First Convergence Casualty

June 1, 2007

Business and security executives want innovative solutions to help them be more competitive, to meet policy and regulatory requirements more efficiently, and to mitigate risk more effectively by promoting collaboration between physical security, IT, compliance, business continuity, and privacy teams. So what can an executive learn from the demise of an innovative service provider that tried to bring these groups together?

The first startup to pursue the security convergence dream – and fail – goes down in history as either an idea ahead of its time, or a good idea with bad execution – or maybe just a bad idea. The first sign of the looming tragedy came when the company selected its name.

Ahead of Its Time

The idea behind the business was to provide hosted, managed security services – basically outsourcing event management and surveillance from the command center to a secure facility in Colorado where SCO was based. The idea had merit – and strong backing. Mega-integrator SAIC had tried unsuccessfully a few times in the past to build a private sector-focused business to complement their tremendous government client base. This time, SAIC supported the 3rd party company, making SCO a SAIC premier reseller and even endowing the new company with a few key SAIC employees.

SecConOne went belly up this spring despite having the technical competence to deliver solutions, a solid business partner, visionary investors, and pretty darn good sales folks. The website links no longer work and there is only a static homepage with no available contact information – also, no executives have responded to my requests for comment. The company failed, I believe, because it was disconnected with the customer. The security director, the IT security manager, the CIO and the facilities head all could see value in the services that SCO offered. The ROI was plain enough – using outside contractors instead of maintaining a command center facility with multiple headcount – but SCO could never communicate the value proposition in a way that ALL the players could embrace. Pitching a “convergence” service doesn’t fly unless the customer already has a “convergence” attitude.

Business Case First

Security directors should always seek a compelling business case when considering new products or services just as IT managers and compliance directors do. But each executive will want the story to be customized and for the ROI to measured against his or her own budget. Selling “convergence” is therefore a tricky art.

Here are the criteria I look for when evaluating a security vendor selling any product or service related to identity management (people and their privileges) or event management (what’s happening and how to respond) utilizing software or networking.

Technology – Utilizes a common, standard software platform and communications protocols (such as Linux, .Net, Java, XML, SNMP, etc); Common and reliable CPUs, standard IP networking equipment.

Management – The product lends itself naturally to IT best practices regarding work flow, policy compliance, and change management.

Interoperability – Integrates well with standard IT processes and policies regarding memory, storage, backup, etc. Interoperates with TCP/IP network equipment and/or business software platforms

Integration – Integration personnel or partners have IT skills and/or certifications. Utilizes standard interfaces (web services, XML, USB, Ethernet, etc), with published APIs or open source software as appropriate.

Documentation – Written in a style familiar to IT personnel.

Marketing – Oriented toward the IT buyer as well as the security buyer. Sales and marketing staff are familiar with standard IT management requirements and preferences. Sales may be made directly with IT departments.

Security – Stable and internally secure. Not prone to crashing. Coded with standard error handling. Not vulnerable to hacks, memory leaks, buffer overflows.

Customer Satisfaction – Existing customers actually utilize the IT-friendly features.

Integrators and technology manufacturers that think convergence is a goldmine of new opportunity are not mistaken. It certainly is. But yesterday’s sales pitches and last century’s technologies are not sufficient to strike gold in these hills.

Steve Hunt is founder of the Chicago-based research firm, 4A International, www.4ai.com. Contact him at info@4ai.com or visit his blog, www.SecurityDreamer.com.

SecurityDreamer is growing up fast. Since lauching Security- Dreamer in November 2006, readership has steadily grown. According to Hunt, he has recently added a daily email with recent updates. The site will soon feature more IT and IT security content -- especially information that relates to collaboration and communication across the lines of physical and homeland security with IT.

SecurityDreamer will host forums, or discussion boards, for topics like intelligent video, PSIM, security management best practices, endpoint security, FIPS 201 and needed technology standards. Watch for a Wiki, too. We are even going to list more than a hundred vendors and invite your comments on each.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

First Convergence Casualty

Ahead of Its Time

Business Case First

Recent Articles by Steve Hunt

Business vs. Sales 101

Are You Us? Or Are You Them?

Twitter, Chrome, Wiki and the New Lingo of Security

Veni, Vidi, Vici Analytics: But Who Will Really Conquer?

Security Magazine

2020 October

First Convergence Casualty

Ahead of Its Time

Business Case First

Recent Articles by Steve Hunt

Report Abusive Comment