When a security executive requires advice on how to optimize their core business processes, who do they turn to – an integrator? Possibly.
In my conversations with industry veterans I have found interesting perspectives on the current state of the "integrator" industry and the future opportunities that are available.
Integration, as the definition implies, involves people, the processes they live in and the tools they use to perform their roles.
• It involves change. It challenges business and security executives’ status quo so the level of trust must be high.
• It involves knowledge about business process management, otherwise known as corporate management through processes and the unique interaction between them.
• It involves "tools" or technology as well as human beings with the understanding that the two can collide or be exponentially leveraged.
Are integrators ready to be integrators?
Unfortunately today, most integrators come in after the future process has been defined and a specification has been drafted for a technology that will perform and, consequentially, optimize the security organization. Often the integrator is asked to apply the technology they get paid to represent to the specification.
I asked a number of executives from integrators, technology vendors and consultants, if this is the best we can do to drive sustainable value.
According to Tom Hale, director of corporate security for Intuit, when integrators are relegated to simply responding to specifications as defined above, they should be referred to as "installers." But Hale is quick to point out that making the progression from a "reseller" to an integrator has been done before.
"A great business example is IBM," says Hale. "IBM was a seller of hardware and service, then they claimed to be an integrator and would include other's hardware and software. Now the vast majority of their revenue and profit come from business process management – consulting, services, sourcing, etc. Very high-end, very profitable and very well respected."
Larry Dietz, professor, AMU Security and former U.S. Army colonel during Operation Desert Shield agreed.
"An integrator promotes their software which has been developed based on the developer's perception of how to optimize the process," says Dietz. "If the integrator hires or employs bona fide experts who know the operational aspects of the business or function and can then manage the tailoring of the software to optimize the operations of the client, then it can work. But they must have bona fide operational credentials with an approach that maximizes revenue, reduces costs, shortens cycle and produces quantifiable results."
If an integrator is ready and able to make the transition from reseller to integrator, then they will face other challenges, according to Dr. Ken Baylor, vice president of security and anti-fraud at Wells Fargo.
"Most security executives do not even know what their core practices are, or could describe them in detail," says Baylor. "They would never ask an integrator to optimize their core business practices. If they are calling, it is because they are in a hole and out of their depth."
However, Baylor would agree that the integrator could be of value anyway. "Get them focusing on optimizing the deployment of their processes in a safe, secure way," advised Baylor. "Ensure appropriate controls are put in place."
Ken Cummins, CSO of Sound Transit, believes trust is the key bridge to all of this because "there is too much at stake when you are dealing with the core business processes."
The road from reseller to this definition of integration seems to demand the customer and the vendor agree on the value, according to Jack Turley, vice president of strategic development at Kratos. "To develop this as a practice means creating a division that provides fee-based consulting on security program business processes," says Turley. "Only a very progressive end-user will understand that spending their first 20 percent of a project’s cost on consulting services (from network needs to system design) is the best way to guarantee a successful project."