Hard sell

Much has been written about the new generation of integrated security products and the significant anticipated end user benefits of these devices migrating onto the Information Technology (IT) network. Indeed, a quick stroll around any recent electronic security trade show indicates just how much security products have changed since the 1990s.

Despite the forward-thinking security manufacturers hastily dumping their closed systems and embracing IT protocols, an increasing number of today’s dominant manufacturers are from – or have their roots in – the global IT industry. And it really isn’t hard to see why.

The IT industry is one of the most competitive in the world. Global standards mean global competition. Margins are low, qualified staff costly and product lifecycles short. Hardware has become a commodity, subject to ferocious price competition. Software often has crippling development costs attached.

If you’re still going to be in business this time next year, you need either global scale or to be first to market and dominate a niche sector. No wonder the arrival of the multi-billion dollar electronic security industry, ripe as it is for IP conversion, has attracted the interest of the biggest names in technology software and hardware (as well as many aggressive start-ups into the bargain).

What effect is this rapid change in the (to use IT parlance) Original Equipment Manufacturer (OEM) market having on the rest of the industry and, critically, on the readers of Security Management Today? An examination of the IT industry’s evolution offers some clues.

The increasing dominance of mainstream technology hardware and software manufacturers exerts pressure on electronic security distribution channels to become more like the familiar and highly efficient model of their parent IT industry. The high development costs and short product lifecycles in the IT sector meant that suppliers needed huge scale to be confident of a return on their investment. Technology firms grew to serve global markets. This necessarily meant they had to depend on a network of intermediaries in each local sales territory to competently sell, integrate and support their products.

Such was the commitment required by both parties, particularly in terms of costly staff and product training, that OEMs and their intermediaries sought formal agreements from each other to protect the investment. The ‘approved reseller’ was born. As with all channel members in a highly competitive market, resellers had to continually add value for their customers to survive. Hence the term ‘value-added reseller’.

Something beyond cable-pulling

Value-added resellers typically perform high value services for a customer, advising them on the best mix of products to meet their needs now and in the future. They make perfect sense of the rapidly-changing technology, project managing and implementing complex installations and providing support and upgrades as required. Low value functions – such as running cable or bolting hardware to walls – are often outsourced to preserve channel efficiency.

Usually, the customer (for example, an IT or security manager) is highly technology savvy. However, they’ll often have multiple responsibilities and limited time at their disposal. Thus they’ll actively seek a genuine partnership arrangement. The confidence to hand over key elements of service provision to a third party is made easier, of course, by the manufacturer’s stamp of approval on the reseller (in the form of a licence to sell and support their products).

The functionality of technology products and their use across an entire organisation via the IT network meant that one centralised solution could now support every user. In large organisations, the chief information officer or IT director would therefore select one vendor’s product for universal application. Then – and only then – would approved resellers be chosen for each site or region, based not on the product they recommended (as this had already been decided) but, critically, on the range and quality of their services.

If you accept the premise that the electronic security industry will increasingly become a subset of the IT market, initially at the corporate and public sector levels, it follows that security intermediaries must expand their offer beyond the traditional role of designing, installing and maintaining a system if they’re to fulfil the role of a value-added reseller. This is made even more likely when you examine the changes underway on the demand side of the equation. Changes which are leading security managers to re-evaluate what constitutes acceptable value from their suppliers.

Of late, organisations in many sectors have been under increasing pressure to cut back on overheads. Despite the growing emphasis on the protection of workers and company data, staff functions – among them security provision – are seen as non-revenue generating activities and therefore find themselves subject to constant budgetary pressures.

Security managers are increasingly being given wider remits, such as managing additional facilities provision, or also having to perform a consulting role across the entire organisation. For their part, IT managers are more involved in the approval of security systems. In many cases, electronic security projects are funded from the larger IT budget.

Corporate and public sector buying patterns have also undergone radical change. Not only do electronic security purchases naturally require the input of the owner of the network it now shares, but procurement departments apply their own criteria to vendor selection – increasingly introducing mechanisms such as e-bidding (‘End of the Line’, SMT, October 2004, pp31-32) to drive costs down.

The shifting security emphasis

Even without huge technological advances, security managers’ needs are changing and, with them, so too the demands they’re placing upon their suppliers. Are traditional security installers actually ready and able to meet those demands? That’s the $64,000 question

Most organisations have long had tried-and-tested physical security systems in place, but of late the emphasis has shifted to include both the protection of information assets – so-called ‘logical security’ – and a drive towards the ‘safer building’.

“The convergence of IT and building management systems is having a tremendous impact on managers’ abilities to create those safer buildings,” explains Paul Mercer, Cisco’s security manager for EMEA. “Interoperability of devices and networks ensures that critical real time data can be presented cohesively and then instantly acted upon.”

Indeed, as the trend continues towards this new security business model, so too the pressure will increase on security managers to apply their risk assessment and security planning expertise across their own organisation. In order to do so, they’ll need to become conversant with all systems that input to that model. And fast.

All of those changes described ensure that security managers find themselves thrust into the spotlight in the role of high profile ‘project sponsors’, negotiating buy-in from colleagues who simply don’t understand physical security. When it comes to funding, their proposed projects are evaluated against competing non-security projects, and must therefore demonstrate a strong return on investment.

“We expect real value in terms of business case drivers to be delivered in the investment argument,” states Tony Cutress, corporate security manager at Unisys. “It’s imperative that our security providers have a total knowledge of networked solutions and their impact on the corporate communications infrastructure.”

While IT resellers are used to this expectation, and typically present their proposals as business cases, security managers all-too-often find themselves demystifying and rewriting jargon-ridden proposals for peer review from even the largest of traditional security solutions providers. Frustrating enough, then, but with the post of chief security officer slowly but surely becoming the latest addition to the names populating the Boardroom, how long can this state of affairs really persist?

Even without huge technological advances, security managers’ needs are changing and, with them, the demands they’re placing upon their suppliers. Are traditional security installers actually ready and able to meet those demands? That’s the $64,000 question. “As an IT-centric manufacturer whose chosen field of endeavour is security management solutions,” adds Phil Mailes, UK director of Lenel Systems International, “we’ve witnessed a slow adoption of new converged technology by the traditional security channels. Initially, most players chose to ignore the warning signs that the industry was changing. That’s why we’re seeing a scramble to embrace the IP revolution. It was a case of catch up or lose your client base.”

Many of the leading incumbent security companies continue to focus their management and resources on making their existing operations more efficient, or are busily digesting the latest acquisition. “As reluctant and rather late adopters, the traditional security channels have, in my view, missed the opportunity of integrating certified database administrators and network specialists into the fabric of the company before these skills were required at the sharp end – at the customer’s site,” continues Mailes.

At the opposite end of the spectrum, local security companies – often run as ‘lifestyle’ businesses built on recurring service and monitoring revenues – have either scant resources or are simply just too unwilling to reinvent themselves.

The rise of the reseller

Given this background of rapid product innovation, a rise in customer expectations and the fact that incumbent installers have been slow out of the blocks, it comes as no surprise to see the arrival of electronic security’s version of the value-added reseller – the integrator.

Rather than supporting vast product ranges, security integrators align themselves with a few strategic suppliers, investing heavily in staff training and developing networks of partnerships to deliver the optimum combination of products and services required by each customer (just like their peers in the IT industry). As Cisco’s Paul Mercer rightly observes: “New skills and new partnerships with IT networking specialists are becoming a pre-requisite to delivering services upon which the new security business model is based.”

Free of the burden of huge field forces with progressively more unsuitable skills, and having legacy estates to support, security integrators are able to focus on a single-minded customer proposition: peace of mind. By providing partnered solutions – such as the project management of an entire security systems roll-out – and reassuring sceptical IT specialists with their understanding of technology, integrators have found resonance with the new expectations of customers.

Like their counterparts in the IT industry, integrators’ profits are generated through solutions provision rather than by simply applying margins to the sale of products or an engineer’s hourly rate on site.

Despite supporting higher per capita staff costs, integrators are also capable of presenting compelling business cases by offsetting these costs against the efficiency savings the new technology will bring to the security industry’s customer base.