Monetizing Security Management Platforms

March 13, 2015
How embracing new technology models can increase RMR

The security industry is on the verge of a new method of operation that is poised to change traditional sales models and on-site integration work in favor of delivering a wider variety of value-added services. We have heard this story before: security providers looking to sell more services to drive recurring monthly revenue (RMR); yet, today, a paradigm shift is under way in which more security providers are investigating and deploying advanced capabilities on top of or adjacent to existing systems.

These new opportunities to expand existing platforms are possible due to the wider availability and use of open architecture or web services based on application programming interfaces (APIs) — and they are driven by the expanding Internet of Things (IoT) movement and adoption of cloud-based services. Such systems enable a variety of disparate products and solutions to work with one another to share information and operational tasks that can be aggregated to enhance security operations. These systems offer a wide variety of choices, customizable capabilities as well as attractive RMR opportunities to security providers.

Still, many security product and software manufacturers have not yet been able to figure out how to monetize open architecture services to increase their potential for delivering additional recurring revenue. Some are still relying heavily on proprietary hardware margins to offset potentially loss-leading software solutions.

A great opportunity exists to break from this traditional model and shift to a lower-touch, lower-cost model in which security systems collect more information from many sources, while providing greater flexibility and choices for managing security operations. Embracing APIs and open architecture enables the seamless integration of on-premise hardware and software, with a multitude of cloud-based solutions.

Open Architecture and Changed Consumer Expectations

APIs enable a simplified, standard method of exposing software or hardware capabilities and information while making out-of-the-box integrations easier and more supportable. They also enable the open development of mobile applications. In general terms, an API allows connected devices and software to share information that can enhance their capabilities by being part of a bigger ecosystem. For example, 11 percent of Twitter users are using third-party applications that were built on APIs. Amazon has one of the widest ranges of APIs — from marketplace interactions to hosted web services. The use of these APIs creates an ecosystem that extends the value and capabilities of their host application, while at the same time adding value and capability to the application that is consuming the API from the host platform.

It is unlikely a security practitioner will find all the capabilities and best-in-class features in a single software platform. By exposing selected capabilities via APIs, systems can be tied together easily to create an environment that works for that user or organization. For example, Salesforce.com, an online customer relationship management (CRM) and sales prospecting tool used by many large organizations, adds to its own ecosystem by allowing the customer to select which applications to add to their environment. Here are a few examples of capabilities on Salesforce.com that are made possible by APIs:

  • Ability to sync with a local mail client or phone;
  • Viewing a map that shows the location of, and directions to customers;
  • Dynamic access to a quoting tool and proposal generation;
  • Sales compensation automation;
  • Account planning;
  • Sending data to a third party reporting tool; and
  • Marketing and customer notifications.

Individually, Salesforce.com could not create all these capabilities on its own. By having a robust and true API model, the customer can pick and choose the best cloud or on-premise solutions for their needs.


Beyond just reselling these services, the biggest opportunity APIs and cloud services offer security providers is that they enable the ability to provide these new solutions in conjunction with managed services and pull together different solutions for a unique customer offering. In addition, APIs and cloud services enable customers to assemble customized services and applications that are unique to their operations — giving them the ability to choose solutions that are the most meaningful to their businesses.

The consumer environment, behaviors and expectations are putting pressure on the traditional ways security systems and services are purchased. Customers want the option to tailor the service they select. An all-or-nothing service model does not work, as customers want to be selective by choosing and paying only for the features they need that are accessible from the devices of their choice — desktop, tablet or mobile. Services are likely to be selected as an annual or monthly subscription fee with pay-per-use pricing models for additional value-added services. This is comparable to cable TV service, where customers pay for basic access and add on monthly premium channels and one-time charges such as on-demand movies or pay-per-view.

Transitioning to a Services Model

Adopting value-added services does not mean you have to abandon your existing model altogether. Security providers can simply offer solutions in addition to their traditional services, delivering some basic services as added value and more advanced services for a monthly or pay-per-use fee.

Cloud-based video or access control with added data consolidation, analysis and reporting capabilities can open up new opportunities for upselling the capabilities of the services and technologies you already provide. Integrating cloud-based incident or visitor management to an environment provides additional key services to the security operations, while expanding the value of the security provider.

Security providers have a multitude of available options for monetizing value-added services. In general, those opportunities fall into two categories: Automating services that are traditionally labor-driven; or introducing new value-added services that complement existing and new technology.

Security providers can automate a variety of manually-driven legacy services by mixing new technology and a centralized managed services team. Compared to the cost of purchasing software and employing personnel to manage those services on their own, contracting with an integrator that has developed automated, lower-touch service capabilities could represent a significant lower cost of ownership for customers.

Beyond automating traditional services, security providers can look to new value-added services enabled by the information that security system technologies capture across a single customer and across their entire customer base. For example, integrators can leverage centralized data analytics that enable customers to conveniently analyze and investigate security and business-related correlations to better understand their operations and promote efficiencies. Providing business analytics enables customers to examine information related to systems such as alarm monitoring, video, access, visitor management, fire, installations, system inventories, etc., and arrive at actionable information that can lead to more predictive security operations.

Ideally, customers will be able to manage this information from a single interface, in real time. In addition, data analysis can enable greater hardware management capabilities, such as tracking installation and service histories to get closer to predictive models for the maintenance, service and replacement of security devices.

Trading Installation Fees for Services

Security providers transitioning to a services model can possibly face short-term revenue reductions due to the loss of software sales and equipment installations; however, the lower-touch services model — in which security providers have fewer interactions with equipment — offers the potential for greater profitability. At the same time, security providers offering a wide variety of value-added services have a much more scalable business model with plenty of opportunities for upsells while creating a higher-value or “stickier” relationship with the customer. Security management services offer predictable RMR and greater profitability.

Added-value service models also offer the potential to enhance sales efforts. The heavy lifting of selling equipment and managing installations is already complete; therefore, the security provider is just focused on sharing the enhanced service capabilities with the customer. The “buy-in” process for customers is simple — they can merely select from a variety of options that do not require scheduling a technician visit or worrying about the logistics surrounding equipment implementations. Best of all, customers can often make such selections on their own, using an online interface to add services on demand.

What the Future Will Bring

As the IoT movement continues and APIs take greater hold, security providers that invest early in platforms that deliver low-touch services and figure out how to monetize those services will have a wealth of new opportunities.

Connected systems will enable more devices to communicate, which introduces more services — similar to what is currently happening in the residential market with home automation. In the commercial space, there will be new opportunities for services such as advanced energy management, inventory tracking and mobile access control — even the tracking of food for Food and Drug Administration (FDA) compliance and handling conditions.

These new solutions and technology models are not a threat to the security provider — they are a path to enhanced security and increased profitability.

Jeremy Brecher is vice president of technology, electronic security, for Diebold Inc. (www.dieboldsecurity.com). To request more info about the company, please visit www.securityinfowatch.com/10213450