How IT Elevates Security's Role

| 0 Comments | 0 TrackBacks

Page:   1   2  Next  »

Information technology departments are exerting more influence over video surveillance systems, but their involvement serves to raise the profile of security processes in - and the attention they get - from the executive suite.

When IT departments take an active interest in video surveillance systems, the first reaction of security chiefs used to operating independently is to view it as an encroachment. But as technology forces converge, IT is proving to be a critical ally and advocate for security operations in terms of gaining larger budgets, better systems and a greater strategic role in the company. While CSOs may have to yield some of their control, there can be a bigger payoff in terms of organizational relevance. When security works with IT, it can lead to fundamental changes in the way corporations see security.

Video integration with IT rocked the core beliefs Dunkin' Donuts executive management had about revenue leakage. "The corporate attitude was that the employees weren't stealing, but that the franchisees were," said James McDonald, CEO of MassBiz LLC, a security consultancy, who has worked with numerous Fortune 500 companies.

McDonald convinced Dunkin' Brands Inc., the franchisor corporation, to test a system that correlates video surveillance with suspicious POS transactions, as defined by rules. The cameras and video management software were supplied by March Networks. Radiant Systems provided the POS system. The system found that through fraudulent ring-ups and voids, employees were skimming an average of $2,500 per week. Dunkin' Donuts now requires franchisees to integrate the March Networks and Radiant Systems equipment.

Before McDonald became involved, Dunkin' Donuts franchisees were allowed to go their own way on security. Those who chose to install video surveillance systems did so independently. Note that while Dunkin' Brands allowed franchisees a high degree of freedom over their surveillance procurement and policies, at the same time they suspected the franchisees themselves as the source of the leakage. It was not until McDonald brought together franchisees, Dunkin' Brands and the IT subcommittee of a third internal organization, the Brand Advisory Council, that the corporation understood the nature and scope of its theft problem and was able to effectively address it.

"IT controlled the project," McDonald recalled. "The advisory group was the IT subcommittee, and they wanted the system to sit on the existing [virtual private network]. It's their network for gift cards, credit cards and any data that runs the store." Anything that uses the network, including video, Dunkin' Donuts' IT department wanted a hand in, McDonald said.

As he notes in his e-Book case study, Revolutionizing QSR Multi-Unit Operations and Loss Prevention, even though he had to meet IT specifications, McDonald saw franchisees as his ultimate customers, because at the end of the day, they would be the ones purchasing the system. That meant the system still needed to be easy to install and operate.

At the same time, because cameras are now part of the corporate network, IT participation is necessary to deal with intrusion protection, authentication, virus protection, bandwidth and storage issues. Although McDonald may not say it so bluntly, in a networked security environment, IT has every right to be there. The sooner security departments understand that reality, the faster they can make it work to their advantage.

"IT guys manage the infrastructure. They are very good at standard methodology, easing purchasing, implementation and support," said Peter Wilenius, vice president of investor relations and corporate development at March Networks. IT also grasps the video mission right away, he added: "Immediate access to video, not only to detect employee theft, but employee safety and customer safety."

Page:   1   2  Next  »

Information technology departments are exerting more influence over video surveillance systems, but their involvement serves to raise the profile of security processes in - and the attention they get - from the executive suite.

When IT departments take an active interest in video surveillance systems, the first reaction of security chiefs used to operating independently is to view it as an encroachment. But as technology forces converge, IT is proving to be a critical ally and advocate for security operations in terms of gaining larger budgets, better systems and a greater strategic role in the company. While CSOs may have to yield some of their control, there can be a bigger payoff in terms of organizational relevance. When security works with IT, it can lead to fundamental changes in the way corporations see security.

Video integration with IT rocked the core beliefs Dunkin' Donuts executive management had about revenue leakage. "The corporate attitude was that the employees weren't stealing, but that the franchisees were," said James McDonald, CEO of MassBiz LLC, a security consultancy, who has worked with numerous Fortune 500 companies.

McDonald convinced Dunkin' Brands Inc., the franchisor corporation, to test a system that correlates video surveillance with suspicious POS transactions, as defined by rules. The cameras and video management software were supplied by March Networks. Radiant Systems provided the POS system. The system found that through fraudulent ring-ups and voids, employees were skimming an average of $2,500 per week. Dunkin' Donuts now requires franchisees to integrate the March Networks and Radiant Systems equipment.

Before McDonald became involved, Dunkin' Donuts franchisees were allowed to go their own way on security. Those who chose to install video surveillance systems did so independently. Note that while Dunkin' Brands allowed franchisees a high degree of freedom over their surveillance procurement and policies, at the same time they suspected the franchisees themselves as the source of the leakage. It was not until McDonald brought together franchisees, Dunkin' Brands and the IT subcommittee of a third internal organization, the Brand Advisory Council, that the corporation understood the nature and scope of its theft problem and was able to effectively address it.

"IT controlled the project," McDonald recalled. "The advisory group was the IT subcommittee, and they wanted the system to sit on the existing [virtual private network]. It's their network for gift cards, credit cards and any data that runs the store." Anything that uses the network, including video, Dunkin' Donuts' IT department wanted a hand in, McDonald said.

As he notes in his e-Book case study, Revolutionizing QSR Multi-Unit Operations and Loss Prevention, even though he had to meet IT specifications, McDonald saw franchisees as his ultimate customers, because at the end of the day, they would be the ones purchasing the system. That meant the system still needed to be easy to install and operate.

At the same time, because cameras are now part of the corporate network, IT participation is necessary to deal with intrusion protection, authentication, virus protection, bandwidth and storage issues. Although McDonald may not say it so bluntly, in a networked security environment, IT has every right to be there. The sooner security departments understand that reality, the faster they can make it work to their advantage.

"IT guys manage the infrastructure. They are very good at standard methodology, easing purchasing, implementation and support," said Peter Wilenius, vice president of investor relations and corporate development at March Networks. IT also grasps the video mission right away, he added: "Immediate access to video, not only to detect employee theft, but employee safety and customer safety."

<!--nextpage-->

IT Processes

The biggest adjustment the security side has to make is to the methodology IT uses to design and implement a project.

IT makes demands because they have to host the application, said Eric Fullerton, global sales and marketing officer for Milestone Systems. "They need to understand bandwidth, storage, and a lot has to be analyzed in depth," he said. Just as McDonald does with his clients, Milestone, March Networks, as well as other vendors such as Axis Communications and Nice Systems all organize sales and marketing and channel strategies around IT's growing involvement. 

"This has been going on in mature organizations for some time," Fullerton said. "People from IT, finance, security, loss prevention get together and talk about implementation." Before moving forward, IT departments usually want to conduct a baseline study of the current system, and seek input from internal "customers" about how a system or set of integrated applications should be configured. This has been true in the past for Enterprise Resource Planning (ERP), Customer Relationship Management (CRM) and Human Resources systems. It is now no different when it comes to networked security.

In larger organizations, security organizations have found when they actively contribute to the process, IT is not only on their side, but indispensable in helping to convert management perceptions of security and surveillance from a cost center to a strategic center with a measurable ROI proposition.

Fredrik Nilsson, general manager of Axis Communications, the world's leading provider of IP cameras, said traditional CSOs have a choice of two paths. One is where they continue to insist on organizational isolation, pursuing their own silos of cameras, networks and servers. The other is to follow the long-established IT model: cross-department communications and the use of open, interoperable platforms that support departmental applications that, while serving individual needs, operate as a seamless, cohesive whole. The second path takes longer, but the results are far more beneficial and efficient for the organization and the ability for security operations to strategically support it. 

Pat Kiernan, director of marketing for Nice Systems, which makes incident information management software that can integrate with video, agrees. "We seek consensus. We're selling a process [that calls for] a very refined and detailed critical needs analysis that transcends all groups," he said. "We don't point to IT at the expense of security or security at the expense of operations or legal."

But the reality, he adds, is that video is rapidly becoming a commodity. CSOs need to be able to identify and understand the value proposition that cameras and surveillance are now part of, or else risk being left out of the convergence process. An IT organization can help security officials carry the value proposition through the higher echelons of the organization.

"Nice Systems Inform [software] gives a value proposition to the security organization and the IT organization. IT is very much aware of Nice Inform that provides a software solution that provides glue that increases the total value of the security solution being deployed."

McDonald offered other examples beyond Dunkin' Donuts where the case for expanded surveillance gained far more value when security understood ways it could work with IT processes. In one case, a large car dealership knew it was losing more than $100,000 worth of parts. Like Dunkin' Donuts, management at first made an erroneous assumption: that the parts were being loaded clandestinely onto trucks and carted away. Yet despite video coverage of the loading docks, no theft was detected.

McDonald then suggested that the dealership link its surveillance system to its shipping data. Within five days it discovered a pattern of discrepancy: the number of outgoing shipments the dealer had as part of its daily business were less than the amount of shipments it was being billed for. Further investigation, with the help of integrated video, was able to document that an employee was accepting the parts, and then reshipping them to buyers on eBay. Far from a midnight back-door operation, the stolen parts were going out the front door with the daily mail.

Although IT can be threatening, IT's involvement can make a difference in a security organization getting what it needs, McDonald said. "You need buy-in," adding that while IT had control in the Dunkin' Donuts project, they were instrumental in bringing together the company's CIO and CEO. The more CSOs understand the significance of IT, and the ways all that information resident in databases across the company can be leveraged in security, surveillance and safety, the more successful they are bound to be, he says.

"It's not just showing your boss a solution," said McDonald. "You've got to show your boss's boss you have a solution. Then IT can do something."


No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/54

Leave a comment