Among the many changes to the security industry landscape post 9/11, one of the more prominent is the change in the role of the Security Department itself. In many organisations, security is now incorporated into the strategy of the company.
One catastrophic event could ruin sales and profitability for many quarters to come.
This new reality is coupled with the tremendous growth of integrated systems and now the convergence of physical security into company networks.
The immediate result of new IT-centric security organisations has been the sometimes “shotgun marriage” of the security and IT departments. This new relationship is by no means automatic or easy, but it is absolutely critical for organisations to get right.
In this article we will use a case study in which a major company’s security department was ripped from the blessed ignorance of isolation and thrust into the brave new IT world.
By outlining the challenges faced by the company in IP implementation and the solutions used, we hope to demonstrate how building communications between security and IT benefits the company as a whole.
Got the NVR, now what?
A major Fortune 500 company with $2billion plus in sales and more than 7,000 employees located in 32 countries had a security system composed of analogue cameras and VCRs.
Confronted with the reality that their security system was no longer adequate, the company made the decision to move to digital.
After a feasibility study, the company settled on a major security upgrade, choosing NVR technology for its headquarters and to provide remote access to a number of isolated offices around the world.
Up to this point, the Security Department had operated as an independent, but rather neglected department. It was literally located in a remote part of the headquarter’s campus, content to do its own thing.
In practice, security was not part of a larger infrastructure and it was a self contained unit – identifying problems, researching solutions and making its own equipment and service provider decisions.
Once the company decided to enter the digital realm, security would have no choice but to work with the IT department. And it was at this crucial juncture that problems would be created or solutions negotiated that would affect the entire company for years to come.
A long but necessary process
Sizing up their situation, the Security Department was faced with venturing into the unknown and learning how to work with a new set of players with a language, processes and procedures they had yet to learn. At first they didn’t even know where to start. Moving methodically and step-by-step, the Security Department followed this game plan:
- Identify the right people to work with the Security Department
- Get clear on the nature of the relationship. Security is now a customer of the IT Department, where it goes to get computers, storage and network
- Reach a department-wide understanding on both sides about the new roles and relationships and do not fear these changes. Understand the rules have changed forever.
- Understand IT’s “mission” is to provide the technology, infrastructure and services to support their customer’s business.
- Recognise IT’s “pain points” – their personnel and resource constraints – and do not ask for the impossible from the outset.
- Invite and prepare IT to jointly meet with potential technology and service providers.
- Use NVR vendors to educate IT on the architecture of the NVR platform and how best to install, both at headquarters and remotely.
- Clearly communicate the security “mission” to IT so they will be able to help implement it.
- Establish a pilot system to monitor network connectivity to remote offices so that bandwidth and security issues are addressed before video is put on the network.
- When installers and service providers have been selected, confirm with IT the company’s business requirements and how they will be implemented.
- With the installers and technology providers, lay out and agree to the installation, testing and certification plan.
Success and the system
Our Fortune 500 company walked through these seemingly painstaking steps over the course of four months.
The resulting installation comprises more than 160 indoor and outdoor cameras in multiple sites around the world, all remotely connected to the company’s control centre at the HQ.
Each site has multiple gate access points and other access control data integrated into the system.
Through a combination of better event investigation, increased asset recovery and reduced maintenance and admin expenses, the system is scheduled to achieve 100 per cent return on investment in about 18 months.
Advantages of greater partnership
In addition to the many advantages in the superior system brought about by the new IT-Security partnership, there are long lasting benefits that resulted from the considerable time invested in developing communications and reaching full understanding between the two parties.
- No longer an “island” left to its own thing, security gained increased corporate visibility and importance.
- By effectively building a partnership with IT, security moves into the information age and makes the critical leap from cost centre to corporate asset.
- Security now levers IT services and resources allowing them to spend more time on priority activities – not counting VCR tapes and day-to-day system maintenance.
- By using security’s extensive risk assessment experience, IT has gained the knowledge to build, upgrade and maintain a system that supports business requirements.
- The company can use IT infrastructure whenever possible for security, thereby gaining improved total cost of ownership.
- With IT and security working as partners to develop a solution, the company avoids a situation in which security sees IT as an obstacle and not a resource.
- The new combined capabilities protect against vendor companies that over promise and under deliver.
- It will also provide back-up and disaster recover solutions and assist with integration into other back office systems.
Lesson learned from partnership
Some of the most important lessons learned included:
1. Moving to a digital solution offers an opportunity to take security from a cost centre to contributing to the bottom line. Security must use the latest technology to contribute to the company’s profitability.
2. Security is now seen as part of the company’s business strategy. In this new reality, security must innovate and think outside the box to continue to deliver strategic importance to the company.
3. To create a mutually beneficial, effective partnership with IT, security must work hard to communicate its business and service level requirements and understand the same form the IT perspective.
In this article we’ve used a rather extensive case study installation to outline specific steps taken to bring about more effective communication and a more productive working relationship with IT. The case study illuminated a number of potential roadblocks and what actions were taken to surmount those obstacles to serve the company well into the future.