28 April 2026
For decades, physical security has been governed by a familiar trade-off. If organizations wanted higher levels of protection, they typically had to accept slower throughput, higher operating costs, and increased friction for employees, customers, students, patients, and visitors. Metal detectors, bag checks, magnetometers, and guard-intensive screening checkpoints became the default tools for managing weapons risk in public and semipublic environments.
These systems worked—at least within the constraints of the era in which they were designed. But the environments that security leaders are now responsible for protecting have changed dramatically. Facilities are larger, foot traffic is heavier, expectations for convenience and dignity are higher, and liability exposure is more complex. At the same time, threats have become more dynamic and less predictable.
This creates a modern paradox: The very checkpoints intended to reduce risk can themselves introduce new forms of operational, safety, and reputational exposure.
Understanding—and resolving—this paradox requires security leaders to rethink how risk is defined, measured, and managed in high-throughput environments.
The Legacy of Checkpoint Thinking
Traditional screening systems were designed around technical limitations that required controlled movement and active participation by the individual being screened. People had to stop, remove items, divest belongings, walk through a scanner, and potentially submit to secondary screening. The architecture of security was therefore built around queues, lanes, and staffed checkpoints.
Over time, innovation focused on making these checkpoints faster or more accurate. However, security leaders rarely questioned the underlying assumption that stopping people was unavoidable. As a result, humans adapted their behavior and facility design to accommodate machines rather than the other way around.
For a long period, this model was acceptable. Traffic volumes were lower, public expectations were different, and liability environments were less complex. But in modern healthcare systems, corporate campuses, entertainment venues, transit hubs, and educational environments, the limitations of checkpoint-centric security have become increasingly apparent.
When Protection Creates New Risk
From a risk management perspective, checkpoints introduce several secondary exposures that are often underweighted in security planning discussions.
Crowd concentration and soft-target exposure. Queues naturally create dense gatherings of people in predictable locations. These concentrations can become attractive targets themselves, particularly in open environments where perimeter hardening is impractical. Congestion also complicates evacuation and emergency response.
Operational and liability exposure. Delays, discretionary screening decisions, and congestion increase the likelihood of confrontations, medical incidents, accessibility complaints, and claims of unequal treatment. As throughput increases, the probability of operational breakdown rises.
False positives at scale. High-volume screening environments amplify the operational cost of false alarms. Each unnecessary stop consumes staff time, disrupts flow, creates friction with occupants, and increases the risk of escalation or complaint. Even modest false positive rates can generate significant cumulative burden.
Experience and brand impact. Security friction increasingly affects customer satisfaction, employee retention, patient experience scores, and public perception. In sectors such as healthcare and higher education, perceived over-securitization can conflict with mission-driven cultures.
None of these risks appears on a traditional detection effectiveness scorecard, yet they materially affect enterprise risk exposure.
The Limits of Interdiction Metrics
Historically, physical security performance has been evaluated primarily on interdiction metrics: detection rates, alarm accuracy, and the number of prohibited items intercepted. While these metrics remain important, they represent a narrow dimension of overall risk.
A system optimized exclusively for maximum interdiction may unintentionally increase other forms of exposure. More aggressive screening often leads to higher friction, longer queues, increased staffing requirements, and greater opportunity for conflict or error. In some environments, marginal gains in interdiction come at a disproportionate operational cost.
From a governance perspective, this raises a critical question: Is the organization truly safer if a marginal increase in interdictions produces substantially higher operational risk?
Security leaders increasingly recognize the need for a more balanced framework—one that evaluates both threat reduction and the risks introduced by the screening process itself.
Toward a Balanced Risk Model
A more mature approach to physical security risk considers at least four interacting variables:
- Residual threat risk: the probability and impact of missed weapons or prohibited items
- Operational exposure: congestion, staffing strain, delays, and workflow disruption
- Liability and compliance risk: privacy concerns, accessibility issues, and inconsistent enforcement
- Human experience impact: dignity, trust, and organizational culture
The objective is not to eliminate all risk—an impossible task—but to optimize across these dimensions rather than maximizing a single metric at the expense of others.
This mirrors how mature enterprises evaluate cybersecurity, safety engineering, and financial risk—through portfolio optimization rather than singular performance indicators.
Technology as an Enabler, Not the Driver
Recent advances in passive sensing, artificial intelligence, and sensor fusion are enabling new approaches to physical screening that do not rely on stopping or channeling people through fixed checkpoints. Instead of forcing human behavior to adapt to machines, these technologies adapt detection capabilities to natural human movement.
The significance of this shift is not simply technological. It fundamentally alters the risk equation. Continuous, passive detection reduces queue formation, lowers staffing intensity, and minimizes behavioral disruption. It also opens the door to distributed detection models that scale more gracefully with volume.
However, technology alone does not solve governance challenges. Security leaders must still evaluate:
- How data are collected, processed, and retained
- How privacy and transparency are maintained
- How alerts are operationalized responsibly
- How systems integrate with existing response workflows
- How outcomes are measured beyond raw detection statistics
The transition away from checkpoint-centric security requires thoughtful policy, stakeholder engagement, and performance management—not just new equipment.
Implications for Security Leaders
For CSOs, chief risk officers, and enterprise risk leaders—including the CEO—the modern security paradox presents several strategic implications. Here are some measures to consider.
Reframe success metrics. Move beyond interdiction counts and detection percentages. Incorporate operational impact, incident escalation rates, queue dwell times, complaint volumes, and staffing efficiency into performance dashboards.
Engage cross-functional stakeholders early. Facilities, legal, HR, compliance, operations, and communications teams all have legitimate interests in how screening systems affect daily operations and public perception. Early alignment reduces downstream friction.
Evaluate risk holistically. Consider how security controls alter the overall risk surface of the facility, including unintended consequences. Conduct tabletop exercises that model congestion scenarios, equipment failures, and human interactions.
Design for adaptability. Threat environments evolve. Screening architectures should allow for scaling, redeployment, and integration with future capabilities rather than locking organizations into rigid infrastructure.
Communicate transparently. Trust is a security asset. Clear communication with employees or visitors about why screening exists, how privacy is protected, and how concerns are addressed strengthens organizational resilience.
The End of the Checkpoint Era?
Checkpoint-based screening will not disappear overnight. Certain environments and threat profiles will continue to require controlled access points. But the assumption that security must always interrupt human flow is increasingly being challenged.
As detection technologies mature and risk frameworks evolve, organizations gain the opportunity to move from a stop-and-check paradigm toward a more seamless, intelligence-driven model—one that aligns safety objectives with operational excellence rather than forcing a compromise between the two.
The real transformation is not technological. It is conceptual. It requires leaders to recognize that safety and efficiency are no longer mutually exclusive goals. Risk must be measured across the full cycle of human experience, not solely at the moment of interdiction.
Security has always been about managing trade-offs. The modern paradox is that clinging to legacy trade-offs may now represent the greatest risk of all.
Ralph Clark is president and CEO of SoundThinking Inc., the California-based creator of ShotSpotter gunshot detection and other public safety technologies, including SafePointe weapons detection.
http://www.asisonline.org/security-management-magazine/articles/2026/04/modern-paradox-checkpoints/