Sage Conversations: Withstanding the sea of change under way in security

At ASIS 2013 in Chicago, I had the opportunity to meet with many industry executives, listening to their perspective on the changing landscape of security and the technology solutions that were emerging. I also sat in on the Security Executive Council’s Next Generation Security Leader Program and their end of show seminar on Global Security Operations Centers (GSOC).

There is no question, this isn’t the same market it was 10 years ago. It is rapidly evolving. For example:

  • Physical Access Control System (PACS) vendors are actually encouraging development by third parties in areas they believe are meaningful to their base.
  • Video camera companies are acting like platform providers driving new innovation into old capabilities.
  • Microsoft Global Security has hired an investment advisory firm to assist in vetting and onboarding new technology that leverages the Microsoft platform suite. 
  • Cisco continues to resurrect itself within the security market navigating between access control, video management infrastructure and devices. Their market position will continue to be centered on connecting disparate information silos.  
  • Leadership is being sought and taught as fundamental to creating a valuable and sustainable operation to help meet organizational goals and objectives. 
  • The value of information from devices and software to assemble a common operating picture that can drive improved organizational efficiencies is not being driven only by standards committees. Operational thought leaders are defining an approach and a sense of urgency that will not depend on or wait for those standards to emerge.

I followed one long time physical security consultant around the floor on his quest for a platform that would drive analytics from the security information he collected in his assessments, designs, and performance management. He commented that he would probably have to start attending conferences sponsored by segments of the IT market to get what he needed.

I received a report from an integrator that had closed a contract for an enterprise risk assessment involving three separate risk consulting groups.

I also spoke with a security product vendor that believes human and material asset management should be integrated into a comprehensive operations center along with global security. They will leverage RFID and wireless communications to do this. And they were looking for channel partners who understood information management and workflow, not just security products.

We are in a sea change. We have been for some time. But the wave is building. The question is who is riding it and who is waiting for it to break over them.

Investors are smelling it too. Funds are being constructed around a portfolio of companies that can be leveraged to cover the breadth and depth of this new emerging information management market.

And new leaders in the executive security ranks are making their voices heard. The SEC has done a remarkable job finding them and creating a collective knowledge base and curriculum around their proven solutions and the small amount of product and service vendors who have helped them in a new and different way.

The challenge for every security professional was summed up by one of the speakers in the GSOC forum: “What do we want to become?”

There are many opportunities for all stakeholders who can see the future unfolding and have the sense of urgency and capability to respond. The lessons learned from thought leaders are poignant:

  1. Learn the language of business: Know how to get high-level executive commitment and financial support. Understand that your operation is made up of people in definable roles within a core process using tools. How these three elements come together will define how efficient you are, how valuable you are, and how responsive you are to mitigating risk.
  2. Focus on the process of business transformation:
  • Find the knowledge agents, align to their priorities and collaborate with them. An obvious example is IT. Their charter is to provision the capabilities of mission critical systems to the core functions of the organization.
  • Identify your core processes and measure their effectiveness.
  • Define the sense of urgency that adds organizational value and invest in it.
  • Divest anything that does not add value to the core by automating or outsourcing or both.
  • Test all use cases or essential scenarios that redefine your processes and benchmark the technology that automates or accelerates your efforts.
  • Communicate small victories as well as large.
  • Measure, report, improve, repeat.

   3.  Create your Trip Tick: Your plan is like the old map from AAA. Define your destination or outcomes and work backwards from the dates of those              outcomes. Measure your progress.

The old automobile of our youth is pleasantly nostalgic. But it will be run by a different fuel in today’s transport mechanism. The spoils will belong to the ecosystem in and around the new architecture of security. It is truly not our father’s security solution anymore