What can security product and service providers do to show the true value of their offerings at a Board of Directors Level?
Most decisions of this type are decided at the Finance or Capital Review levels in the organization, where it would be in the provider’s best interest to present as much detail as possible to the organization’s Chief Security Officer (CSO), who is vying for limited corporate capital with other business units.
The information should be as non-technical as possible, while still reflecting the benefits and the cost-benefits of the decision.
Where possible, the decision should be tied to regulatory or other semi-mandated programs that would resonate with management.
Chances are, it is going to be the CSO who is attempting to obtain funding and approval, but the more support a provider can provide the CSO in competing with their peers for limited resources, the better.
1. Their definition of security;
2. How that definition applies to the business value;
3. The risk to the business if that definition is wrong, misunderstood, or unrealized;
4. How they are organized to achieve that purpose;
5. How they measure their program deliverables;
6. The maturity model of the Security organization (Growth, Maintain, Repair); and
7. Their partner execution model for formulating strategy, deployment and maintenance.
Manufacturers and service providers must stop selling widgets and invest the time to develop a deep understanding of the end-user’s industry, how their business operates within it, and of the seven factors. They must discuss how security platforms may integrate at a business process level to enhance the performance of critical business functions. And they must also hire business-trained people and focus on the ability to analyze and articulate business value in the end user's terms at all levels of the organization.
Philip C. Aronson, President and CEO of Aronson Security Group: You start with the value drivers that are impacting or will impact the business. We believe that service providers must deliver security optimization services, strategic technology evaluation and benchmarking, and enterprise integration services.
The latter deals with the technology that can drive innovation, cost reduction and process improvement — all of which are board-level concerns.
All services should depend on the service provider’s ability to engage with the client so that both parties can articulate what the Board Level Risk is, and how that risk might impact their bottom line in the execution of their business.
The bottom line: the execution of a security strategy and plan must be aligned with the mission of the business and the goals of the business. At the end of the day, clients are demanding service providers that have the ability to facilitate a higher-level exchange and investment grade security plan with the client.
Security system and service providers offer the same risk assurance to a Board of Directors that a spare tire in the trunk of your car offers — you hope you won’t have to use it, but you don’t want to be caught on the road without one.
Fire, for example, is highly regulated risk. No one questions the necessity for the protection of life and property from fire.
The criminal acts of an insider, an outsider, or a third party are unpredictable; yet history demonstrates that they are not unlikely.
Security system service providers offer a layer of proactive oversight into unauthorized activity which imperils corporate interest, actively minimizing risk. You don’t know if or when you will have your next flat tire, but you periodically check the integrity of your spare so that you are as ready as you can be.
Next Month’s Question:
What training do you expect a vendor’s employees or staff to have?
For information on the Security Executive Council, visit www.securityexecutivecouncil.com/?sc=std.