Security Consultant Conflict of InterestBy: John Honovich, Published on Mar 07, 2011
While security consultants should be totally committed to the needs of their customers, many fear that manufacturers have undue influence on consultant specifications. In this report, we examine those concerns and highlight a case where Axis recently paid for an extravagant Caribbean Cruise to 'educate' security consultants.
Role of Security Consultants
Medium to large projects in the physical security industry are often designed by security consultants, Architects or Engineers. Security managers depend on consultants to help find and plan the best solution.
Consultants are extremely powerful. Their decisions routinely impact hundreds of millions in security spending each year. The designs they select, the specifications they include and often the products they require all shape which manufacturers win and lose.
Given the powerful role consultants have, manufacturers are hugely motivated to influence them. Almost all large manufacturers have sales teams dedicated to 'educating' and 'helping' consultants. The amount of help ranges from the benign (specs, webinars and whitepapers) to the dangerous (vacations, sporting events, even occasionally outright kickbacks).
Concerns About Consultants
In our experience, security consultants are generally not well respected. Being a consultant demands greater expertise and stronger independence than most other roles. The inability of many consultants to live up to these higher standards is the likely cause of this disrespect.
Below are a few recent comments about security consultants that are representative of the frustration we hear:
- Their knowledge: "Most I have worked with have very limited experience with security and are interested in finding someone who knows what they are doing that can assist them."
- Working with them: "The best way to influence what ends up on the spec seem to be to offer to do the design work for them, spend money on them, or a combination of both."
- "I assume all A&E's and sadly, even security consultants, are morons until they prove otherwise. I can count on one hand the people whose knowledge I respect."
The most consistent theme we hear is how little most security consultants know about the systems they specify - especially technologies like IP video surveillance. Manufacturers work hard to fill / exploit this knowledge gap.
For decades, across technology sectors, manufacturers have run events to 'help' and 'educate' consultants. Often, these are as simple as 'lunch n learns' where the manufacturer pays for sandwiches and delivers a short presentation. Sometimes, the events are expanded into a full day workshop or series of sessions.
The pinnacle of these events is the multi-day off-site gathering where manufacturer can mix business and pleasure. While manufacturers generally pay all (or almost all) expenses, the cost is certainly worth the influence gained. Being able to become friends not only with the consultants but with their wives over the course of multiple days is a powerful sales advantage.
Axis A&E Summit Examined
Like many manufacturers, Axis holds periodic events to educate security consultants. The recent Axis 2011 A&E Event [link no longer available], including a 3 day Caribbean Cruise and excursions to multiple Bahama Islands, is particularly extravagant.
Here is an overview / breakdown of business and free time [link no longer available] for the conference:
- 3 and 1/2 days total
- morning training / education sessions (13 hours total)
- Afternoon: free time - cocktails, dinner, land excursions to Bahamas, etc.
Axis covered the following costs [link no longer available]:
- 1 night at luxurious first class resort
- 3 days and nights on Caribbean Cruise Ship
- Meals and cocktails (including 4 dinners)
- Land Excursions to islands in the Bahamas
- Includes Guest accomodations, Axis hosted meals, receptions and pre-planned excursions
Airfare was not included. We estimate Axis paid approximately $1,500 per consultant for the accomodations, meals, drinks and excursions (including costs for consultant and guest).
The event drew a sizable crowd as shown in their Event group photo [link no longer available].
We shared our concerns with Axis and asked them for feedback and input on the event. Here is their response:
"Multi-day events are more effective because attendees have the time to ask detailed questions, provide feedback and network with other experts and partners in the field. For Axis, we received valuable feedback that will go directly to the R&D teams. For the consultants, they received approximately 5 hours of sessions each day, with time slotted for ASIS course credits, feedback sessions, and partner technology showcases from 13 other companies. Also, each evening, specific networking receptions were scheduled so that attendees had opportunities to meet and have deeper discussions with fellow industry experts, Axis partners, and management.
The main reason we chose the cruise was because Royal Caribbean has an extensive IP camera installation on board this ship and it provided the perfect venue to show a real-world scenario, which was used throughout different sessions. While Royal Caribbean is an Axis end-user, not all cameras on board were from Axis – so it gave an example of the openness that can be achieved with network video."
Ethical Concerns of the IAPSC
We asked a leading Security Consultant organization, the IAPSC [link no longer available], for input on these practices. The IAPSC provides guidelines on consultant practices and allows some expenses to be paid by manufacturers during education events [link no longer available]. We asked them for clarification on what expenses and how far manufacturers can go:
"The IAPSC's guidelines for independence allow for manufacturers to pay for simple items, such as lunch, during the course of education events. However, our guidelines do not allow for manufacturers to pay for extended trips, vacations, expenses for guests, etc. Such activities would be reviewed as potential ethical violations."
- Norman Bates, President of the IAPSC [link no longer available]
Users trust security consultants to deliver the best solution for the user's needs. A clear expectation exists that the consultant's interests are aligned with user's interests.
A conflict of interest arises when:
- Contrary interests provide gifts or compensation to the consultant
- The consultant develops personal relationships or friendships with the members of the contrary interest
Both of these conflicts are clearly happening in the Caribbean Cruise. Regardless of what education occurs, the event is intimately bundled with activities that raise conflicts.
Everyone Loses ... But Big Manufacturers
When the ante to 'educate' consultants is raised to giving away vacations, the only organizations that can pay hundreds of thousands to do this is very large manufacturers. The outcome is simple and obvious: the 'education' of consultants is biased to the interests and abilities of these companies. Small manufacturers, integrators and other industry members will struggle to get their voice heard as consultants minds and bellies are filled by the biggest manufacturer's largess.