Security Consultant Conflict of Interest

Author: John Honovich, Published on Mar 07, 2011

While security consultants should be totally committed to the needs of their customers, many fear that manufacturers have undue influence on consultant specifications. In this report, we examine those concerns and highlight a case where Axis recently paid for an extravagant Caribbean Cruise to 'educate' security consultants.

Role of Security Consultants

Medium to large projects in the physical security industry are often designed by security consultants, Architects or Engineers. Security managers depend on consultants to help find and plan the best solution.

Consultants are extremely powerful. Their decisions routinely impact hundreds of millions in security spending each year. The designs they select, the specifications they include and often the products they require all shape which manufacturers win and lose.

Manufacturer Motivation

Given the powerful role consultants have, manufacturers are hugely motivated to influence them. Almost all large manufacturers have sales teams dedicated to 'educating' and 'helping' consultants. The amount of help ranges from the benign (specs, webinars and whitepapers) to the dangerous (vacations, sporting events, even occasionally outright kickbacks). 

Concerns About Consultants

In our experience, security consultants are generally not well respected. Being a consultant demands greater expertise and stronger independence than most other roles. The inability of many consultants to live up to these higher standards is the likely cause of this disrespect.

Below are a few recent comments about security consultants that are representative of the frustration we hear:

  • Their knowledge: "Most I have worked with have very limited experience with security and are interested in finding someone who knows what they are doing that can assist them."
  • Working with them: "The best way to influence what ends up on the spec seem to be to offer to do the design work for them, spend money on them, or a combination of both."
  • "I assume all A&E's and sadly, even security consultants, are morons until they prove otherwise. I can count on one hand the people whose knowledge I respect."

The most consistent theme we hear is how little most security consultants know about the systems they specify - especially technologies like IP video surveillance. Manufacturers work hard to fill / exploit this knowledge gap.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Manufacturer Events

For decades, across technology sectors, manufacturers have run events to 'help' and 'educate' consultants. Often, these are as simple as 'lunch n learns' where the manufacturer pays for sandwiches and delivers a short presentation. Sometimes, the events are expanded into a full day workshop or series of sessions.

The pinnacle of these events is the multi-day off-site gathering where manufacturer can mix business and pleasure. While manufacturers generally pay all (or almost all) expenses, the cost is certainly worth the influence gained. Being able to become friends not only with the consultants but with their wives over the course of multiple days is a powerful sales advantage.

Axis A&E Summit Examined

Like many manufacturers, Axis holds periodic events to educate security consultants. The recent Axis 2011 A&E Event, including a 3 day Caribbean Cruise and excursions to multiple Bahama Islands, is particularly extravagant.

Here is an overview / breakdown of business and free time for the conference:

  • 3 and 1/2 days total
  • morning training / education sessions (13 hours total)
  • Afternoon: free time - cocktails, dinner, land excursions to Bahamas, etc.

Axis covered the following costs:

  • 1 night at luxurious first class resort
  • 3 days and nights on Caribbean Cruise Ship
  • Meals and cocktails (including 4 dinners)
  • Land Excursions to islands in the Bahamas
  • Includes Guest accomodations, Axis hosted meals, receptions and pre-planned excursions

Airfare was not included. We estimate Axis paid approximately $1,500 per consultant for the accomodations, meals, drinks and excursions (including costs for consultant and guest).

The event drew a sizable crowd as shown in their Event group photo.

We shared our concerns with Axis and asked them for feedback and input on the event. Here is their response:

"Multi-day events are more effective because attendees have the time to ask detailed questions, provide feedback and network with other experts and partners in the field. For Axis, we received valuable feedback that will go directly to the R&D teams. For the consultants, they received approximately 5 hours of sessions each day, with time slotted for ASIS course credits, feedback sessions, and partner technology showcases from 13 other companies. Also, each evening, specific networking receptions were scheduled so that attendees had opportunities to meet and have deeper discussions with fellow industry experts, Axis partners, and management.

The main reason we chose the cruise was because Royal Caribbean has an extensive IP camera installation on board this ship and it provided the perfect venue to show a real-world scenario, which was used throughout different sessions. While Royal Caribbean is an Axis end-user, not all cameras on board were from Axis – so it gave an example of the openness that can be achieved with network video."

Ethical Concerns of the IAPSC

We asked a leading Security Consultant organization, the IAPSC, for input on these practices. The IAPSC provides guidelines on consultant practices and allows some expenses to be paid by manufacturers during education events. We asked them for clarification on what expenses and how far manufacturers can go:

"The IAPSC's guidelines for independence allow for manufacturers to pay for simple items, such as lunch, during the course of education events. However, our guidelines do not allow for manufacturers to pay for extended trips, vacations, expenses for guests, etc. Such activities would be reviewed as potential ethical violations."

- Norman Bates, President of the IAPSC

The Conflict

Users trust security consultants to deliver the best solution for the user's needs. A clear expectation exists that the consultant's interests are aligned with user's interests. 

A conflict of interest arises when:

  • Contrary interests provide gifts or compensation to the consultant
  • The consultant develops personal relationships or friendships with the members of the contrary interest

Both of these conflicts are clearly happening in the Caribbean Cruise. Regardless of what education occurs, the event is intimately bundled with activities that raise conflicts.

Everyone Loses ... But Big Manufacturers

When the ante to 'educate' consultants is raised to giving away vacations, the only organizations that can pay hundreds of thousands to do this is very large manufacturers. The outcome is simple and obvious: the 'education' of consultants is biased to the interests and abilities of these companies. Small manufacturers, integrators and other industry members will struggle to get their voice heard as consultants minds and bellies are filled by the biggest manufacturer's largess.

 

1 report cite this report:

Top 12 Reports for 2011 on Dec 25, 2011
Here are our top 12 reports for 2011, starting with the state of the surveillance industry: 2012 Video Surveillance Guide - Key trends reviewed...

Related Reports on Criticism

Dahua Forbes 'Next Web Crisis' Vulnerability Dispute on Nov 16, 2017
The buffer overflow vulnerability in Dahua products is not in dispute, in fact we covered it when it was first published. What is in dispute is...
Hikvision China Criticizes The WSJ on Nov 15, 2017
Hikvision, through the Chinese government's authoritative news service, has criticized the WSJ investigation into Hikvision. In this...
WSJ Investigates Hikvision on Nov 13, 2017
The Wall Street Journal (WSJ) has released a detailed investigation into Hikvision's government ownership and cybersecurity problems, hitting the...
Ingram Micro: The Blind Lead The Blind on Nov 02, 2017
Ingram Micro, as a huge as they are overall, with $40+ billion in annual sales, has never been a force in physical security, despite, or perhaps...
Deceptive ASIS Attendance on Oct 06, 2017
ASIS is being deceptive with its conference reporting, effectively inflating the event's real actual attendance. What they try, but struggle to...
'Clowns' Allege Ubiquiti 'Completely Fraudulent' on Sep 20, 2017
A short seller has alleged Ubiquiti is 'completely fraudulent'. Ubiquiti's CEO has responded calling them 'clowns'. Here is the short...
Cloud Guy Prints Book, Misses Irony on Sep 15, 2017
On-premise security systems are dead. But $75 print books are alive and well. Such are the lessons from Brivo's CEO new book "The Five...
The 3 Most Outstanding Security Manufacturers (OSPAs) Make No Sense on Sep 08, 2017
The Outstanding Security Manufacturer finalists (US edition) are here: And if you are wondering, "How did those 3 get chosen?" then you are...
Hikvision Happy With Bad Security Unless Hit With Bad Press on Aug 28, 2017
Hikvision is happy to have bad cyber security unless they are hit with bad press, as we detail inside. When you look at the pattern of their...
‘Experts' Fail On Dumbo IP Camera ‘Hack' on Aug 24, 2017
Dumbo, revealed by Wikileaks, has become big news. Unfortunately, 'experts' in the security industry have gotten it wrong, incorrectly contending...

Most Recent Industry Reports

Panasonic Unified Surveillance Strategy Analyzed on Nov 17, 2017
Panasonic is now a "Unified Surveillance" offering, as their ASIS 2017 booth proclaimed: Looking to make a comeback in the security industry,...
Amazon Cloud Cam Is Poor (Tested) on Nov 17, 2017
Retail behemoth Amazon has entered the surveillance market with the Amazon Cloud Cam, the eyes of its just-announced Amazon Key delivery...
Nest Secure Alarm System Tested on Nov 16, 2017
Google's expansion continues, this time into home security with their Nest subsidiary's move into alarm systems. They paid more than a...
Dahua Forbes 'Next Web Crisis' Vulnerability Dispute on Nov 16, 2017
The buffer overflow vulnerability in Dahua products is not in dispute, in fact we covered it when it was first published. What is in dispute is...
Isonas Cofounders Split, Launch Partner/Competitor on Nov 16, 2017
Breaking up is hard to do, especially when door access security is at stake. But that is exactly what has happened at Isonas. Senior employees...
Hikvision China Criticizes The WSJ on Nov 15, 2017
Hikvision, through the Chinese government's authoritative news service, has criticized the WSJ investigation into Hikvision. In this...
PoE UPS Tested (Energy Reconnect) on Nov 15, 2017
In security, backup power is important, but most often requires UPS systems or extra cabling to devices for low voltage power. Now, some have...
Axis Commits To Long-Term Firmware Support on Nov 15, 2017
With the rise of cyber security awareness, and a general increase in hardware reliability, "software warranties" may prove more valuable than...
Hikvision NVR 4.0 Improvements Tested on Nov 14, 2017
Hikvision has released firmware version 4.0 for select NVRs, touting two years of research and development, and claiming "the new generation GUI...
Vivotek Remote Stack Overflow Vulnerability on Nov 14, 2017
A stack overflow vulnerability in Vivotek cameras has been discovered by bashis, the security researcher who has also found vulnerabilities in...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact