Many integration veterans remember the word “convergence” being tossed around with zeal a few years ago. The term described where security integration was heading as convergence with IT was coming – with the warning that if the integrator did not make moves to become IT-centric, traditional IT providers were going to take a large share of the security business.
Fast-forward to today, and the separation between the security and IT organizations has truly narrowed. Numerous IT providers have moved into security integration; likewise, many security integrators have moved towards providing IT services. It is not rare today to see a security integrator company offering physical security, audio-visual and IT services as solutions.
Adaption to new solution offerings comes about not only from the evolution of technology, but also from the changing players involved in the decision-making process. In years past, we saw security directors and facility managers playing the largest role in deciding what technology was purchased – now, we see more influence from IT leaders, who are deeply involved in conducting product review and budget oversight. Given that the majority of technology devices now communicate on their network, it makes sense for IT to have a substantial seat at the decision-making table.
Cybersecurity Changes the Landscape
It seems that not a day passes without a new data breach or cybersecurity incident announced by news outlets. Open a social app, attend an industry event or read a trade magazine and the topic of cybersecurity is front-and-center.
Unfortunately, it is not all hype – cyber incidents are happening, and when they do, it is often devastating to an organization. The average financial impact of a data breach starts at $117,000 for a small business and $3.86 million for enterprise organizations.
The need for the security integration industry to step up its cybersecurity posture is now more important than ever. Incidents happen regularly, including business email compromises, ransomware attacks and breaches of customer information. As you can imagine, the majority of these incidents are not made public, but they are happening to organizations large and small.
As the cybersecurity landscape shifts, your relationship with current customers is evolving. You are going to witness a change – as many end-user organizations recognize that their vendors are a potential cyber-threat.
One of those vendors is the security integrator, and a very unique one at that. Not only do security integrators have access to IT rooms and closets for wiring and installation, they also deploy hardware and software solutions that ride on the corporate network and store very sensitive customer data in their systems. That data may include floor plans to buildings, system design with device locations, network schematics, IP and MAC addresses, and device passwords.
End-user organizations are taking steps to protect themselves against these threats, and it is impacting security integrators across North America. Not only are end-users beginning to ask their providers about how they are cyber-hardening the systems they deploy, but they are increasingly employing third-party vendor assessments – designed to identify if a provider has the appropriate cybersecurity posture to protect the end-user customer’s data.
- Questions that security integrators will need to answer often include:
- Do you have an incident response plan in place in case of a breach?
- How often do you complete cybersecurity assessments of your internal systems?
- Are you performing network penetration testing and vulnerability scanning of your systems regularly?
- Are your non-IT personnel being trained on cybersecurity?
- Do you utilize encryption solutions when storing data?
- Do you have cyber insurance in place? What does your insurance cover?
After receiving these assessment questionnaires, integrators are often caught off guard without the correct cybersecurity in place at the time of request. More important, the way they answer these questions is often the difference between winning or losing a customer or significant project.
The balance here is an opportunity to position your organization in a positive light. If your internal cybersecurity hygiene is strong, you can use it as a proactive sales tool that meets the assessment needs, earns trust with the IT decision maker, and separates you from the competition.
Graduating to Cybersecurity Services
Once an integrator has a handle on its own cyber-hygiene, why not provide cybersecurity as part of a total offering? Today, security integrators have a seat at the table with IT decision-makers who are looking for assistance with cybersecurity. This especially holds true for smaller organizations whose IT teams are overwhelmed with supporting existing systems and infrastructures yet are beginning to feel pressure to find and implement cybersecurity solutions as well.
Along with the development of a larger range of IT services, several security integrators are adding cybersecurity to their solution offering. Some of this is occurring through acquisitions – we have recently seen some of the largest security companies purchasing cybersecurity providers, bringing the mixture of electronic security and cybersecurity together. Their lineups are now not only including traditional security solutions, such as cameras and access control, but also a portfolio of managed cybersecurity products and services.
Cybersecurity is a diverse practice, and it involves much more than just technology implementation. There is no technology silver bullet that can protect against all cybersecurity threats; thus, providing a comprehensive solution is the correct approach. Beyond technology, these all-encompassing solutions include multiple layers:
- Cybersecurity assessments which detail an organization’s strengths and weaknesses;
- Technical testing, including penetration testing by certified ethical hackers, who attack networks and systems to see if they can exploit a weakness;
- Comprehensive employee training to turn all employees into front line defenders in identifying fraud and phishing attacks; and
- Cybersecurity policy and plan development to set the guidelines to employees and contractors and to prepare in case of an incident.
Employing a comprehensive, ongoing approach is now critical to keeping organizations safe. As a trusted IT-centric systems integrator, you can begin by providing a handful of them as you enter the market and develop your cybersecurity offering.
Outside of an acquisition, partnering with a cybersecurity vendor as a start can be a great step. They can provide the solutions you need and assist in training on how to successfully market cybersecurity to your customer base.
The opportunity is out there and growing fast – start the conversation now. Tim O’Reilly once said: “What new technology does is create new opportunities to do a job that customers want done.” Ask your customers about their cybersecurity needs, and perhaps your organization can carve a solution to help.
Rob Simopoulos is a Co-Founder of Defendify (www.defendify.io), which makes cybersecurity possible for small business through an all-in-one cybersecurity platform. In more than 20 years in the security industry, Simopoulos has been an entrepreneur, receiving numerous awards and recognition. He can be reached at [email protected], 888-508-9221 x 101.