New Thinking Is Required to Support Security End Users

Afew years ago I had the honor and privilege to give the keynote address at ISC West and was subsequently asked to repeat that address at ISC East. The focus of these two keynotes zeroed in on one of the biggest disconnects in the security industry. At the heart of these presentations, two separate and distinct elements of the security technology sector were featured… security product and technology manufacturers and integrators that design, install maintain security systems. After recently completing an assessment of security measures deployed at a major global corporation’s manufacturing facility, it prompted me to renew my call to change the manner in which these two key elements of the security sector operate.

“Build it, and they will come” has been the mantel under which security technology developers and manufacturers have operated for decades. That might have worked well in the Kevin Costner movie “Field of Dreams,” but that is not what security executives expect of those who are developing products to meet the demands of an increasingly complex security environment. One of the key points I made in my keynote and I am repeating here is that manufacturers must understand the risk environment that security executives operate in better than they do… and then produce products that meet the complex risk, regulator and compliance environment in which their customers operate.

Companies do not want and cannot afford to have to routinely replace products because there is a change to the threat and risk vectors in the physical, logical or regulatory environments in which they must function. Security executives need manufacturers to produce products that are easy to install, maintain and update to meet the ever-changing risk landscape their enterprise operates in around the world.

“I can make a great margin on these manufacturer specials” has been the underlying factor in which recommendations on security system design from many integrators around the world have been based. Everyone understands the need for companies to earn a profit, but that is not an excuse for integrators to push one product over another or install a more expensive or less capable solution than the customer’s risk and threat environment truly requires. Whether you are dealing with security executives, facility managers or small-business owners, they do not have the time to design their own security systems. To serve this diverse customer base in the manner that is necessary, integrators must know their customer’s risk and threat environment better than they do. Integrators need to provide holistic solutions that employ the same rigors that I advised manufacturers to utilize in addressing their customers’ risk and threat vector environment. But integrators also need to take it to the next level and develop the business case and return-on-investment calculations for their customers to use internally to gain approval for a project.

If manufacturers and integrators embrace these recommendations, not only will they delight their customers, but their profitability and reputation will also soar.

Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: matticeandassociates@gmail.com

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.