physical security directors need to learn to run a business, and vendors need to learn to sell
Have you read some of the press releases and marketing campaigns coming from vendors (manufacturers) lately? It’s like they live on another planet. I sometimes think there is an alternate reality where some vendors, consultants and trade magazines live in perfect harmony piecing nonsensical words together, feeding them to each other and then having a community cud-chewing festival.
[Sorry, did I just piss everyone off? Ed and Lorna, I don’t include you in that crew. Not you either, Michael.]
What I read rarely relates to the conversations I have with CSOs, COOs and risk management executives. I tell this to the vendors, and they whine and squirm and declare that they know their customer better than anybody. Maybe so. But that would simply mean their customers are not the CSO, COO or risk management executives I’m talking to.
Maybe these vendors are content selling to facilities managers and the security directors who’ve been buying access control and DVRs for years. That would make sense. Those folks are competent security professionals who understand the technical and procedural requirements of access and surveillance. So of course the vendors enjoy selling access and surveillance equipment and services to this crowd.
But then why do executives think things look askew?
- Because neither the vendors nor the security directors have been successful describing the business value of specific security initiatives in terms of measured economic impact; and,
- Because neither the vendors nor the security directors think of physical security departments as business units. Therefore, they feel no need to use business language, set up common business processes, and report on metrics the way other business units do.
It could simply be a matter of not selling high enough. The senior executives tell me that they see physical security as essentially screwed up. “How did physical security get so messed up” was the exact quote of one of these execs last week, after he investigated the processes of risk management in his very large corporation.
He expected to find a business unit with standard processes for setting goals and quantifying performance metrics. Instead, he saw a 1970s police department with what he described as an archaic operation of “security for the sake of security.” “How do the words ‘command and control’ fit into my business?” he exclaimed with frustration.
In short, physical security is not run like a business, from the business executive’s point of view. It is run like a police department, or a military base. Nothing wrong with that, intrinsically, of course. Law enforcement and military operations are very effective for managing risk – if your organization is a city or university or war zone. If we are talking about a business, however, security should be run differently. It should be run like a business.
Vendors don’t get that, it seems. So they don’t sell that message. And they don’t create products that enable security directors to run a business. Here are three things vendors should start doing right now to solve the real problems faced by the companies they sell to.
1. Describe solutions in terms of business service management. Create sound, believable measurements of ROI, TCO and overall economic impact for each solution. Be ready to map every major function of the product to specific business requirements. Basically, you want to empower your traditional security director or facilities manager customer to carry the message of business value up the ladder.
2. Sell higher. If you can’t sell your product to a COO, then maybe you shouldn’t be selling it at all. My point is that a product or service purchased in the organization should be valued and appreciated by the COO. If it’s not, then either your message is wrong or your product is. Investigate new business development methods to permit you to sell to senior executives. You’ll make more money and solve bigger problems.
3. Stop the “me too” feature war. Customers don’t really care what features your product has or what boxes the consultant can check off on the requirements list. Some features are more important than others. Find out the relative weights of customer requirements and then you’ll be able to see how closely your product comes to actually solving the problem. Otherwise, you are just showing that your product sucks less than the other guys.’ See my post, “Most product comparisons tell you jack”
In this economy, no one can afford to pass by opportunities to provide the highest value to end user customers. Slackers will die.