Over the past year, I have seen and heard many statements about the impact of technology advancement, the need for physical security industry business models to change, and how security industry manufacturers and service providers need to shift to a recurring monthly revenue stream (RMR) model. Cloud-based offerings are usually at the center of such discussions, and how the cloud will drive the change to subscription-based services. I myself have written many articles about these technology trends and impacts.
On a big-picture level, it all seems to make sense, especially when you see the trends and impacts of cloud services adoption in the business world; however, looking closely at the small-picture level, it is not clear how things will work. What will the security industry transformation that 21st century technologies are supposed to bring actually look like?
While the security industry has recently embarked on the journey, IT integrators have been struggling with the great information technology changes for more than a decade. In their domain, the transition from project-based technology deployments to service-based technology deployments has been a rough ride for both customers and service providers – and it is not yet over.
As the security industry continues to build its products and systems on emerging information technology, what does that mean for our industry’s future, our businesses, and our own jobs and roles? Rarely a day goes by that I do not hear or read the word “disruptive” regarding some new technology product, innovation or technology-enabled business model. It is a celebrated term, and the idea of being a disruptor in an industry has great appeal and sounds very dramatic; but how do customers respond to the word disruption? It is an important question, especially since there are really two customers involved in the technology distribution chain.
Perspectives on Disruption
When asked about the effects of digital disruption on General Electric, Chris Drumgoole, then Chief Operating Officer of GE’s cloud division (now Chief Technology Officer of IT), said at the 2014 Gartner Data Center Conference, “There is really not a single thing that we do in IT, today, that we’ll do the same way two years from now. I struggle to name a single process within our organization that isn’t going to change dramatically over the next two years or three years.
“We really believe that the world is changing from an engineered-systems to an integrated-systems world, where the component is no longer the most important piece,” Drumgoole added in a 2014 InfoWorld interview. “It is around systemic behavior, where systems exist to serve apps.”
These simple statements describe a technology mindset whose ramifications are not obvious at first, but can be seen by considering its full business context. This has great relevance for the physical security industry.
Two Transformations
Drumgoole and his teams are undergoing major transformation – nearly total disruption from his description – due to information technology advancements. On the one hand, Drumgoole is a customer of information technology manufacturers and service providers; on the other, his division is itself a service provider to all of GE.
It is the job of his division to contain technology disruption within his division, and to provide services which, where they are transformative, help the rest of the company transform itself into a more effective, efficient, flexible, fast and responsive organization. The rest of GE is the end-user customer, and if Drumgoole’s division achieves its objectives, its customer will, for the most part, wholeheartedly embrace the self-managed transformations that GE IT’s services enable.
No longer will GE IT ask its internal customers “What kind of system do you want?” That question places a pretty big burden on the customer, as defining or deciding on all the elements of a system is a nearly impossible task for an end-user. Now Drumgoole’s people get to ask: “What kind of application do you want?” That’s where the rubber meets the road for the end-user.
From GE IT’s perspective, there are two technology transformations taking place within the company. The first is GE IT’s own transformation to adopt emerging information technologies and deploy applications to its end-user customers. The sole purpose is to help those customers advance the causes of their own business units and functional areas. The second transformation consists of many smaller transformations throughout the company, as the various divisions and functional areas adopt new applications to organize and align for evolving corporate and divisional objectives.
Security Integrator Transformation
The mindset that Drumgoole conveyed is eerily similar for today’s security integrators – although integrators are in the fortunate position of applying it on a much smaller scale. It is the role of industry manufacturers to engineer products and systems that can be easily deployed into an intelligent security systems infrastructure (as described in my previous article, available at www.securityinfowatch.com/12296876), with a primary focus on security operations and management applications.
The legacy industry business model was to sell and install equipment into customer facilities, at which point the customer owned the technology, was primarily responsible for it, and hopefully contracted for regular preventative maintenance as well as on-call service and repair.
After initial training, customers were generally left to their own devices to expand and develop their use of installed technologies, and to create their own technology roadmap some years down the road. With technology evolving as rapidly as it is, customers can no longer keep up with the technology advances, and are overwhelmed with technical information that often has little direct bearing on their security applications and operations.
As is commonly understood, the emerging business model is that of managed service provider, where both hardware and software are provided “as-a-service” – on a subscription basis, with the security integrator “owning” the installed infrastructure either literally or by virtue of contracted responsibility. The whole idea is to free end-user customers from involvement with systems and components, and the resulting headaches and challenges, so that they can focus on applications that will transform the security function into a more effective, efficient, flexible, fast and responsive unit whose risk mitigation capabilities are a continually improving match for the evolving risk picture of the organization.
Value to the Customer
Recently, the Sr. Manager of Global Safety & Security for a multi-billion-dollar global technology firm told me that “integrators need to figure out how to add value in the ‘as-a-service’ paradigm,” and that “more and more security platforms will have ‘as-a-service’ and cloud components.” His concern is that integrators view physical security system Software-as-a-Service and Hardware-as-a-Service offerings as just a newer kind of thing to mark up, sell, and install – just like they have been doing for the last 20 or more years.
While agreeing that what companies have been showing him are, without a doubt, new features and capabilities, he has not been hearing exactly how his company will achieve the potential benefits, risk reductions and cost savings that the newer technologies are supposed to be providing.
I have heard the question raised in discussions about pure SaaS offerings: “Why should a security practitioner buy through an integrator when its simpler and easier to subscribe online?” This gets to the heart of the matter, and illustrates the need for the security industry to get a good grasp of the mindset that Drumgoole conveyed – to focus on added value, which is what our customers are looking for.
Added Value as A Self-Solving Problem
Recently the president of a security integrator firm told me: “We are in an age of dropping technology prices and eroding reseller margins...I just don’t see how Hardware-as-a-Service can work when customers expect the price to go down each year, in keeping with technology trends. With all the new devices and systems that we’re hearing we’ll need to integrate, we can’t keep lowering a monthly or yearly subscription cost. We can’t afford to add more value because we can’t raise prices year after year. We won’t survive.”
Such thoughts are currently shared by many integrators and their customers. This is because few security integrators and end-user customers have experienced the benefits of true value-added service and product improvements. They compare it to consumer TVs and other electronic technology, whose prices drop as capabilities go up, year over year; but that’s the wrong technology picture.
We should now be dealing with intelligent systems technology, and using it to build evolvable security system infrastructures. If we do it right, the operational value of that technology – its value to the customer – keeps increasing year after year. This is in stark contrast to legacy technology, which starts on its path to obsolescence as soon as it is up and running. It becomes more of a problem to the customer year after year.
Instead, consider the auto industry, which every year adds value to the driving experience. This includes a reduction of 25 percent in vehicle-related deaths over the past 10 years, along with impressive improvements in fuel economy, and lower service requirements. Now add self-parking cars and self-driving vehicles into the picture, and you see their focus is on value to the customer. The auto industry’s equivalent of “hardware-as-a-service” – vehicle leasing – has a more than 10-year continuous upward trend. Vehicle prices don’t plummet every year, because vehicles keep appearing with more value added to them. In the security industry, we must adopt the successful thinking that other industries have to create the breakthrough products and services of high value.
A focus on adding value – especially through well-integrated applications that act as force-multipliers for security departments – is the most important ingredient in being successful with the “as-a-service” RMR model. That’s what security practitioners are thinking about and asking for.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.
