Consumerization comes to cloud

AUSTIN, Texas—At Security Systems News' third annual Cloud+, held here in late November, four executives addressed the consumerization of cloud—customers' expectation of innovation and services on the consumer level elsewhere in their lives.

Steve Van Till, CEO of Brivo and the panel's moderator, pointed out that each of the panelists works directly with end users. Van Till said, “One of the key themes that we're going to be looking at here today is what are they hearing today, what's the dialogue that we have happening immediately on the front lines.”

The panelists included Pierre Trapanese, CEO of Northland Control Systems, Jeremy Brecher, CTO for Securitas, and Jeff Frye, SVP, Interface Security Systems.

Van Till opened by asking the panelists about their typical customers and what their customers are saying about putting their security in the cloud.

Trapanese said, “Our process with the clients started about five or six years ago, has been more one of education—why it would be better—with the security team, not the IT folks.”

Securitas ES deals mostly with commercial and national accounts, Brecher said. “I've had conversations with security directors, with CSOs, and both of them had stemmed from something in their personal life; the consumer experience putting pressure on the commercial experience like [there's] no tomorrow,” he said; professionals experience certain amenities like cloud-based features and automation with their home security system but not their commercial security system.

“What's become apparent in the commercial space, more than ever, is this huge gap. … The demand now is coming from the consumer experience and putting tremendous pressure on the enterprise commercial experience to bridge that gap,” said Brecher.

Frye agreed. “Consumerization has raised expectations and familiarity with network concepts,” he said, adding that there is a difference between security for consumer level and security for commercial enterprises. “The security level, the threat level, at an enterprise really needs to pay a premium and needs a different product than the average consumer is caring about. So, it's an interesting tension in the market place. This raises expectations but security is still a very serious practice.”

Van Till asked Trapanese whether large, Silicon Valley-type companies are looking to leverage the cloud for security. “It hasn't migrated into the security department, yet. There's an openness to cloud and the idea of cloud, but it's not an initial reaction. It does come from the real estate team or the IT team,” Trapanese said.

Part of Securitas used to be Diebold, a company associated with banking and financial services, Van Till pointed out. He asked Brecher whether the financial services companies, which are pushing consumers towards mobile solutions and cloud services, are also looking to implement those technologies in commercial security.

The banking industry is very regulated, Brecher responded, and as a result it has a more traditional approach to security. “When it comes to these cloud technologies and things like that … it's more front of house… the back-house for banking is pretty traditional,” Brecher said. “So, there's a big gap between internal IT and external messaging.”

Interface deals with very large clients, some of which are dispersed over many locations, Van Till noted; he asked Frye, “When they look at the relationship with you and your company, are they thinking about you as a managed service, or are they thinking they're buying a cloud service, and does it matter, and what's the difference?”

Interface is “most certainly a cloud managed service provider,” he responded. “It comes down again to high expectations on the consumer side. When you're talking about business and protecting important and valuable assets, there's a much higher level of threat protection required. Do-it-yourself solutions are not adequate and a managed service provider of a dependable reliable response to an event and always on service is something that IT departments cannot provide for themselves.”

Van Till posed a question to the panel: “Are customers still asking about the security of the cloud? Is that still one of the top three things that they might ask about, or has it moved further down the list to eight or nine or 10?”

Trapanese responded first: “It may not be the cloud itself but it's the gaps between on premise to off premise.” He added that the No. 1 question from end users might be on the value of the service, followed by how to implement cybersecurity.

“Cybersecurity of any program is raised to the top of everyone's list. But, I think there's a wide range of customers,” Brecher said, noting that large companies are currently keeping their IT and physical security departments separate, and some that keep the two much closer. “Cybersecurity is going to become more important and it is going to shift to managed security, because … especially [with] SMB, you can't scale to do it the right way on your own.”

Frye addressed the need for IoT devices—including access control, cameras, panels, sensors and BLE devices—to be built by a manufacturer that has invested in security of the product and “integrated by somebody that knows the business of cybersecurity. … Security is not for the light hearted, and it's not for somebody that's got a business to run—it's for a professional.”

Van Till shifted the conversation to look more at the business side of cloud. Customers can value the SaaS model because of flat recurring payments, as opposed to a larger up-front cost, he noted. “How much does the shape of the financial expenditure … make a difference to your customer base, and what is it that they come looking for?” Van Till asked.

“We have had good success with a security package that's enclosed in an opex model. However … there are some with huge capital budgets, and you have to have a model for them too. But, opex is definitely a growing part of our business and a very successful one,” Frye said.

Brecher agreed, and pointed to a key benefit of a SaaS model. “Software is dead after you complete the install—it needs to be updated probably a minute afterwards.” he said.

The security industry has seen various technological shifts, such as the move from analog to IP cameras, which was difficult for some, Van Till said. He asked the panel about how the rate of cloud adoption, and how it might compare to other shifts that have happened in the security space.

Brecher pointed out that there is a tipping point from one technological trend to the next, where there is an increase in the value or performance of a newer technology; he gave the example of IP cameras outperforming analog cameras for a price point that was not substantially higher. “The cloud for the sake of cloud is nothing. You can't sell something unless you solve a problem or reduce a cost or create efficiency,” he said. “When we get to that tipping point, we'll see that same flip over. We're just not there yet.”

Trapanese said that the IP camera is a good example “The acceptance, the traction—I think it's going to be much, much faster moving to cloud than moving to IP,” he said. “It's just a question of having the appropriate solutions. [As] Jeremy mentioned, you have to provide value, you have to show the value is there, you have to show that the security is there, and if you can do those two things the adoption is much easier in our mind.”

Van Till asked: “Where will we be in five or 10 years—is our world going to be 100 percent cloud?”

No, the industry won't be entirely cloud, according to Trapanese. “I think it's a huge opportunity, and it's going to be a blast in the next five or 10 years for our industry. It's just going to be a ton of fun because of all the changes, and all the work that we have to do and the technology that's coming, but it will not be 100 percent cloud,” he said.