If you ask most physical security leaders whether compliance matters, the answer is clear: Of course it does.
Tasks like firmware updates, password rotations, certificate management, and end-of-life planning used to be IT issues. Not anymore. Today they are operational risk factors that directly impact security posture. So why is it that so often, many of these tasks aren’t being consistently addressed (or even addressed at all, in many companies)?
SecuriThings’ 2026 Physical Security Trends Report sheds some light on this and other critical issues facing physical security teams in 2026 and beyond.
Among our findings, we consistently heard that security teams are struggling with device management and compliance because they simply don’t have tools designed for proactive compliance at scale.
Confidence in Existing Tools Is Alarmingly Low
We asked physical security professionals across North America how confident they are that their current tools are sufficient to manage and maintain device health and compliance at scale.
The responses tell a clear story: just 2% felt “fully confident” in those tools. In other words, almost no one believes their current stack is fully equipped for large-scale compliance management.
This is an unequivocal signal that the operating model for device security may not match today’s demands.
Remediation Isn’t What it Should Be Either
When we drilled down into specific compliance challenges – such as addressing outdated firmware, weak or aging passwords, and end-of-life/end-of-service devices – confidence is sorely lacking:
- 59% are only slightly confident
- 37% are moderately confident
- Just 3% are fully confident
These are core security maintenance tasks – the very safety of your company hinges on these devices working properly and being protected from hackers. And yet the overwhelming majority of teams don’t feel well-equipped to handle them at scale.
The Root Issue: Reactive Tools vs. Continuous Control
When we asked respondents where current physical security tools fall short in supporting compliance efforts, they pointed to two consistent themes:
- Limited automation for routine compliance tasks (76%)
- Reactive rather than proactive monitoring (73%)
Most physical security teams rely on VMSs or other platforms that were built to monitor events, not to continuously manage device posture across hundreds or thousands of distributed assets.
These tools are indeed critical to any physical security organization. But they were not designed for continuous, proactive compliance enforcement across distributed fleets. And security teams feel that lack every day.
The Industry Is Shifting, But Technology Hasn’t Fully Caught Up
Physical security operations are increasingly expected to align with IT standards. That means:
- Continuous device health monitoring
- Centralized policy enforcement
- Automated remediation workflows
- Audit-ready reporting
But much of the existing tooling landscape was designed for a different era, one that was focused primarily on video management, access events, and local system configuration.
As a result, teams are trying to “make do” as best they can with the tools available. The problem is it’s not quite cutting it, and they’re painfully aware of that fact.
Are your tools built for continuous compliance? Can you proactively detect and remediate risk across all sites? Do you trust your stack to handle the next audit, vulnerability wave, or policy shift?
If you’re like most physical security teams, then right now, based on the data, you’re not where you want to be – and you’re not alone.
What Comes Next
The confidence gap highlighted here is just one piece of a broader story about how physical security teams are evolving their operating models to meet modern compliance and risk expectations.
We explore what’s driving this lack of confidence and what differentiates the small minority of organizations that feel equipped for proactive compliance at scale in the 2026 Physical Security Trends Report. Download it here for the latest industry insights.
