What will your best-in-class national account security program look like in the future? Don Young Shares His Thoughts.
Don Young, Chief Information Officer at Protection 1, was one of the first within the security industry to recognize the importance of customer data and its ability to improve the effectiveness of a national account program. For over 23 years, his thought leadership has been helping security directors improve the efficiency of their operations while delivering exceptional bottom line results.
Don, what do you see as the top technology trends that will drive the future performance of a national account program?
A: I see four trends that need to be recognized.
First, when it comes to data, the method of transport should be on everyone’s radar screen.
Second, the move to cloud-based solutions is accelerating because companies are less willing to maintain hardware at their premises.
Third, once companies move to a cloud-based solution, they will need to embrace data mining in order to maximize the incredible amount of information derived from their security solution.
Finally, the distribution of data is absolutely going to be a security issue.
Trend 1: Method of Transport
How important is method of transport?
A: It is currently the most important technology trend. Method of transport has to do with wireless transport versus landline transport.
Commercial and national account security directors are seeing a move to cloud-based computing and cloudbased services.
To use cloud-based environments, security directors will need a solid and robust transport method. It is critical that the chosen method of transport be secure so it cannot be hacked or infiltrated.
Security directors will also need to guarantee that the chosen transport method is available during a time of crisis or at the time of an incident.
When it comes to method of transport, what constitutes a solid transport? What does a security director need to have in place?
A: Ideally, a security director is going to want a hardwire transport backed up by a wireless transport.
A hardwire method of transport is still the preferred method because it offers the most capacity and speed for data.
However, a purely hardwire transport can also fail—and that is where a wireless method of transport is a good backup. Wireless does not offer the same capacity as a hardwired system, but it does offer convenience when landline services are not available or are unreliable at a business location.
Security directors have talked for years about the convergence of IT and security. IT is getting more involved in making security decisions or at least influencing them. How does the idea of transport play into that and what should a security director do to ensure they start moving to a cloud-based solution?
A: IT and security are being brought together as more and more data becomes available from the solutions currently offered by the security vendors.
However, the willingness to pay for the additional bandwidth or transport capacity to support the delivery of the information is low. Money is ALWAYS going to be an issue.
This means that IT needs to work with security departments to leverage the transport a business already has in place.
The challenge is that security is not viewed as a high enough priority to be offered the same level of transport as other business data. IT historically does not appreciate the bandwidth requirements of a security solution or the reasons data has to be transmitted from it.
The good news is IT is now being included in security department discussions centered on leveraging existing business transport methods. With proper preplanning, neither security providers nor customers will have to pay twice for the same capacity.
As Protection 1’s CIO, you have been in dozens of meetings on this topic. What do you discuss with a prospect or new customer?
A: In a typical scenario with a national account security client, a Protection 1 National Account Representative has flagged questions or information required that prompted the meeting. This saves grief down the road. I cannot underscore how important it is for all parties to understand and approve the amount of bandwidth required for their proposal and cost associated with any additional bandwidth—early on.
Our Protection 1 national account manager will engage a customer’s IT team and explain a security solution’s specific requirements for data—and how to leverage the customer’s existing data transport.
Sometimes the IT department has all of the information they need to feel comfortable with adding security to their network, and sometimes they don’t. When they don’t, I get on the phone with the customer’s IT director and walk them through the transport requirements for our security solution.
I also walk them through how Protection 1 leverages our own infrastructure to provide transport for security data. Our experience with secure data transport usually gives them a level of comfort.
Do you ever run into objections?
A: The biggest objection I hear has to do with the bandwidth requirements for video. Clearly, video is a common security solution. The capacity required can make my peer group a bit nervous about transporting video data over their existing infrastructure. We do our best to alleviate the concerns by running tests to make sure live video feeds won’t impact daily activities.
Trend 2: The Move to Cloud-Based Solutions
Do you see the cloud playing an even bigger role in security?
A: Definitely. Customers are no longer interested in paying high prices for hardware at their premises and the ongoing costs to continually maintain or replace that hardware. They can pay third-party providers to host all the same data remotely.
It is easy to understand why people do not want to pay high prices for hardware, so the subscription based services becomes more and more attractive. What are some of the other benefits to subscription based services?
A: The biggest benefit is storage, and ability to easily grow storage capacity. Right now IT teams are constantly challenged to invest in the “right sized” solution to support their business.
Every IT person and business is challenged to understand his or her pace of growth. Every CEO is on the hook to say their business is going to grow by a certain percent over a set period. Sometimes that happens and sometimes it doesn’t—which means a business is either underspending or overspending for their architecture.
A cloud-based solution is not subject to the rise and fall of a business. In a cloud-based solution each business literally scales capacity on a subscription basis as part of a much larger enterprise. That lends itself to managing business costs more efficiently.
The challenge with cloud-based service is that the same customizable capabilities are not always on a par with those of an in-house solution.
The major benefit of a cloud-based solution is sharing an enterprise environment with a lot of other similar consumers or customers. Components that are easy to add—things like storage and network capacity—can be supplemented by the enterprise host or person who is providing the cloud. But what a host of 1,000 customers can’t easily do is make an exception for one, in terms of a customized solution, and that is part of the challenge.
What you will find in coming years are functions generic to all businesses, like email, communication collaboration and Microsoft Office applications. Being generic, not many people will spend time customizing those environments. Therefore, I think you will see a bigger trend of pushing those environments to the cloud.
Trend 3: Data Mining
How will companies manage the mountain of data they will create on a daily basis?
A: Once companies move to a cloud-based solution, they will need to embrace data mining in order to maximize the incredible amount of information derived from their security solution. This will let them share important data points, including video, across the enterprise. There is a huge appetite for data, and you can expect companies to share it on a much larger scale.
Once a business has an appropriate transport and cloudbased solution, they can leverage their solution to protect premises or assist in a transaction activity. Businesses will be able to mine their data, and it is very important for them to realize the value of the information that has been collected from their security solution.
Data mining, data warehousing and business intelligence have been around forever. What is different today that makes them more of a priority, particularly with regard to security?
A: Some of the biggest differences in the expectations of data mining solutions today come with the advent of video analytics, mobile distribution capability, virtualized architectures and cloud offerings.
Video analytics have matured significantly in recent years and have become a powerful data source for both security and business systems desperately trying to leverage each other to provide more complete views of customer, site, and employee performance.
Mobile distribution advances have been driven mostly by the “can’t live without” mentality of consumers who will spend almost anything on more convenient ways to stay connected to their favorite environments wirelessly. This culture change has helped fund some of the most significant technological innovations in years in handheld devices and tablets. These innovations have led to led to more recent development of applications and high availability bandwidth to support this growing appetite for data. The resulting improved delivery mechanisms have altered our way of thinking about how much data to share and when it’s appropriate to share it. For example, live dashboards and real time event reporting are now a necessity where only a few years ago they were considered optional for any Business Intelligence solution.
Virtualized architectures and cloud-based offerings have made huge impacts in recent years. They have help to manage the performance, reliability and cost to maintain data warehouses and the BI solutions that rely on them. Adding additional capacity to support growth in the business or a desire for more content has never been easier or more cost effective than with these types of environments.
What are the challenges for you that center on accessing data?
A: The challenges are identifying what data is relevant to protecting the location, and continuously increasing the value of our service offering. Customers have become more educated on the kinds of data our systems are capable of providing and aggressively look for ways to leverage or combine this data with their own to make better decisions on how to improve their business. The challenge is then to identify what data is relevant to achieving the customer expectation and building a mechanism to provide it in an accurately and timely fashion.
What is an example of a unique request that you have received from a customer recently?
A: Most recently we received a unique request from a customer to provide not only a customized dashboard of their account with various components specific to their business, but also a “drill down” capability to review the supporting details all in real time. Our development team spent significant amounts of time with the customer to ensure that both the format and content of the solution met all their requirements and the results validated for accuracy. As a result of this deployment the customer saved significant amounts of time manually researching and was able to render decisions much more effectively. This tool is saving that company thousands of dollars each month in lost productivity. In addition, we have rolled this solution out to the rest of our users to enable them to benefit from this effort.
Trend 4: Distribution Of Data
Do you see potential problems with the sharing of so much data?
A: The distribution of data is going to be a major security issue. When data flows throughout a company—many times on handheld devices without adequate security—it is a big problem. The C-suite wants data shared and IT wants it secured—so there you have a challenge! The national account program of the future will need to lock down data without limiting its use. This will include the delivery of data to personal handheld devices that are the most convenient to our customer.
You just mentioned the delivery of data with the personal handheld. We all live on our smartphones. Is this a concern to the CIO when data sharing is tied to security of multi-site premises?
A: My opinion is that the desire people have to get data pushed to their handheld will outweigh the concern with the associated risk. We live in a world where every CEO engages with a peer group and sees the capability handheld devices present. Most CEOs decide they want the same thing, if not better.
As a result, businesses constantly challenge each other to be able to look at more data, in a more convenient way. IT is being challenged to secure the methods that deliver the data. There are methods that provide remote control of handheld devices, allowing them to be “wiped” of data if they get lost. Those solutions are not being deployed nearly as fast as methods used to distribute data to those devices, so I would definitely have that high on my list of risks in terms of where our industry and the IT industry in general are going. Distribution of data is going to happen, pushing data to handheld devices is going to happen, but it doesn’t have to happen without a necessary concern of how to lock them down to prevent the risk of it falling into the wrong hands.
Don, to wrap up, when you speak with the CIO of a client or prospect, what are you typically discussing with them?
A: The primary discussion goes back to data transport. At this point, any solution that we propose to a national buyer requires a discussion with their IT leader.
Security directors need to point out how they have a great opportunity to collaborate with someone who can provide a tremendous amount of data to help an enterprise run their business—and protect their assets.
Businesses do not want to build an entirely new and separate network to support a security solution, so we all need to understand what parts of an existing infrastructure a security department can go ahead and use. This helps to offset the additional cost of making a proposed security solution the best that it can possibly be.
I find it hard to believe that any IT person wouldn’t jump at the chance to find out what kind of data a security person is talking about and how can that data be brought into their own data warehouse or used for their own internal reporting purposes.
None of that becomes possible without getting together on the method of transport. To summarize, the first discussion is about the data transport method and how to leverage an existing infrastructure. The second discussion is about what kind of data is the end user trying to collect from the security solution and how that data is relevant to all of the other data that they are collecting to run their business. The third discussion is about what part of the security solution will benefit the IT person in terms of protection of infrastructure, architecture, and their data storage environments.
I would imagine any security solution includes the protection of IT assets, and that should be of great interest to an IT director or CIO.