free rein for a few days.

Reid presented a compelling case study of a problematic tenant who refused to change their behaviour or vacate the premises. The situation was exacerbated by the estate agent, who rented the property without conducting proper tenant screening, and even provided incomplete and invalid paperwork.

The owner lost the rent due to them, and the saga involved SAPS and lawyers. In the end, the court case cost around R132 000, while the cost of evicting the tenant (including loss of rent) amounted to about R150 000.

Every estate or complex has experienced similar issues, with different costs. Reid says the only way to prevent it is to change the rules of the estate to make it compulsory for owners to screen tenants. Adding domestic staff to those who must be screened is also a good idea.

Naturally, this may not work for short-term rentals, Airbnb, for example, but for rentals of 90 days or more, Reid recommends the most common checks, including:

• Identity verification.

• Credit history.

• Rental history.

• Criminal record check.

• Social media risk assessments.

Screening rules are more complex than they may sound, as the estate must comply with all applicable laws and regulations. The costs can be allocated to the estate agent, the homeowner or the tenant, and no rental agreements can be signed while they are in progress; Reid says seven days is a reasonable delay to get everything done. The vetting should be repeated annually; the lease agreement should stipulate this.

Different vetting processes should apply to various jobs, such as regular domestic staff, short-term contractors, etc. Moreover, estate agents or any ‘property practitioners’ must be registered with the Property Practitioners Regulatory Authority (PPRA) and have a valid Fidelity Fund Certificate.

Contracting companies must be able to provide:

• Reference checks.

• CIPC verification.

• BEEE verification.

• Tax clearance verification.

• Relevant industry registration and competency assessments; security officers must be registered with PSiRA.

• Verification of bank account details (if contracted by the estate).

Individual contractors should also be screened for the above, and for criminal record, passport or ID confirmation, and work permit verification checks.

iFacts has kindly provided readers with a reference document on background checks for estates which is free to download at www.securitysa.com/ex/iFacts-Reference-for-Estates.pdf (or use the short link: www.securitysa.com/*ifacts).

A legal facial recognition solution

Tiaan Janse van Rensburg.

Facial recognition has become a reliable means of identification, but it can be used only in access control scenarios where the individual has consented to be identified by facial biometrics. Identifying people walking around, even in public areas or on common property, has been a problem from a legal perspective. Tiaan Janse van Rensburg, director of Solution House, provided delegates with a solution to this through FaceCamAlert.

Locally developed, FaceCamAlert uses facial recognition and cloud analytics to help prevent crime proactively. Most importantly, Janse van Rensburg says the company spent a lot of money and time ensuring its functionality is both legal and PoPIA compliant (and that it works). He described the solution as “LPR for faces”.

The solution records images of known people registered, for example, to access an estate, or staff who access offices via facial biometrics. It can also capture pictures of unknown people via surveillance cameras at specific locations. These can be compared to existing legal databases on images, such as the SAPS Wanted List, which raises an alert if a wanted person is identified.

The key to the legal use of FaceCamAlert is that estates (or whoever uses it) have a clear purpose, from access control to crime prevention. Naturally, this type of solution is a legal minefield, and the company went to great lengths to ensure it could act as a third-party identification verification provider in a ‘many-to-many’ service.

Within the PoPIA framework, there are eight rules that information receivers and holders must adhere to:

1. Accountability.

2. Processing limitation.

3. Purpose specification.

4. Further processing limitation.

5. Information quality.

6. Openness.

7. Security safeguards.

8. Data Subject participation.

And that is only at a high level; using a solution like FaceCamAlert also requires legal opinion (from the company, and Janse van Rensburg recommends users check their usage adheres to the necessary legislation). Janse van Rensburg went into more detail on the legal and admissible uses of facial technology like FaceCamAlert.

As a cloud service, significant technology investment is required, both onsite and by the service provider(s), which is why a service-based solution is a better choice, as the costs are spread over a number of providers. FaceCamAlert uses NEC’s NeoFace Watch, a recognised facial biometrics leader.

NeoFace Watch can match faces from multiple camera feeds and archived video (for post-incident investigations, for example). It also boasts the ability to match low-resolution facial images, including images with resolutions down to just 24 pixels between the eyes.

Janse van Rensburg ended by showing some examples of how the solution works in practice, such as identifying people wearing masks or at obscure angles when the original images were maskless and ‘straight-on’ images. This also included matching faces on the SAPS watchlist based on cameras in public areas – once again, he stressed, all done legally.

Synergising security

Johan van Wyk.

Johan van Wyk, Sales and Marketing Director from Fang, spoke about harnessing technological advances for comprehensive estate protection. Breaking the process into five steps, he briefly explained what was required in each step, using examples to highlight his point. As Gallagher Security was the event’s Gold Sponsor, Van Wyk included a recent project completed by Fang, using Gallagher equipment, as part of his real-world example.

The first step is ensuring you have your foundation requirements in place, covering all the aspects of your security infrastructure. The aspects to cover start with power and communications. Then comes cameras, fencing, access control, alarm verification, and the kit in the control room to manage and record the output of the integrated systems.

Step two is integrated systems, where the estate must ensure all the kits installed in the areas of step one communicate with a central system, where they are managed efficiently and where any actions or responses are recorded for possible future operations. In this area, he spoke about Gallagher’s Command Centre, which integrates Gallagher’s products and third-party solutions into its management interface.

Van Wyk also stressed that communication is essential in estate security, from the equipment to the ability to let the right people know when an event occurs. Mobile apps can be a great assistant in keeping personnel informed and enabling residents to communicate with the security control room when required.

Another critical aspect of integrated systems is cybersecurity. Systems and people must be able to communicate securely, assured that their data and communications are safe from prying eyes or ears.

Step three is to use AI where needed and where it can make a difference. Understanding what AI can and can’t do is essential if it is to add value to security solutions (despite what vendors may claim). In AI, he includes its incorporation into on- and off-camera video analytics to ensure estates receive the best images, even in situations of bad weather or poor lighting.

Step four is human resources. You can have the most advanced control room in the world, but if you have the wrong staff that are not adequately trained and vetted, it won’t achieve much. The same applies to external security staff who, apart from their security job, must also act as points of liaison with people.

The final step is ROI (return on investment), which Van Wyk describes as the benefit of the implementation compared to the cost. His most important piece of advice is: Do not let budget lead your decisions. The most expensive system is the one you buy twice.

Cybersecurity for estates

Rob Griggs.

Rob Griggs from SecurityHQ Africa came to the party from the digital side, talking about cybersecurity and the need for more attention to this security area. While estate security normally focuses on the physical security field, cameras, access control, perimeter, and the like, all these systems communicate with a central control room, and increasingly with offsite services, making them targets for cybercrime.

Griggs started by defining a cybersecurity posture and the various threats facing estates (and everyone, in general). While most people focus on the network and computers as points vulnerable to cyberattack, he noted that the attack surface has expanded in the age of IT. Estates need to consider the following areas as ‘at risk’:

• Networks, hardware and software.

• Web sites.

• Social aspects like employees and their love for all things social media.

• Assets include PCs, phones, USB sticks, IoT devices, etc.

He followed this with a list of the top ten attack vectors cybercriminals use (the order and nature of which changes regularly). He then delved into the most significant threat the world faces at the moment: ransomware. Ransomware as a Service is common today, which sees cybercriminals ‘renting’ their malware to clients as a service, even going as far as manning a helpdesk to assist victims in paying their extortion fee.

Griggs offered a list of basic precautions to take, adding the various regulations that force compliance – one of them, naturally, being PoPIA. Far from being yet another law South Africans can ignore, the Information Regulator now has an enforcement team focused on ensuring the stipulations within PoPIA are adhered to.

We simply can’t escape the AI monster, so Griggs added some unpleasant facts about how AI is being used to enhance cybercriminals’ abilities and (fortunately) also how defenders are using it to optimise protection.

Estates always argue about security budgets, so adding cyber into the pot causes more dissent. Griggs finished with a cyber solution that does not require the estate to find its own cyber skills and manage onsite software – the managed security service provider (MSSP). The MSSP keeps up-to-date skills onboard and provides them as a service and a host of expensive cybersecurity software that would cost a fortune if bought by an estate. The benefit of an MSSP is, therefore, that it is an Opex expense.

MSSPs like SecurityHQ operate 24/7, meaning any events will be identified and addressed immediately. As a global operation, if the local team is overwhelmed, more skilled people in various time zones can be called in to assist.

The foundations for successful estate security

Vagn Nielsen.

After a lunch break, Vagn Nielsen, Group Estate Manager at Balwin Properties, gave the audience insights into how Balwin builds its huge properties by including security from the beginning of the project.

From the start, when beginning with the perimeter, the security team follows the groundwork, installing fibre along the perimeter as the basis for security communications (fibre is also provided to the units, which means that as the roads inside the property are constructed, the fibre team follows them). When completed, the walls and electric fencing will be ready, and poles for camera installations will also be placed.

A separate entrance is temporarily created for the service providers to enter and exit the property to allow for the construction of the gatehouses.

The server room is next, connecting all the fibre and networking gear, viewing screens in the gatehouse, booms, and gates. Then, cameras are installed at the gatehouse and entrances to cover all the ingress and egress points. They are also installed along the perimeter and wherever else is needed, such as positions to cover the parking areas, etc.

With fibre all over the estate, the cameras are also monitored 24/7 by offsite monitoring services offered by the security company that supplies the onsite guards.

Despite the electronic security, which is ready to go as soon as the units go on sale, the company also ensures that it limits the number of open gates at various times of the day. For example, all gates are open during peak hours. However, some lanes are closed off-peak to limit traffic and allow security personnel to maintain a better overview of gate activity.

SLAs, project management and other best practices

Johan Kruger.

Johan Kruger, CEO of Association Management Solutions, followed, talking about processes in estates and how these are often the reason for failures in the security and operational areas of the properties. He said HOAs must mainly set processes and rules to deal with the three Ps: people, pets and parking. However, many today have expanded that to children, residents, animals and parking (CRAP).

Another area to improve in the effort to standardise and ensure continuity is the HOA itself, which tends to see various people coming and going every year or two, with priorities or budgets changing, or both. Kruger describes this annual HOA cycle as follows:

• AGM.

• Election of directors.

• First BOD meeting.

• The estate manager survives or not.

• Service providers change.

• Previously approved projects are re-examined and cancelled.

• The budget process starts.

• Staff increases and bonuses are discussed, and mostly limited or denied.

• Legal actions of some sort start.

• Settle old scores.

• Resignation of directors.

• Concerned residents group starts.

• The next AGM comes around, and we revert to the first point.

To avoid this chaotic estate management, strategic plans must be in place for 18 to 36 months, and not changed at the whim of someone with a grudge. Priorities must be established (such as improving perimeter security, for example), and the directors must regularly provide feedback to owners.

Moreover, a request for proposal (RFP) must be issued as standard for any required project or service, even for smaller projects. The RFP must include the scope of work, the contract, and the service-level agreement (SLA).

While most estates are run by volunteers, apart from the salaried personnel, Kruger also highlighted some training initiatives and organisations promoting the efficient management of estates. The Professional Community Association Manager (PCAM) qualification, issued by the Community Association Managers Certification Board (CAMICB), offers a range of courses, from facilities management to community leadership, risk management and financial management. The Tshwane School for Business and Society provides a full range of courses.

Mitigating operational risks

Bruce Robertson.

Bruce Robertson, Executive Director at the Centre for Security Management Studies, ended the day’s presentations with a presentation titled Taming the Hydra: Mitigating your Operational Risks. He noted that corporate governance on estates is just as crucial as in commercial businesses, hence the reference to the Hydra, a monster in Greek mythology with multiple heads.

Robertson noted that Principle 11 of the King IV Report on Corporate Governance for South Africa states: “The governing body should govern risk in a way that supports the organisation in setting and achieving its strategic objectives.” In estates, this means managing risks, whether security or operational.

ISO 31073:2022 defines risk management vocabulary and states that risk is the “effect of uncertainty on objectives”, before going into more depth on what that means. It also defines risk management as “coordinated activities to direct and control an organisation with regard to risk”.

Continuing with the ISO standard, Robertson delved into the risk management process estate leaders should follow to ensure they can identify and implement processes to mitigate risks – with regular monitoring and review as part of the process. Another source of risk management education is the IEC 31010:2019 standard, which contains over 250 pages of techniques. Therefore, the need for an experienced risk professional to conduct risk assessments is apparent.

He went on to highlight a few of the areas estates need to focus on in their risk management efforts. These include:

• Crime/security risks.

• Environmental risks.

• Health and safety risks.

• Business continuity risks.

• Socio-economic risks.

• Regulatory/legal risks.

• In the estate environment, perhaps estate managers and security managers should also include mental health risks.

Risk management needs input from all team members involved, not only a member of the HOA or the security manager. Some job titles that must be included are:

• Management.

• Engineers, specialisation as appropriate.

• Technical staff.

• Supervisors.

• Operators.

• Maintenance staff.

• Safety staff.

• Contractors and suppliers.

• Lawyers.

• Someone who asks the silly questions.

Despite all the standards and sound advice, security solutions often fail. Robertson acknowledged this and referred attendees to a book by Dr Peter Speight on balancing the academic view of security with the realities of operational delivery: Why Security Fails.

Back in the mother city

This was the first SMART Estate Security Conference in Cape Town in several years, and it was a resounding success. SMART Security Solutions would like to thank all the delegates, sponsors, and speakers for their time and efforts in making the conference successful. We will definitely be back in 2025.

For more information on the sponsors, contact:

• Axis Communications, +27 11 548 6780, [email protected], www.axis.com

• DeepAlert, +27 21 201 7111, [email protected], www.deepalert.ai

• Fidelity Services Group, [email protected], www.fidelity-services.com

• Gallagher Security, +27 11 974 4740, [email protected], www.gallaghersa.co.za

• My Estate Life, +27 87 657 0003, [email protected], www.myestatelife.com

• Nemtek, +27 11 462 8283, [email protected], www.nemtek.com

Share this article:

Further reading: