What Do Enterprise Customers Want?

And how can integrators give it to them?

by Karen Hodgson, SDM Magazine

Large, enterprise-scale end users are among the most complex in the security sphere. Beyond just sheer size — many span the country if not whole continents — their needs are different than smaller or even medium-sized businesses or enterprises.

When it comes to their security technology use, particularly the access control portion, often they are compared to large ships; they stay on course and don’t turn easily. For security integrators this can be frustrating. There are a lot of great new technology developments that could really help these customers with their issues, but getting end users to buy them has historically been difficult.

Things are starting to turn around, albeit slowly. But enterprise customers have a distinct set of challenges that security integrators and manufacturers need to be prepared to address.

What has changed? These customers are much more educated and aware of both what is out there and what they want to work toward, says Richard Goldsobel, vice president of Continental Access, Napco Security Technologies Inc., Amityville, N.Y. “Enterprise customers are much more aware than in years gone by on everything from Active Directory to integration of video. Years ago I spent so much of my time on education but I feel like now customers are asking us about topics.”

John Krumme, CPP, president and CEO, Cam-Dex Security Corp., Kansas City, Kan., says his company is seeing an increase in enterprise access control purchasing. “Most global customers are looking for ways to cut costs and standardize globally. We are working with several on a global standardization plan so their access and video management are the same throughout all their facilities. … They are leveraging their access control investment throughout their global network.”

Part of the drive for this standardization is the increasing need for enterprises to manage both risk and compliance, says Justin Wilmas, senior director of sales for North America, AMAG Technology, Torrance, Calif. “Enterprise customers are looking more at not just access control but rather how the solutions inside of their estate help them solve their challenges holistically from a security point of view.”

Going hand-in-hand with standardization is something that is now absolutely table stakes: open architecture. With the aging of proprietary systems from companies such as the now-defunct Casi Rusco, customers don’t want to be caught flat-footed again, says Derek Arcuri, product marketing manager, Genetec Inc., Montreal. “[Enterprise] customers are a lot more aware of what open architecture means. They say they don’t want to be in the same situation they were previously in with proprietary systems.”

Another reason for this is the increasing merging of physical security and IT departments, says Eric Widlitz, vice president, North American sales, Vanderbilt, Parsippany, N.J. “We’re seeing more influence from the IT side of things as a result of the increased focus on cyber security and hardening the network on which access control functions.”

Perhaps the biggest shift is the way enterprise customers look at access control and what it can do for them, says Hilding Arrehed, vice president, cloud services–physical access, HID Global, Austin, Texas. “It is no longer simply a mechanism for securing doors, data and other assets, but also provides the means to create trusted environments within which organizations can deliver valuable new user experiences.”

ENTERPRISE CHALLENGES

Large enterprises are under a lot of pressure these days. Whether from a desire for cost savings or complying with regulations such as the recently implemented General Data Protection Regulation (GDPR) in Europe, there is a lot going on — and often access control is the least of it. However, those customers that understand or can be made to understand how their access control system can help them with some of these pressing issues are the ones most likely to invest in security upgrades.

“We are witnessing the collision of the enterprise with the Internet of Things (IoT), and organizations now must establish trust and validate the identity of people as well as things,” Arrehed says. “All this is happening against the backdrop of increasingly stringent safety and data privacy regulations.”

Steven Turney, security program manager, Schneider Electric, Dallas, says there are four big challenges he sees enterprise customers facing. “As I talk with customers and consultants we hear a revolving theme: budgets — though the economy has improved customers are still struggling to secure capital for expansion of systems and even internal labor; updates — updates are not being regularly deployed, which makes systems compatibility an issue; cyber security — today’s security and access control systems need connectivity, which introduces cyber security risks; and mobility. Today customers need connectivity while on the move through mobile applications.”

The problem, Turney adds, is today’s access control systems may exacerbate these challenges. “They are costly to update and maintain, limit mobility and have historically been deployed with a lack of consideration to cyber threats. That is why it is so important for customers to evaluate their specific challenges and look toward solutions that can address or mitigate those challenges.”

Before they can even begin addressing the more global challenges, one of the first steps — and one that many enterprise customers are in the midst of today — is the consolidation of systems.

“The biggest challenge today would be managing multiple systems,” says Adam Kinder, access control manager, Digital Monitoring Products (DMP), Springfield, Mo. “Users are very interested in converging multiple systems and technologies into one management system.”

This challenge has grown out of how the majority of enterprise organizations have evolved, Arcuri explains. “Maybe they outgrew their real estate or they took over a building and systems are not centralized. Systems can’t talk to each other and they have different operators for different buildings. They are weighed down by a silo.”

A Customer’s Perspective

Tim Chesney, maintenance supervisor for TVH Parts Co., Olathe, Kan., is an enterprise-level customer of Cam-Dex Security Corp. Chesney spoke with SDM about what he considers most important in an access control and integrated security system.

SDM: What are your biggest security needs related to access control?

Chesney: Our company is the world’s leading producer of after-market OEM quality materials like forklifts, bobcats, etc. Our biggest challenges are keeping tabs on people coming and going out of the building. Who is in the building and who is trying to gain access into different areas?

SDM: Are you making any changes or upgrades to your access control system currently?

Chesney: We are in the process of standardizing across the country and everything being put onto one platform. As these come online we are having Cam-Dex bring these sites up on the system. With our older sites we are in the process of working through the logistics of moving those to the platform.

SDM: What is the goal of doing this?

Chesney: It just makes it easier. We have salesmen that travel across the U.S. As of right now we have one facility up and our managers have to carry cards for that facility, the Olathe facility and the rest. Having them on one card will keep costs down.

Another advantage is compliance. Our biggest thing is customs. We can move product around the world a little bit easier with the government knowing that once we fill a container at our facility we know it was secure the whole time.

SDM: What is most important to you in a security integrator relationship?

Chesney: What we are looking for is if I call them we can have someone take care of an issue very quickly. There was one time that I had a family vacation in Florida. Our Miami facility needed to be locked down. I was able to dial into that system through VPN and lock the facility down. But if I didn’t have my computer I would be able to call Cam-Dex and they can do exact same thing.

It is not uncommon for large enterprise customers to have two, three or more access control platforms all operating in different locations — all taking different credentials, of course.

“Through the standardization process, and sometimes when these companies are acquiring other companies, along comes legacy security product,” Krumme explains. “Generally speaking the acquiring company already has a platform they have chosen to standardize on and the reason to make those changes tends to be for cost reduction and consolidation purposes.”

Tom Echols, president global accounts group, Security 101, West Palm Beach, Fla., adds, “Unfortunately a lot of these big companies have pretty significant investments in platforms. They have to be pretty dissatisfied to make a change. There are companies we work with that are a combination of several different acquisitions over the years. They didn’t have standards around security and they are looking to come up with a platform they can expand globally.”

But none of this happens quickly. Echols has a customer that has been working on this for eight years.

The length of time it takes is due largely to cost, he explains. “Nobody can write a check for $20 million to get on this one platform. I have these discussions whenever we engage with someone new. Often it starts with the credential itself. A lot of these companies are ‘Wild West’ when it comes to the cards that have been deployed globally. One of the first directions is to standardize on credentials.”

Eric Green, senior manager, enterprise access control, Honeywell, Melville, N.Y., says this anything goes credential philosophy is one of the first things companies today now want to address. “Typically enterprises want to have a one-card solution, which requires coordinating a lot of different things, so building out those types of practices is a big challenge for these customers. We have seen customers that mandate everything from the top down and others where every office makes their own rules. But we are seeing the Wild West fading away. They are starting to recognize the advantages to having everyone work in a similar manner.”

Access control systems in the enterprise have almost always grown over time, been connected with different systems, and integrated using the network. Only recently did anyone realize this could present problems when it comes to cyber security.

“There is a large threat of a cyberattack that can be conducted through an enterprise access control system,” Widlitz says.

“A lot of our customers are reaching out to us,” Arcuri says. “It used to be we talked about how secure are your controllers or readers and how often do you upgrade? These days we are finding a lot of end users doing lots of research online and coming to us with questions about specific encryption and how can we guarantee that our controllers are up to date.”

Echols agrees. “The thing we have seen in the last few years is the systems are getting more scrutiny from an IT perspective. They are asking ‘Are they good citizens of my IT world?’ We have been leveraging IT infrastructure for more than a decade, but really they just gave us a port and an address and were not paying as much attention. Now they are looking at components spread across the enterprise. This has become a much higher priority and they now have dedicated resources helping to make sure these things are not threats.”

The days of siloed departments within an enterprise facility are over, Wilmas adds. “A lot of times what is overlooked, especially from the integrator’s perspective, is the security department unfortunately doesn’t have all the funding so it requires buy-in from multiple stakeholders inside the organization. When you look at operational challenges, their customers are these other departments like legal and HR and IT. In order to serve them, they need better technology. Today a corporate vice president of security is not going to be the only entity moving forward with [security] technology or funding.”

MEETING THE NEEDS OF THE ENTERPRISE

While there are no shortage of challenges for the enterprise, both manufacturers and security integrators are stepping up to help enterprise customers overcome them — from easier upgrade paths, to unified solutions and more consultative selling.

“The enterprise customer is demanding more than just what an access control system can provide them in order to solve risk and compliance challenges,” Wilmas says. “That takes an auxiliary set of solutions that have to integrate and work seamlessly with the access system. There is a lot of talk today about unified security management.”

Unified systems let companies focus on just one system through a single pane of glass, Arcuri describes. “There are a majority of our enterprise customers moving over to our unified offering.”

The secret to getting them to do that, he adds, is making sure they understand the benefits. “We have to show them the pain of staying with what they have is greater than the pain of change. If we can get over the hump they can start to see those gains. We also have to show them the hump is not as big as it seems.”

Genetec tries to make things easier by having more open systems, as well as a partnership with Mercury, which is something several manufacturers are getting on board with to help with the upgrade process. “Their bridge strategy allows customers with proprietary systems to just replace the boards,” Arcuri explains. “This has opened up opportunities for companies that hadn’t considered upgrades because it isn’t a forklift change.”

Echols calls this type of change a lobotomy. “We work with customers on lobotomies where we take out the ‘brain’ of the access system and put in a new brain and manufacturers are making it easier to do that.”

Integrators are more involved than ever before in the details of planning for the future, Krumme believes. “I think that a number of our national or global customers are looking for assistance with plans and strategies on implementing standards and better understanding emerging technology,” he says. “We are doing a lot of consultative selling. It is not just about access control and securing your doorways. It is a complete, robust system.”

Bringing New Functionality to Multi-Supplier Access Control in an IoT World

In contrast to the video surveillance market, access control technology has historically been slow to change, in large part because of the high upfront costs to acquire and install a system and the longevity of the equipment — commonly between 12 and 20 years. End users and their need for open network-based infrastructures are driving recent changes in this market, as the line between physical security and IT continues to blur. Physical security systems are now often managed by IT departments and IT directors are rightfully demanding open architecture approaches (like IP networks) rather than the proprietary and sometimes duplicative design of traditional security systems.

The drive to an open architecture approach has proliferated across many related industries, and today we see lighting, HVAC and other functions residing on the network as well, offering businesses the option to minimize operating costs and to better control and monitor their facilities. This trend of hosting everything on an IP network clears a path for an Internet of Things, which in many respects is already here.

This approach has in turn driven the development of standards-based applications, and end users and systems integrators alike are recognizing the value of open standards, such as the interoperability standards created by ONVIF.

The open device driver used in ONVIF Profile A conformant access control panels allows end users to integrate control panels and management software from different manufacturers, facilitating interoperability for multi-vendor projects. This gives end users the ability to make choices on specific hardware for their access control systems and, even more importantly, means that if you want to install another supplier’s access control management software in the future, you won’t have to rip and replace existing access control hardware in order to do so. The common interoperability of ONVIF Profile A provides the bridge between the legacy hardware and new software if both are Profile A conformant.

The network can already transfer pieces of data from one system or device and correlate it with other data in analytics software programs, ultimately providing usable, actionable information to end users, aggregated from such systems as video, audio, intrusion, voice and others. Multiple network-based systems make things like intelligent building automation a reality, delivering cost savings, keeping people and assets safer and reducing energy requirements.

As one of the major platforms within a smart building environment, access control systems play a large role in this IoT scenario. When connected to other, seemingly disparate building systems using a common interface, this deeper interoperability enables increased productivity to the overall system. As a contributor to an intelligent building ecosystem, access control systems also serve as a repository of large amounts of data — tracking people’s movements for real time facility population data or facility usage based on the day’s meeting room booking schedule. The more data that is available within a system means the more quickly that adjustments can be made, further ensuring the security and efficiency of the building.

When enabled with artificial intelligence, access control and other building systems can begin to recognize patterns, anticipate events and behaviors, and make proactive changes to the building environment, enabling its occupants to work more efficiently. AI allows for systems to be smarter, more effective and provide additional cost savings by further reducing the administrative burden of the system.

With so much data being fed into these management platforms, from AI technology or other more traditional sensors, a stumbling block to true interoperability still remains. To effectively be able to harvest actionable information out of the received data, it has to be readable in a common format. Data readable in only one proprietary ecosystem will jeopardize the idea of interchangeable information, and further reinforce the silos that exist between the largest providers. Profile A could offer a solution for this in the future, by providing users with that common interface, and allow the market to continue to grow through interoperability and innovation.

Enterprise customers are more willing to at least discuss, and sometimes plan for the adoption of some of the newer technologies, particularly cloud and mobile.

“More and more enterprise businesses are comfortable with adopting hosted services,” Arcuri says.

Wilmas agrees. “There is a big value to hosted solutions. If a security department is looking to make an investment and it will sit on the network, they have to work with IT. IT sees security as a customer and will ultimately bill them internally inside the corporate estate. A lot of organizations are looking at cloud-hosted solutions because when they invest in that it is a capital expenditure. With cloud you are looking at operational expenditure that is subscription-based and very little IT infrastructure is required. The value proposition is stronger.”

Even though there is an appetite, there is little movement, Krumme says. “Cloud-based systems are one of the most discussed topics we hear. But even though cloud is extremely popular it has been somewhat slow to be implemented. … That’s not to say it won’t happen. With enough conversation we think it will.”

It depends on your definition of cloud whether the enterprise is adopting it, however, Echols says. “Most of our enterprise customers have gone away from the traditional client/server architecture and basically have an internal cloud. They want less brick and mortar and fewer data centers. Their policy is if they can buy the software as a service that is their first choice. Second they will use someone’s server like Amazon, and third they will host it themselves. It makes it easier to upgrade because they don’t have to worry about how to get 800 desktops upgraded.”

Mobile is another ongoing conversation, he says. “Mobile credentials are extremely popular. It is great at attention-getting, but we have been pretty slow to implement.”

It will happen, predicts Scott Lindley, general manager, Farpointe Data, Sunnyvale, Calif. “Security professionals creating access control systems need to be aware that 95-plus percent of adults 18 to 44 years own smartphones. That means every smartphone user, or almost everybody, could now easily download an access control credential. No longer will people need various physical credentials to move throughout a facility.”

For enterprise customers particularly, this could have huge benefits as they struggle to standardize on a single credential. For now, most are approaching it in the getting-ready phase, Arrehed says. “We continue to the move to mass adoption of mobile credentials as major enterprises worldwide prepare by ensuring their access control infrastructures are mobile-ready.”

One of the biggest challenges with enterprise customers is helping them keep current with technology, while slowly upgrading them over time. For some this is easier than for others, Krumme says. “We have a project we are working right now where the customer is saying, ‘We are going to put this particular product in because we have it in [other] facilities.’ We tell them, ‘This technology is 10 to 15 years old. What if you used a different platform with more cyber-protection and over time start phasing that into other buildings, instead of installing older technology just because it talks to what you currently have?’”

Krumme says that is a discussion his team has with customers frequently, but thankfully they more frequently understand the benefits of newer technology. “Sometimes the newer technology is even less expensive than some of the older, just not compatible. But more are willing to listen and look at this and make the case to executive management.”

Read the original article at SDM Magazine.

The Integrator’s Role in Active Shooter Protection

by Paul Rothman

It was a normal day at Ft. Lauderdale’s Hollywood International Airport until the shots rang out. Pandemonium ensued. A man was firing a Walther PPS 9mm semi-automatic pistol at travelers in the baggage claim area. The terror lasted a little more than a minute, and then it was over. The shooter was out of ammunition. He laid on the ground and waited to be arrested; meanwhile 11 innocent people also lay on the ground – injured or killed by the bullets.

To say this is the worst-case scenario for your security clients is an understatement. This is the nightmare. And while some facilities are inherently safer than others, the active shooter scenario is indiscriminate – it can touch any facility or vertical market, whether a hardened courthouse, an open house of worship, or a school, corporate campus or airport.

“It used to be workplace violence and internal theft were the top two threat profiles,” says Carey Boethel, president and CEO of Securadyne Systems. “Today, an active shooter scenario is what keeps people up at night, and being able to prevent that is extremely difficult, if not impossible.”

It is not enough in 2017 to simply sell, install and maintain security systems. Today’s security integrators must embrace the trusted partner mindset when it comes to the active shooter – and many forward-looking firms have done just that, in the form of training and technology. While this article focuses on just three of hopefully many integrators who are taking an active role in mitigation of this threat for their customers, the question remains: How much is your firm doing?

Active shooter events have increased in frequency every year since 2000, according to FBI data. Prevention of active shooter incidents in a free society is, in most respects, unattainable; however, security integrators certainly have an evolving and expanding role in active shooter response and mitigation – and an inherent responsibility to make sure their security director clients and personnel are ready to deal with the nightmare scenario.

The Technology Angle

Unfortunately for all of us, active shooters are extremely difficult to prevent; in fact, those discussions are probably better left to politicians, mental health experts and other pundits. For the security integration firm and its customers, the focus is on response and mitigation.

The first prong of that strategy is technology. As is customary for security integrators, recommending, installing and maintaining access control, video and communications systems is paramount.

“The most popular technologies are for communication,” explains Scott Lord, Director of Innovation and National Accounts for Kansas City-based All Systems. “As end-users integrate active shooter processes into their emergency response plan, the one vital need that is quickly apparent is the ability to clearly and quickly provide information to the building occupants. Overhead paging, intercom and emergency communication systems are hot technologies today.”

Adds Shawn Reilly of Atlanta-based Tech Systems: “When you are talking about an active shooter, the better integrated a security systems is – and knowing where all alarm points and video cameras are – the better security forces in the control center are able to do immediate security assessments, track the shooter, and help direct first responders. It is about being able to communicate the location of the threat and then responding effectively to that threat.”

While communications is all about the response aspect, new technology developments are greatly aiding in the actual detection of active shooter events. “Our role in active shooter response has changed recently,” says Josh Baker, a security consultant with The Protection Bureau. “From a physical security standpoint, we have primarily been concerned with things like how an access control system or video system should automatically respond or how a security operations center should respond to an incident. What we have seen recently are some new product developments to really help start that process.”

Baker is referring to indoor gunshot detection technologies, and says they are having the greatest impact on the integrator’s role in active shooter response. Up until now, Baker explains, if a lockdown procedure needed to be initiated because of an active shooter, end-users had to be reliant on somebody noticing that something is happening, and then notifying the security department – either via a panic button or other means – which then initiated a lockdown. “These new devices are enabling that to all be done automatically,” Baker explains.

Indoor gunshot detection systems – a relatively new technology on the security scene offered by a small group of vendors – are a natural evolution of more established outdoor systems that were marketed primarily to cities and large corporate/university campus environments. “We have been working with a product that uses two-factor authentication – audio and visual – to look for both the acoustic signature of the gunshot and the IR flash that is associated with it,” Baker says.

The devices are about the size of a standard horn strobe with the audio and visual detectors built in. They sit on the network and are integrated with an access control system. When a gunshot is detected, the devices can initiate an automatic lockdown event that may include audio/visual notification (horns and strobes), automatic closing/locking of doors, changing of security clearance levels and more.

“In a similar way to initiating devices on a fire system, it allows these policies and procedures to be implemented automatically from a technology standpoint,” Baker explains.
The detection devices can be installed throughout a facility. The devices pick up the shots as the shooter moves, and give up-to-the-second locations of where those shots have been fired to a command center. This can also be supplemented with video camera coverage.

“Tracking is of high importance,” Baker explains, “so when law enforcement responds, the local security teams can give as much information as possible as to where that threat is.”

Embracing new technology to solve a problem is a tried-and-true concept for security integrators, and as such, they know that customer education becomes one of the most important aspects. Baker says The Protection Bureau takes an active role in educating customers about new technology developments both through face-to-face meetings and live demonstrations.

“We have live-fire testing events at our facilities, where we will bring in clients and local law enforcement to demonstrate the technology and show them how it works, how the devices function, and how they can tie it into an existing access control system,” Baker says.

End-User Training

As Baker illustrates with the live demo events, an integrator’s continuing quest to become the trusted security advisor for any end-user tends to go far beyond simple technology deployment. While it may be less common, providing hands-on training to end-users is emerging as an integral piece when it comes to the integrator’s role in active shooter response and mitigation.

“I have not seen many integrators who conduct actual active shooter response scenarios or trainings,” says All Systems’ Lord. “This was a growing problem for our organization – school districts wanted to enhance their security, but did not have solid processes in place for an active shooter scenario.”

In 2014, Lord discovered the ALICE (Alert Lockdown Inform Counter Evade) active shooter process – a comprehensive training program on how to institute a process for active shooter events. “I became certified as an ALICE trainer, and we have been sponsoring certification classes in our area,” Lord says. “We usually do two to three classes per year, in which we invite school district and law enforcement personnel to attend.”

“It is important to work with local law enforcement and consulting agencies to understand how customers are most likely to implement a response to an active shooter scenario,” Baker adds, “because although security, quick notification and lockdown is vitally important, it is just as important for that customer to do testing and to make sure that security departments and employees understand how they should react in a given situation.”

Tech Systems has taken this a few steps further. Reilly has a veritable alphabet soup after his name. In addition to the ASIS CPP and PSP certifications, he is a Certified Healthcare Protection Administrator (CHPA) and is certified in Crime Prevention Through Environmental Design (CPTED). He joined the company in 2013 after being Chief of Police and Director of Security for the Greenville (S.C.) Health System. As Chief of Police, he led a 16-man police force that provided law enforcement services to the University Medical Center. As security director, he was responsible for a 130-man security force which was deployed to all campuses.

“We used a state law to establish the health system as a police jurisdiction,” Reilly recalls. “I remember explaining it to our CEO, and he asked why I couldn’t be the Chief of Police. I told him I’d have to go through the police academy – he said, ‘so what?’ So I did, and I got a lot of training in risk assessment for active shooter scenarios.”
When he joined Tech Systems, the company thought it would be a great value-add if Reilly could give active shooter training to clients. “That was four years ago,” Reilly says. “Since then, the company has been all about helping me continue to get trained on the other aspects.”

After completing FEMA and ALICE training, Reilly now travels around the country doing risk assessments, active shooter training and training program development for Tech Systems clients as part of the company’s service and maintenance agreements. “We’re a partner with our client,” Reilly says. “It is just so much broader than installing cameras and access control. They hired me and many other former security directors because they bring to the fight a lot of the experiences that you’ve never had if you are just an integrator installing cameras.”

A common misconception is that security directors and end-user organizations have a tight handle on law enforcement-type training and risk mitigation. “There are companies who have opted to have their facilities or engineering person also wear the security director’s hat – a lot of our data center clients have people like that,” Reilly explains.
But even for clients who have a security director with years of law enforcement experience and the qualifications to conduct the training themselves, the sessions are invaluable. “He will look at me and say, ‘I just don’t have time to do this,’” Reilly says. “It is not always a question of knowledge or qualifications – if the client has someone else (conduct active shooter training), they have more time to do other things.”

Inside an Active Shooter Training Scenario

What does Lord or Reilly’s average training session for look like? It starts, of course, with the attendees. Reilly is typically instructing employees of a facility, although he says there are times when a client separates the managers/supervisors, who then communicate the training lessons to the rest of the employees.

Reilly says he takes little pieces of all the different training programs and strategies he has learned over the years and incorporates them into a single program. Inevitably, much of the individual employee training focuses on the common, “run/hide/fight” scenario. He says that the first and best option is to run if possible; fight if you have to; and hide as a last resort.

It may look like this: “I have someone who is experienced handling a firearm to come into a room with a NERF gun, and everyone is hiding under their desk, and he just methodically shoots everyone,” Reilly explains. “Then, I send the ‘shooter’ back out of the room and this time I give everyone under the desks foam balls and I tell them to throw them at him. When the people throw their balls, the shooter is flinching and he is much less accurate. Now if you are into it, you are scared – it is amazing how real it seems.”

That’s just the individual training. Reilly also sits down with management to create a true response plan. “If you have an active shooter in the building, that’s not the time to say, ‘we’ve got to go get a plan put together,’” he says.

He trains them and helps put an active shooter response plan in place that involves multiple stakeholders, including HR, security, operations and management. Then, he facilitates a table-top exercise that includes law enforcement, where the plan is examined step-by-step. “Once they are happy with that, then it is time to actually do a live exercise,” Reilly says, which includes a simulated active shooter, law enforcement response, and the employees are asked to practice what they have been trained to do.

Resources for Integrators

It is a granted that not every integrator has a former police chief and security director on hand to conduct training, but there are plenty of resources to utilize to become better informed about the nightmare scenario and how to respond to and mitigate it.

Whether an integrator plans to offer training or not, being more informed on the topic will obviously help in communicating the vision of a complete active shooter response and mitigation plan/recommendation for a client.

In addition to the ALICE program (www.alicetraining.com), be sure to consult law enforcement organizations such as FEMA, DHS and the FBI. ASIS International also offers web-based training.

Lord says integrators may also want to investigate Strategos International (intruderresponse.com), which specializes in active shooter training and response.
Lord also recommends the Partner Alliance for Safer Schools (PASS) School Security Guidelines (www.passk12.org), which assist in creating the “team” needed to implement processes and technology into a cohesive and effective deterrent for active threats. PASS works in conjunction with Safe and Sound Schools (www.safeandsoundschools.org) – an organization started by one of the mothers who lost her child in the Sandy Hook tragedy – that provides simple, effective methods to schools for active shooter scenarios.

“There are always people at my trainings who say, ‘that will never happen here,’” Reilly concludes. “I tell them: This is a low-probability, high-consequence event – the chances of someone actually being involved in an active shooter event are very low, but if you are, the consequences are devastating.”

Read the original article at Security InfoWatch.

Security Info Watch – Market Focus: Government & Municipal Security

By Paul Rothman, Security Info Watch, December 12, 2014

For security integrators accustomed to dealing with corporate , education, healthcare and other vertical markets, government and municipal security is simply a different animal. “It is a specialized vertical market requiring a special sales and operations model,” confirms Barry Komisar, president of Birmingham, Ala.-based Vision Security Technologies. “It is different from other vertical markets.”

Navigating the many regulations, bidding processes and certifications to just be able to work with government and municipal clients may be a daunting task for security integrators; however, it can be quite rewarding once you figure out the lay of the land.

Getting Started

Richard Green, COO of Firstline Security Systems Inc., of Anaheim Calif., says that aligning the correct personnel, product lines and market research are strong key factors in moving forward in the government market. Training and knowledge related to the different departments requirements related to certifications and doing business is also a very important piece.

“Depending on the market you are targeting you might be required to have different certifications and expertise,” Green says. “An example of this would be if your organization is looking into providing services to a Sensitive Compartmented Information Facility (SCIF) with UL2050-related workloads. Because these facilities process classified information, you would then be required to have UL2050 certifications as well as certain clearances, backgrounds checks for the employees and certain support timeframe restraints. Reviewing this market section requires a considerable amount of thought so that you are not wasting valuable time, monies bidding projects, or offering supplied services to find out your organization does not meet criteria to be able to move forward with award.”

It is also important to obtain certain certifications or statuses as a company, such as Small Business Administration 8a Small Business, Small Disadvantaged Business, Women Owned, Service Disabled Owned, Native American Owned, or to operate the company’s headquarters in a HubZone, which the federal government recognizes as historically underutilized business zones, explains Enrique Olivares, VP of APL Access & Security Inc., of Gilbert, Ari. “In addition, a GSA Contract can prove helpful,” Olivares adds. “Obtaining SBA 8a Small Business Status is the most powerful, as it also provides valuable training, but it is only good for nine years and cannot be renewed.”

One key is to use all of the resources available to their fullest extent. According to Don Gross, a product manager for Honeywell, once an integrator becomes familiar with applicable regulations and certifications — whether they come from the Department of Defense or any other military or government body — they should look to partner with a manufacturer that meets those exact regulations with already-certified and approved equipment and solutions. Integrators should also consider manufacturer-offered training and certification as well as dealer programs for those solutions

Gross adds that manufacturers can become a trusted partner of the integrators themselves. “Many times, integrators reach out directly to us to potentially partner on a specific project that they know about,” he says.

Pitfalls to Avoid

In talking to integrators experienced in the government and municipal market, two major laws are critical to consider before you begin. Several agree that that a prime consideration is the Davis-Bacon Act, a federal law that establishes the requirement for paying the local prevailing wages on public works projects for laborers and mechanics. It applies to “contractors and subcontractors performing on federally funded or assisted contracts in excess of $2,000 for the construction, alteration, or repair (including painting and decorating) of public buildings or public works.”

“If you are working in the government market, it is important to find out what the prevailing wages are for your particular state, as wages can vary by county,” Olivares says. “The two wage lists (Davis-Bacon Act wages and Service Contract Act wages) are on average much higher than what the typical integrator pays technicians. To work on federally funded projects, integrators will have to pay technicians the higher wages for on-site project work hours.”

Here are a few other challenges integrators mention:

“One of the biggest challenges in working in the government market is that everything you do or propose is open to public view and scrutiny,” says David Alessandrini, VP of Pasek Corp., Boston.

“Government clients are bound to the specification that is created or provided, leaving very little ability to look at alternatives,” says  John Krumme, President of Kansas City, Kan.-based Cam-Dex Security. “Private-sector clients have more flexibility with the types of products and services selected.”

“There is an extreme amount of due diligence required as it relates to paperwork,” Firstline’s Green says. “There are mounds of forms, project tracking and financial submissions required, just to name a few.”

Tips for Success

Much like customers in any market, government and municipal clients are looking for the best possible service. “To retain government customers, you need to treat them like your best customer,” says Matthew Ladd, president of The Protection Bureau. “Don’t wait for them to call you — be proactive in your outreach.”

Adds Krumme: “Service requirements are often time-intensive in the government sector. On-time delivery and maintenance is the key to customer retention.”

And just because you have been approved for a federal or state contract, doesn’t mean the work stops there. “Individual sales under the GSA, state or local government contacts still require initiating calls to the customer, clearly identifying their needs and providing a solution,” Alessandrini warns.

These concepts are so important because word of mouth and reputation for contractors spreads quickly when working with government and municipal clients, and the jobs and projects can start to multiply quickly. “Once you get your foot in the door, if you do a good job with quality work and show expertise, you will continue getting called back for other projects in your area,” Olivares says. “Some states and agencies have an internal report card system so everyone can see how another agency graded your business.”

A favorable rating will likely mean future business. “Most of the time government agencies are eager to work with quality integrators, as this is a specialized industry,” Olivares adds. “Once they find a good one, especially with certification, they can sole-source you without having to compete against additional bids.”

As your favorable rating and reputation snowballs into more work, your firm becomes the trusted advisor that any client would be looking to work with. “Building long-term service agreements typically means that you are consulted when clients are just starting to contemplate new applications or security solutions,” says Bill Hogan, president of D/A Central of Detroit.

In the end, for integrators willing to invest the time and offer first-class service, the difficult road to serving the government and municipal security market ends with a huge opportunity for successful repeat business for years to come.

Editor’s note: The integrators interviewed for this article are all members of Security Net, a global group of systems integrators. For more information, visit www.security-net.com.

Paul Rothman is Editor-in-Chief of SD&I (www.secdealer.com). 

Read the original article on Security Info Watch.

SecurityXchange Partners Integrators and Solutions Providers for Mutual Success

By Heather Klotz-Young, SDM Magazine
September 2, 2014

Strategic partnerships are key to growing a successful business, yet initiating and then maintaining those business relationships takes time and money. SecurityXchange, Eagan, Minn., is an event that helps integrators and solutions providers efficiently and affordably establish partnerships where both parties gain business or strengthen existing relationships while finding new technology solutions. The 13th annual SecurityXchange was held in Park City, Utah, in August.

During the two-day event, strategic sales meetings, new product discussions, business growth opportunities, education and networking all drove relationships forward. Top-level executives from systems integration firms were paired with solutions providers for up to 20 focused meetings. Additional networking opportunities were available throughout the days of the event during the breakfasts, lunches, cocktail parties and dinners. That’s a lot of opportunities to create and sustain partnerships and find new solutions, which is SecurityXchange’s goal when setting up the meetings during the event.

“We go deep, learn each organization’s challenges and each provider’s solutions, and then we bring the two parties together for substantive, strategic discussions,” described Greg Geisler, chief executive officer (CEO) of VerticalXchange, the parent company of SecurityXchange.

“We feel the SecurityXchange experience is built on relationships, not just transactions,” Geisler said. He emphasized the event has been helping develop strategic partnerships over the past 13 years because of the focused environment it provides.

The value of getting decision-makers together without distractions is invaluable, echoed Paul Thomas, president, Northland Control Systems Inc., Freemont Calif.

“It is rare and difficult to get the key executives on the supplier side to spend time with us at our office; if they are in town it is usually not for strategically building our relationship and mutual business. If I visit them at industry trade shows they are very time-constrained and distracted. SecurityXchange allows both of us the time and venue to focus on each other,” Thomas observed.

Mike Jobrey is vice president of operations for The Protection Bureau, Exton, Pa., which has attended the event for a decade.

“SecurityXchange is an event where we’ve formed many partnerships that have been successful over the years,” Jobrey shared with SDM’s Senior Editor, Heather Klotz-Young, who attended the event. SDM and Security Magazines are the media partners for SecurityXchange.

Barry Willingham, president, Ameristar Perimeter Security USA Inc., a Tulsa, Okla.-based company that produces high-quality steel and aluminum fences and gates and vehicle barriers used in commercial and residential security markets, calls discovering the SecurityXchange event “good fortune.” Since then, the company has participated annually for the last 12 years.

“The greatest benefit we realized were the relationships we developed every year dating all the way back to the beginning. This has created a network of integrator, supplier, and client partnerships that would have been nearly impossible to create any other way, resulting in millions in sales revenue. The trust and respect among the attendees of this event sets the stage to create true partnerships, marrying technology and client requirements that serve end-use clients in a fashion few companies ever experience,” Willingham said.

The unique format of SecurityXchange is the key to developing true partnerships, Carole Dougan, vice president, North American Sales, Arecont Vision, told SDM.

Why? Both parties are given profiles to review and then arrange pre-meeting phone calls in advance of the event to establish the objectives for both sides. “This process ensures the foundation for a successful and highly productive set of meetings at SecurityXchange,” Dougan explained. “The networking meals further serve to solidify rapport among systems integrators, end users, consultants and manufacturers. SecurityXchange truly has one of the most professionally managed processes and yields some of the best results out of all events of this type where Arecont Vision participates,” she added.

A popular annual event is the Integrator Roundtable, where peers gather together and share best practices and answers to today’s pressing issues. This year’s event was moderated by John Nemerofsky, president and CEO of Xentry Systems Integration, Columbus, Ohio. Three key issues were tighter margins, navigating the collaboration of security and IT on major projects, and finding or creating an IP-savvy workforce. Check www.SDMmag.com for a podcast with insight from leading integrators on these roundtable topics.

The Protection Bureau, ranked No. 43 on SDM’s Top Systems Integrators Report, is addressing the challenge of creating an IP-savvy workforce with a new program that offers voluntary training after-hours, once or twice a month. It started as “invitation only” with a group of installers that showed high potential to be trained and advance, but it has turned into an anticipated event where people actually ask how they can become a part of it, Jobrey shared. “We found out we had a handful of talented, driven technicians that we would have missed who had the desire and work ethic to grow in IP capabilities,” Jobrey shared.

When starting IT-heavy projects, Jim Henry, executive vice president, Public Safety and Security, Kratos Defense and Security Solutions Inc., San Diego, sees his company playing the role of matchmaker.

“We are in a good position of bringing the two together by not adding undo risk to the IT manager while not undoing the value of the security provider,” he explained. “Most importantly, the technician who is IT qualified is always the one who goes in first. If you send the wrong guy to the first meeting you are done. Sending your best guy gives immediate credibility,” Henry said.

Thomas sees the industry as well past the “collision” stage with IT. “Our industry is now in IT,” he emphasized. “Every access control and video device has an RJ45 jack on it and is using the corporate network as a backbone. I think being part of the IT community is a great thing; it opens up collaboration with the logical side of the industry and will provide new avenues of opportunities for the integration companies that embrace it,” he said.

There is no one-size-fits-all answer for success with IT, according to Brad Wilson, president, RFI Communications and Security Systems, San Jose, Calif., which has attended SecurityXchange the last 13 years — every year since SecurityXchange was founded. Wilson also is on the advisory board.

“We always mindfully get the temperature of the room. Is it collaborative off the bat or combative? Choose your approach based on that,” Wilson advised. “Being in Silicon Valley IT will challenge us at the beginning to make sure we understand networking and infrastructure, so RFI adds resources to those projects to bridge any tension with IT and establish credibility right away,” he said.

That thoughtful approach goes a long way to establishing a good relationship and, consequentially, a profitable project. The same thoughtfulness is undertaken by SecurityXchange to create and maintain meaningful partnerships that impact business success. Find out more at: www.verticalxchange.com/security-xchange.

Read the original article in SDM Magazine.