What is the integrator's role in the modern era of security?

As we move toward a converged security model and systems become more virtual and cloud based, the role of the integrator is dramatically changing while at the same time becoming much more challenged and challenging.

For the better part of 50 years, the integrator's primary source of income was derived from selling and installing equipment. Profits stemmed from margins produced by reselling equipment and creating RMR around services, installation and monitoring. Parts (on-premise equipment and application software) and smarts (installation and commissioning) were the “bread,” and the services (time, material and service contracts) the “butter.” Parts and smarts consistently generated 30 percent gross profit margins with services being even higher.

As the market became more competitive and national entities such as ADT/Tyco, Diebold, Stanley and many others attempted to build revenue models that incorporated lease options and national monitoring agreements, consolidation started reducing the number of regional systems integrators, which is the first of three blows to the security system integrator's role.

Before we look at the other two, let's take a look at how we got to where we are today …

Before 9/11
Up until 911, electronic security systems were rarely included in the construction budget that owner/end user's (or their GCs) managed. That relegated security to an often-unbudgeted “afterthought” contracted directly by the owner to the security systems integrator, or — much worse — an undefined single line item requirement added to the scope of the GC to shop to integrators or electrical contractors without oversight by the owner. That environment incentivized many integrators to perform both the function of design consultant and integrator.

Those who put their customer's best interests (both short and long term) before their own profit experienced successful results and generated a loyal following of mid-cap and enterprise customers as “trusted advisors.” Others took advantage of the absence of requirements and standards to minimally satisfy the generic single line item for a security system in a way that prioritized using available budget above functional logic or ROI. That approach often went uncontested on projects tied to fire or life safety if the integrator had a NICET guy on staff.

After 9/11
With 9/11, security (not life safety) became the priority with its own budget. Everyone was in a state of fear that another attack could take place. The security gold rush, after the new funding, was off and running and every Tom, Dick, or Harry flooded the market. Suddenly, the deal you had with your buddy the security director was being challenged by a no-name competitor who could install and service for half the price and at times with better equipment. The gravy train of annuity relationships for many security systems integrators was over. Now, suddenly you not only had competition but now the federal government was mandating that you had to do it correctly, or else.

By 2002, the security industry fell under the Department of Homeland Security (DHS) and everyone was being watched. At ADT/Tyco, Dennis Kozlowski, who was the symbol of the old “good-ole boy” integrator, was put in prison for taking $80 million in unauthorized payments; he ended up in prison and the security integrator was put on notice.

By 2005, the industry began to change dramatically. The integrator could not just depend on the “good ole boy” relationships it had to bid on virtually everything. Public entities, enterprise or regulated industries had to ask for bids and the integrator vendor had to follow the rules. The end user was now also using the Internet to challenge the integrator pricing, and very often the message was, “I can get this on the internet cheaper.”

While this change was happening the consultant community started multiplying in size by the thousands. Former military and government workers with some knowledge of security became experts and subject matter experts. They, not the integrator, became the trusted advisor limiting the integrator role even further.

Compounding that pressure, a new stakeholder (design engineer or “A&E”) was drawn into the market to ensure the necessary integration of camera systems with access control to provide critical “actionable intelligence” for security managers. This now correlated to division 28 and division 8 in the building code, so it was no longer enough for the integrator to design a system; it required a design engineer's stamp of approval.

By 2007, unfortunately the commercial markets began to plateau and as the war on terror continued, but with less threats nationally, the post 911 fixation of “security first” abated. This set the stage in 2008 for the second of three blows to strike the security integrator — the housing collapse and the subsequent worldwide recession.

The post-9/11 gold rush was over. Gone were the days when customers found a way to buy the latest security technology so they could showcase it to their employees and constituents. The recession led to most integrators losing every bit of gains they had sustained during the 911 boom. The integrator industry went from too many integrators to not enough. This was an opportunity for the corporate juggernauts such as Tyco, Stanley, Securitas, G4S, etc. to suck up the regional businesses. However, with this consolidation, service and quality began to falter. Lean was more important than service.

The final blow
The third and final blow to the integrator was the advent of converged systems with IT and IP enabled devices. The age of cyber began as a slow creep in the early 2000s. By 2009, we saw companies such as Convergint Technologies making a big push to differentiate themselves as being cyber competent. This movement would take 10 more years to evolve, which has now blossomed with the advent of machine learning, deep learning, and AI.

Today, converged security and IT, OT, PS has put the integrator to the test. They now must have an awareness of how the cloud will become part of the solution. OpEX has become a greater influence to the end user than CapEx.  Selling products is no longer the wedge it once was. Selling RMR, services and seats are today's message. The integrator must progress and become capable of working with IT at every level including software integration. The plug and play days are long gone.

Within three years the industry, or more specifically the integrator community, will either have adapted to the world of information technology and operational technology, or simply fade away into the past. Regional integrators who understand the “software as a service” model, as well as the integration of cloud infrastructure in the physical security space, will provide needed services to the end user. Those who don't will be relegated to becoming an installer of cameras and readers rather than an integrator of solutions.

The potential profits centered on product sales that the industry and integrators thrived on in the past have led to lower gross margins today. The choice is the integrators to make: Either stick with the way things were done in the past, or understand that IT security, cybersecurity and the evolution of converged systems will be the world of tomorrow.

Either way, the decision will be made for integrators because risk officers, IT directors, CIOs, CISOs, CTOs and operations directors are now in the driver's seat, and the security director of the past is making way for the security director of the future — one who understands cyber risks as much as he understands physical risks.

Time is ticking and the world of security is not waiting for the integrator to catch up.

Pierre Bourgeix is president of ESICONVERGENT LLC, a management consulting firm focused on helping companies assess and define the use of people, process and technology within the physical and cyber security arena. He contributes to SSN regularly.