Enterprise Security is Big Business

Nov. 11, 2016
SD&I Cover Story (Nov. 2016): Five best practices from experienced integrators on how to thrive in perhaps the most lucrative vertical that security serves

Defining an enterprise security deployment is not cut-and-dry. For some integrators, enterprise refers to the size and scope of a project – with sprawling infrastructures and facilities in multiple locations that all communicate back to a central operations center. For others, it is more about how the customer does business and not necessarily on the size of the system.

Whatever your definition of enterprise is, each of these time-consuming, complex and often massive projects – and the continuing service and maintenance thereafter – can be the lifeblood of an integrator’s business.

Using tried and proven best practices, any security integrator can take advantage of these lucrative long-term deals. I sat down with executives from two perennial SD&I Fast50 integrators – Carey Boethel, president and CEO of Securadyne Systems; and Mike Kuhn, VP of Global Accounts at Convergint Technologies – to outline five best practices for enterprise systems integration:

1. Lay the groundwork. When an integrator sits across the table from stakeholders in an enterprise deployment, setting parameters and getting a feel for the overall vision of the system is key. A smart integrator would not roll a single truck until there is a definitive feel for the customer’s goals in using the system and a plan developed to make them happen. “With any large customer, I would start out by asking, what are the standards going to be, and if they don’t know, then it would be our job to help develop them and put together a playbook,” Kuhn says.

“Without defining the goals and objectives of a project and who is going to do what in order to achieve it, you don’t even get off the ground,” Boethel adds.

For Boethel, these initial discussions reveal the integrator’s role. “If we are at that meeting because the enterprise client has a particular challenge or is looking to solve a particular problem, such as a regulatory compliance issue, then we will go down ‘path A’ – a highly consultative approach that goes deep into needs analysis and in fact probably doesn’t get very technical for quite a while,” he explains.

If the enterprise customer is, for example, adding a seventh manufacturing facility in Wisconsin that will feature the same or similar security standards as the other six, Boethel would call that “path B,” which is a little less consultative and focuses more on the end-technology solution and how to best deploy it, he explains.

Still, the key to this first best practice is restraint – both parties must resist the urge to jump right in without having a detailed plan in mind. “When you are talking to an enterprise customer, a lot of them tend to want to dive right into the overall deployment,” Kuhn says. “I try to pull them back for a minute and ask: ‘At the end of the day, what do you want this to look like from a big-picture perspective?’ If you are just putting systems in buildings and you haven’t established that big picture, chances are you are going to get halfway or three-quarters through and find yourself saying ‘I never even thought of that.’ Now you have to unravel a lot of what you already did to get the system to work the way they wanted it to work in the first place.”

Another vital component of enterprise security planning is establishing a point person on the end-user side of the table. As most integrators know, there is a much more complex stakeholder environment in an enterprise-class deployment than a single-site, with a broader mix of personnel that may include HR, corporate security, compliance and certainly IT. “You have all of these different people who often don’t report up to the same channels, so there is no apparent hierarchy for decision-making,” Boethel explains. “You have to build a consensus; thus, you need a champion on the customer/end-user side who can get you the answers you need in an efficient way so it doesn’t bog down the process. You have to find the right balance of someone who is high enough up in the organization who can make some decisions and really maintain the momentum of the project without a lot of bureaucracy, but also someone who’s not so high up that they are disconnected from the everyday business.”

Boethel admits that finding that person is “more art than science.” That said, he stresses it is something that an integrator must demand out of enterprise clients.

2. Make technology choices as simple and uniform as possible, while keeping the future in mind. Most integrators do the majority of their work in access control, intrusion detection and surveillance, with fire & life safety and emergency communications added as part of a core offering. When dealing with multiple sites and facilities that all need to communicate back to a central location – typically a Global Security Operations Center (GSOC) – it is important to keep technologies as uniform as possible across each facility. “You don’t want to be using four different brands of card readers or locks – it is just too hard later on when you are trying to troubleshoot or perform service and maintenance of the system,” Kuhn says.

Obviously, service and maintenance is a key consideration for integrators in an enterprise system – what integrator would be happy with simply installing a sprawling security system and then walking away without taking advantage of the RMR that comes from continuing service and maintenance? “We don’t want our local technicians to use their own judgment and/or creativity in how they program a system,” Kuhn says. “We try to keep it as consistent as possible across all the sites, so if we start getting alarms or problems coming into a GSOC, we immediately understand what’s going on, and we don’t have to ask a lot of questions.”

A common misconception is that a large enterprise system is a sure candidate for bleeding-edge technology; in fact, both integrators say that the use of newer technologies such as 4K and panoramic cameras, for example, are done much more on a case-by-case, application-specific basis. “There are some great new technologies out there, but you have to look specifically at how the client wants to use them,” Kuhn explains. “Take panoramic – if you are looking at a stadium environment or a large, open common space, the products work; but if you are looking at an office building or a hallway corridor entrance, you are not going to need that level of technology. A standard 3MP camera is going to give you everything you need and then some.”

That said, Boethel is seeing a change in the threat/risk profile for enterprise clients, with a much greater focus on responding to active shooter scenarios. “We have seen a high degree of interest of late in gunshot detection,” he explains. “It used to be workplace violence and internal theft were the top two threat profiles...today, an active shooter scenario is what keeps people up at night, and being able to prevent that is extremely difficult, if not impossible. Most end-users are focusing on how to effectively and quickly respond to it, mitigate it and resume normal business activities. The ability to triangulate on the location of a gunshot is critical to being able to effectively manage that emergency.”

3. Tap into thriving markets. Both Convergint and Securadyne boast a large roster of enterprise customers in a variety of vertical markets that go well beyond the traditional critical infrastructure clients that are generally believed to make up the majority of enterprise customers. Securadyne, for example, has tapped into the emerging food and beverage market as a source for many of its enterprise projects. Convergint is zeroing in on Fortune 500-type corporate end-users.

Additionally, Boethel says the healthcare market is quickly emerging as a major player in the enterprise space. “In healthcare, it used to be a lot of standalone facilities, but as these healthcare and hospital systems have grown, they are now managing their businesses less like a portfolio of individual properties and more like a single company,” he explains. “We are seeing system-wide deployments where the holding company is setting the standards for the operating companies (the hospitals), and deploying more like an enterprise-class user instead of a bunch of individual facilities.”

That also means Securadyne must be well-versed in the compliance aspect in each of these verticals. “We tend to segment our customer base by vertical market, and we require our people – both sales and operations – to network within that market, research and understand the rules and regulations, and understand the vernacular,” Boethel says. “We really try to go all-in with key verticals and try to go as deep as possible, and the deeper we get, the more value we can create.”

4. Be ready for IT interaction. It probably goes without saying in today’s landscape that a customer’s IT department is going to play a key role in an enterprise deployment.

It is critical to not only document and plan for how security systems will share an organization’s network resources, but also to plan for installation and network access for technicians on-site. Will the technician be able to plug a laptop into a panel, or will the customer’s IT department only allow the use of laptops that they will provide on-site? These are obviously key considerations.

In addition, the enterprise customer must be aware that they won’t be getting the average alarm installer to work on-site. “In today’s world of enterprise solutions, you can’t send a guy that was putting in a burglar alarm system that morning to go plug into a customer’s network – that just doesn’t work anymore,” Kuhn says. “We can’t find anybody with the proper skills in the $75 an hour price range – these techs are better trained and have more knowledge. Those costs are passed on, but the people in the IT world understand that – they are used to paying those types of prices for people to come work on their systems.”

5. Manage both projects and programs. Both Kuhn and Boethel stress that there is a major difference between “project management” and “program management” – and it is paramount that integrators understand that difference when it comes to enterprise deployments.

“A key ingredient is a good program manager,” Boethel says. “It is not enough to have a bunch of project managers managing respective installations, because they are all going to have different backgrounds, experiences and methodologies. They all may be very good at what they do, but each one of the projects will go a little bit differently unless there is someone to proactively administer them. That is the program manager.”

Complex enterprise deployments come about as a series of projects rather than one big project, as “very few enterprise customers go about worldwide deployments in one fell swoop,” Boethel adds. This is why the program manager is unique to enterprise deployments.

While they obviously create additional expense to the budget, a program manager serves as the point person for the entire project – managing each project manager and each project at all the different sites while serving as the 24/7 point of contact for the end-user.

“If a customer doesn’t want to pay for the program management piece of it, and they just want to communicate with the various project managers out in the field, there are a lot of areas where the whole thing could blow up,” Kuhn warns. “Those guys are worth every penny when it comes to making sure that a large enterprise deployment goes well. In all the years I’ve been doing this, projects where we didn’t use a program manager – for whatever reason – are always the toughest jobs that I have been involved with.”

Paul Rothman is Editor in Chief of Security Dealer & Integrator (SD&I) magazine. Access the current issue and full archives at www.secdealer.com.