At ASIS 2017, I had many discussions with consultants, integrators, technology vendors and security executives. The common thread throughout was the acknowledgement of the complexity of our profession. Complexity is not our friend. It is the enemy of execution. However, where there is complexity there is also opportunity for technology and service providers who understand the complexity, embrace it and reduce its impact on their client’s organization.
Unfortunately, clients have been taught to under-value these providers. Here are some examples:
- Consultants believe the expectation of the client is the size of the report. One consultant suggested that the tagline is: “I get paid by the pound.”
- Specifiers say the expectation is they get paid by the drawing.
- Integrators have helped foster an expectation of being paid by the labor hour, not by their knowledge or expertise.
- Technology vendors are often limited to discussing their features and functions, not by the problems they solve.
The good news? It is encouraging. We have more technology vendors beginning to shape their market strategies around the root of every CSO’s business problem: harnessing data to create a complete picture of the risk and the performance of the risk mitigation processes and procedures within the organization.
Some are positioning as smart hubs. That is, they are going to collect the data from the IP devices/sensors (the spokes) leveraging more open APIs and more sustainable business-friendly API programs. They will place that data in the context of a need. This could be feeding an overall view of a program (# of employees travelling or onsite in key regions around the world) or the analytics needed for an automatic response (providing an alert to a SOC based on a behavior). This is the beginning of machine learning.
The hubs will form better relationships with the spokes; that is, the technology vendors that supply the software and devices on the network that feed the hub. The smart hub vendors will begin to lock arms in their market strategies with the spokes to teach the market what a ‘‘smart’’ security system looks like. To date this has been difficult. The complexity of the technology and the fuzzy return-on-investment has constrained market adoption.
The client and the vendors will need to become adept at studying the workflows (core processes) that enable risk mitigation and operational performance. They will have to measure velocity between steps in a process. They will have to assess the quality impact at each step in the process. They will have to measure not only the overall risk mitigation of the organization but their supply and resource chain as well.
Finally, the client will need consultants, specifiers and integrators who are experienced and knowledgeable in the unique vertical market challenges. Markets such as healthcare, education, data centers, utilities and corporate campuses have unique needs and vendors need to engage them in the conversation.
Serving a complex market is difficult, not easy. You must be willing to invest in research as well as time to study the current business processes so you know where the constraints and waste are, as well as the opportunity. And you can’t parachute in pretending to speak the language and be a trusted advisor. You cannot make promises that you cannot fulfill. Think you can? Security executives have long memories.
Think of it this way: if you can’t be bothered to truly understand your specific market, how can you possibly serve it? It is not a complex idea. But we are a complex industry. And our job is to bring clarity to the equation.