Lately, the things I have read regarding the industry rarely relates to the conversations I have with CSOs, COOs and risk management executives. When I tell this to manufacturers, frequently, they squirm and declare that they know their customer better than anybody. Maybe so. But that would simply mean that the CSO, COO or risk management executives I’m talking to and not their customers.
Maybe these vendors are content selling to facilities managers and the security directors who’ve been buying access control and DVRs for years. That would make sense. Those folks are competent security professionals who understand the technical and procedural requirements of access and surveillance. So of course the vendors enjoy selling access and surveillance equipment and services to this crowd.
But then why do executives think things look askew?
Two reasons: Because neither the vendors nor the security directors have been successful describing the business value of specific security initiatives in terms of measured economic impact; and because neither the vendors nor the security directors think of physical security departments as business units. Therefore, they feel no need to use business language, set up common business processes, and report on metrics the way other business units do.
Small Expectations?It could simply be a matter of not selling high enough. The senior executives tell me that they see physical security as essentially screwed up. “How did physical security get so messed up” was the exact quote of one of these execs last week, after he investigated the processes of risk management in his very large corporation.
He expected to find a business unit with standard processes for setting goals and quantifying performance metrics. Instead, he saw a 1970s police department with what he described as an archaic operation of “security for the sake of security.”
“How do the words ‘command and control’ fit into my business?” he exclaimed with frustration.
In short, physical security is not run like a business, from the business executive’s point of view. It is run like a police department, or a military base. There is nothing wrong with that, intrinsically, of course. Law enforcement and military operations are very effective for managing risk – if your organization is a city or university or war zone. If we are talking about a business, however, security should be run differently. It should be run like a business.
Do They Get It?Vendors don't get that, it seems. So they don't sell that message, which often also means they don't create products that enable security directors to run a business.
Here are my three humble suggestions for security executives to do right now when attempting to solve the real problems faced by their companies:
1. Request solutions in terms of business service management. Ask for sound, believable measurements of ROI (return on investment), TCO (total cost of ownership) and overall economic impact for each solution. Have your vendor map out every major function of its product to specific business requirements. Basically, you want to empower yourself with the message of business value up the ladder.
2. Have your superior sign off on the system. If you can't convince your COO that this is the best product or system to purchase, then maybe you shouldn't be buying it at all. My point is that a product or service purchased in the organization should be valued and appreciated by the COO. If it's not, then one of two things is wrong: your overall goal or the product specifications. Investigate new business development methods to propel an idea to senior executives. You'll save money for your company in the end, and you'll help solve bigger problems at the same time.
3. Figure out the relative weights of your requirements; that's when you'll be able to see how closely the product you're looking to buy might actually solve the problem at hand. Some features are more important than others. Work with your integrator and manufacturer to figure out what those important features are for your organization.
In this economy, no one can afford to pass on opportunities that provide the highest value.