Top 5 Mistakes IT People Make in Physical Security

JH
John Honovich
Published Mar 19, 2009 04:59 AM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

IT convergence creates high anticipation and anxiety. New people entering physical security is one of the most emotional. The security systems market is a lot like Las Vegas - growing quickly, few of us are actually natives of the security industry; Over the last decade, most of us have migrated from IT (including myself).

A lot of the debate centers around whether IT will save or destroy physical security. Certainly Cisco is the most visible representation of this issue but the same concern arises each time major new IT companies or executives enter the space. This week, traditional leader Pelco hired an executive from Nortel, last month a video surveillance company hired an executive from Apple. By contrast, IP market leader Axis has recently hired a string of security system executives from Lenel [link no longer available], Honeywell [link no longer available] and Panasonic [link no longer available].

Not Primarily a Conflict Between IT and Security

From reviewing dozens of video surveillance companies, I think the perceived conflict between IT and Security is misleading. While there is certainly tension among companies and inside of companies, that's usually not the root cause.

Security vs. Other Business Units

Most industry people have heard the expression that "security is a cost center." I think this is valid but incomplete in describing the challenges for security.

Business activities that do not generate revenue certainly have harder times justifying projects. This should not be overlooked However, security is not alone as a cost center - so is accounting and HR. This does not stop these other business units from commanding and deploying expensive IT projects.

Security Deals with Rare and Frequently Hard to Predict Events

Organizations tend to prefer funding projects that show tangible results. Security projects frequently cannot accomplish this (no way to show greater sales plus it's hard to show losses prevented).

When you cannot clearly show results, spending tends to be limited and driven emotionally. For instance 9/11 is an extreme example of the spending variation that occurs in security. It's difficult to predict many security incidents (especially the most damaging) so before one occurs, you generally see significant under-investment in security. Then as soon as an event does occur, organizations over-compensate and flood spending into security. This makes security very sensitive to booms and busts (a bust I believe we could face in the next few years unless a new security threat emerges). It also makes it very easy for organizations to cut spending on security when faced with budget cuts.

Industry insights delivered to your inbox weekly.

Sign up to get notified of new reports, investigations, research and more.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Small Security Organizations and Limited Losses To Reduce

Because security is a cost center and because it's often hard to predict security incidents, many security organizations are small and underfunded. This is certainly an aspect that outsiders have great difficulty accepting.

Making things more difficult is that security losses are generally fairly limited. That is to say, most organizations do not have much losses and those that do are not easy to address. Specifically, even when you look at retail (where total dollar loss is high), addressing that loss with video surveillance technology is very difficult to achieve.

This is why advocating video surveillance to help operations and marketing is so desired by vendors. The problem is that no one in video surveillance has yet built a large mainstream business doing this. All attempts have either failed or are still trying to solve this 'holy grail' problem.

The State of Physical Security

As a whole, physical security typically has:

  • no ways to make money for an organization
  • limited losses to reduce
  • limited staff to cut

This is why IT people frequently come to hate the physical security market and want to get out of it. Unlike other business functions, there are few ways to immediately improve business results.

This does not mean that you cannot make money in physical security. It's just that it is not as easy and not as responsive to techniques used in other business units.

The Top 5 Mistakes

Given this situation, here are the 5 top mistakes I see made:
  • Not Realizing How Tight Budgets Can Be
  • Expecting Spending to Go Up Because IT is Involved
  • Not Understanding How Long the Sales Process Can Take
  • Expecting Rapid Change
  • Being Arrogant

Budgets in security are tight and it's hard to allocate additional funds (with the massive exception of anti-terrorism funding). Even if you present 'better' products or solutions, it is difficult even for Fortune 500 companies to find significantly more funding.

To overcome this, IT people often talk about selling ROI and complain about security people's unsophistication in understanding value based selling, etc. The irony is that regardless of the financial model you use, it's hard to justify increased spending because of the limitations within security (described above). Organizations spend little on security not because of the security department but because the activity of security is difficult for most organizations to justify more spending on. Regardless of who issues the PO, it will be hard to justify spending more unless it increases benefits to the organization.

For projects where money is tight, it often frequently takes a long time to get money approved. This creates another problem that IT is not as accustomed to - long sales cycles even for relatively small deals (under $100,000 USD). Because security systems rarely make big immediate impacts or enable revenue growth, the pace of approval and deployment tends to be slow.

When you take slow sales cycles and limited abilities to disrupt, this results in a long process of incremental change. No one can come into the security industry and make wholesale changes in a few years (Cisco is in year 3 and is still figuring out the basics). Look at Axis - an amazing success story for the physical security market. They are in year 13 in the industry and still have less than 10% share of video surveillance cameras. Even the most successful companies in video surveillance can only penetrate slowly.

The final issue I see repeatedly is the level of arrogance from IT people entering physical security. One element of this is systematic misunderstanding or blindness to the issues above. IT people again and again think they can rapidly disrupt or change physical security despite the fact that people have been trying unsuccessfully for more than a decade. It comes off as arrogance and can hurt in relationship building with veterans (colleagues, partners or customers) who appreciate these issues first-hand.

Recommendations

Lots of people have successfully made the transition from IT to physical security. While you can certainly change the industry, you need to accept the challenges and constraints specific to the physical security industry. Patience and persistent are much more likely to help you win than disruption.