Minding Your Own Business

Your integrator’s business should be no less risk worthy than yours. But is that true? After speaking with a number of security executives, I can assure you, they are not moving fast to test an integrator’s ability to protect their data, their drawings, their plans or their people. Many have acknowledged that integrators can be one of the weakest links in their chain.

But the time is coming when end-users will start asking about an integrator’s ability to perform information and identity management, how well they adhere to industry standards and more.

The trend is to ask more from your integrator’s competencies. This is challenging them to deliver more than installation, but to extend to collaborative consulting, design and performance management. If this is true, shouldn’t these same skill sets be applied to their business environment as well?

Granted, integrators have every excuse not to invest in these areas. Security executives have not yet placed a value on an integrator’s risk mitigation efforts; therefore, their ability to charge more for their services is constrained. The necessary infrastructure to properly protect your interests comes at a cost. Perhaps that is why you may want it, you may even ask for it, but you don’t truly test and validate it. What if this is our industry’s Pandora’s box?

For those integrators who want to predict and evangelize the change for competitive advantage, there are new tools and infrastructure choices that can ease the transition such as cloud-based portal and administration tools. Many security integrators still have an exchange server and server-based applications and are less than 100 employees. They may have to look into data centers that are more protected than the closet-based server room they currently own.

The business of security is your business, but it also should be your product and service vendor’s business.

Here are some key questions:

• How often do you call on an integrator for security solutions and include the testing and validation of their risk quotient, especially in regards to your business?

• How often do you test their ability to weather a crisis: in people, processes, or events?

• How many SMEs (subject matter experts) do they have access to within the work scope you have planned for them? What is your plan if they no longer can perform?

 

Ronald Worman is the founder and managing director of The Sage Group.

Loading