Security as a Business Center

Organizations generally justify security expenditure by citing risk mitigation and management, loss prevention and loss reduction. This limits the scope of security somewhat.

We all face challenges and have to come up with solutions to meet them. Sometimes there is no known way to deal with a problem. This is where the synthesis of new ideas and concepts comes about. Instead of throwing up your hands, you focus on finding a new and creative way to do the job. This kind of security director refuses to accept the answer that it can't be done.

For example, a security director is faced with a merger of companies and is tasked with consolidating security controls and reducing cost. The business suddenly comprises multiple new sites, each of which already has CCTV and alarm systems from different proprietary vendors. Some of these sites have patrolling security officers, some don't. An analysis of the situation indicates that the systems cannot be integrated natively and that a significant increase in staffing will be necessary to meet the corporate standard.

The first option is to rip out the legacy systems and replace them with the corporate standard equipment, hire a bunch of new security officers, and establish command centers for each office. This obviously equates to a lot of cost and upheaval. The security director in this case does not accept the situation and concocts another way to solve the problem.

He finds a new software solution that takes the inputs of multiple systems for CCTV and alarms and integrates them in the background. The solution uses the corporate network backbone to communicate, eliminating the need for additional wiring. The security director works with IT to establish the necessary connectivity over the backbone. By working with the software vendor in a cooperative dialog, he helps to shape the new product to meet requirements for his company. The installed security systems are not directly modified; instead the means of connecting and managing them is modified and centralized to the home office, eliminating the need for local command centers. The CCTV systems are evaluated and modified to enhance their coverage and utility, reducing the need for more security officers. The result is a minimal overall increase in spending, with a substantial increase in security coverage and services. It's a classic example of making security systems work smarter and run more cost-effectively, while still being more secure. The bottom line here is to not take no for an answer; find a way and make it happen to the benefit of the company.

Mix and Match as Needed
No security operation will easily fit within just one of these models. Each of us has a variety of challenges that require us to use several of these models to accomplish the goal. If you reflect on your operation and find that you use one of these models predominantly, ask yourself if you're using the right model.

You may need to use all of them at different times to fit different needs. Don't allow yourself to be trapped within a single approach. There will be times when the commodity approach is simply the best answer because the solution is well defined and does not require anything other than standard treatment. There will be other times when you need to employ groundbreaking methods. The bottom line is to be flexible and aware of the best approach to dealing with each challenge you face.

Make your decisions based upon the situation at hand. Be aware of the business realities of budget and risk for your company. Know the goals and objectives of other departments. Become familiar with the financial state of the company so you know what areas may need your help. Most important, know how your own operation is contributing to or hindering the financial health of the company. By adjusting your approach to fit the needs of the business, you can truly become a business center for the organization.

Eduard Telders is chief security officer for PEMCO Financial Services. His responsibilities include physical security, information security, corporate contingency planning and safety programs. Mr. Telders has been providing security management for information and physical security in the banking, insurance and financial industries since 1981, from Fortune-500 to medium-sized companies. He is active in a number of security trade groups and associations such as ASIS and ISACA and has been a frequent contributor of security articles and speaking engagements for journals, conferences and seminars.