Top 5 Mistakes IT People Make in Physical Security
IT convergence creates high anticipation and anxiety. New people entering physical security is one of the most emotional. The security systems market is a lot like Las Vegas - growing quickly, few of us are actually natives of the security industry; Over the last decade, most of us have migrated from IT (including myself).
A lot of the debate centers around whether IT will save or destroy physical security. Certainly Cisco is the most visible representation of this issue but the same concern arises each time major new IT companies or executives enter the space. This week, traditional leader Pelco hired an executive from Nortel, last month a video surveillance company hired an executive from Apple. By contrast, IP market leader Axis has recently hired a string of security system executives from Lenel [link no longer available], Honeywell [link no longer available] and Panasonic [link no longer available].
Not Primarily a Conflict Between IT and Security
From reviewing dozens of video surveillance companies, I think the perceived conflict between IT and Security is misleading. While there is certainly tension among companies and inside of companies, that's usually not the root cause.
Security vs. Other Business Units
Most industry people have heard the expression that "security is a cost center." I think this is valid but incomplete in describing the challenges for security.
Business activities that do not generate revenue certainly have harder times justifying projects. This should not be overlooked However, security is not alone as a cost center - so is accounting and HR. This does not stop these other business units from commanding and deploying expensive IT projects.
Security Deals with Rare and Frequently Hard to Predict Events
Organizations tend to prefer funding projects that show tangible results. Security projects frequently cannot accomplish this (no way to show greater sales plus it's hard to show losses prevented).
When you cannot clearly show results, spending tends to be limited and driven emotionally. For instance 9/11 is an extreme example of the spending variation that occurs in security. It's difficult to predict many security incidents (especially the most damaging) so before one occurs, you generally see significant under-investment in security. Then as soon as an event does occur, organizations over-compensate and flood spending into security. This makes security very sensitive to booms and busts (a bust I believe we could face in the next few years unless a new security threat emerges). It also makes it very easy for organizations to cut spending on security when faced with budget cuts.
Small Security Organizations and Limited Losses To Reduce
Because security is a cost center and because it's often hard to predict security incidents, many security organizations are small and underfunded. This is certainly an aspect that outsiders have great difficulty accepting.
Making things more difficult is that security losses are generally fairly limited. That is to say, most organizations do not have much losses and those that do are not easy to address. Specifically, even when you look at retail (where total dollar loss is high), addressing that loss with video surveillance technology is very difficult to achieve.
This is why advocating video surveillance to help operations and marketing is so desired by vendors. The problem is that no one in video surveillance has yet built a large mainstream business doing this. All attempts have either failed or are still trying to solve this 'holy grail' problem.
The State of Physical Security
As a whole, physical security typically has:
- no ways to make money for an organization
- limited losses to reduce
- limited staff to cut
- Not Realizing How Tight Budgets Can Be
- Expecting Spending to Go Up Because IT is Involved
- Not Understanding How Long the Sales Process Can Take
- Expecting Rapid Change
- Being Arrogant
The final issue I see repeatedly is the level of arrogance from IT people entering physical security. One element of this is systematic misunderstanding or blindness to the issues above. IT people again and again think they can rapidly disrupt or change physical security despite the fact that people have been trying unsuccessfully for more than a decade. It comes off as arrogance and can hurt in relationship building with veterans (colleagues, partners or customers) who appreciate these issues first-hand.