Industry View

How New Analysis Methods Can Enable CSOs and Directors to
Reduce Costs While Raising Security Efficiency and Effectiveness
By Ty Richmond, Chief Operating Officer, Andrews International

From corporate enterprises to government agencies, chief security officers and directors are being asked to protect more with fewer resources. In contrast, industry vendors are interested in selling products and services that increase a security manager’s budget. It’s a contradiction that existed before the current recession, though there’s no denying today’s business climate has placed far greater pressure on those tasked with attaining the highest levels of cost-efficiency…without sacrificing security quality.

Yet, this seemingly insurmountable challenge can be overcome through new analysis techniques that comprehensively evaluate the effectiveness of security operations with a simultaneous goal of reducing costs and improving efficiency and effectiveness. At Andrews International, we have developed a new methodology that matches security resources to risk profiles, maximizes the integration of uniformed guards and electronic security assets, and accurately projects return on investments (ROI) through industry-specific financial models.

Already, the analysis has been used to evaluate enterprise security programs across several key industries, including high-tech and manufacturing. According to one Fortune 500 global manufacturer, the methodology identified actionable improvements that will enable it to reduce uniformed guard costs by 20 percent across its U.S. headquarters and manufacturing site, all while enhancing the strength of its security operations.

In its simplest form, when evaluating the total cost of ownership (TCO) of an organization’s security budget, the process allows for a reduction of operating costs associated with the convergence of security human resources and electronic technologies.

The Traditional View
Traditionally, organizations periodically review their uniform security officer costs. Efforts to reduce costs vary depending upon if security personnel are in-house staff or outsourced. Most organizations utilize contracted services and are faced with the challenge of continually reducing the cost of the contract itself. This includes negotiating with the current supplier, obtaining discounts for term commitments, competitively bidding the contract, aggregating multiple facilities into a corporate agreement for volume discounts, and utilizing a “reverse auction.”

Unfortunately, when faced with creating value beyond the basics, and doing this in a progressive manner, very few security professionals challenge themselves or their suppliers to assess efficiencies in an integrated TCO approach. Uniformed security service providers, technology manufacturers and integrators typically have different agendas and see “their world” only, which doesn’t usually include the integration of their respective areas or making sacrifices in the best interest of the client. In other words, “enterprise or total solution” analysis tends to be more silo oriented around their service area only.

The fact that there is a subjective element to providing “good security” makes the challenge of determining cost effectiveness even more difficult. The security industry’s general practice is to determine the overall security risk by evaluating the value of the asset being protected, its potential threat and vulnerability, with mitigation measures then applied to reduce the overall risk.

Factors such as the replacement cost to an organization of an asset, and the operational cost of being without it, can help determine the measures necessary for effective security. Management or consultants then figure appropriate staff levels for locations, security equipment required, as well as the architectural elements and correct processes and procedures needed for efficiency. With new construction or remodeling, security measures can remain the same for years with no changes in staffing levels, procedures or equipment. Even if there are eventually changes, these may occur as unrelated elements where one facet is changed without considering its impact on another.

Unfortunately, security organizations do not always know where they stand relative to industry peers. Sometimes, a steady state-of-operations settles in where the same uniform hours are purchased every year under contract with cost reductions obtained through a reduction in billing rates. Then again, security officer and staff assignments put in place to address temporary needs often turn into standing long-term assignments and add to the total hours of security staffing.

Neither is security technology immune to waste. Budgets dictate investments and recurring costs, yet, the initial price of a technology may not include an analysis of ROI over the life of the equipment. In some cases, technology may have been deployed with the idea that an upgrade would follow at a later date as funds became available. Often, those funds fail to appear and a less-than-effective solution remains in place. This can also lead to redundancy in staffing and technology. Over-implementation is also fairly common with technology, and, equipment may be purchased without thought to recurring maintenance and support costs, placing a further burden on a budget.

Architecture can play a role in evaluating security costs, too. For instance, a security plan may have been implemented at the time of a building’s design. However, needs change over time, and when an organization can participate in the design process — enabling security and architects to work together — significant savings can result. Unfortunately, security management often deals with existing limitations on access, perimeter, lighting, parking, and other dimensions of a building. Remodeling and changes in construction during occupancy can raise additional challenges, especially if security managers are not a participant in the process. Disparate systems add to the dilemma of reducing costs.

The Big Picture
The methodology we’ve developed follows a planned approach designed to provide the “big picture;” an evaluation of the effectiveness and efficiencies of enterprise security operations used in the deployment and integration of uniformed security officers and electronic/technical security.

The goal of the process and the methodologies are as follows:

• Provide a protective solution commensurate with the identified risk profile and risk tolerance;
• Ensure enterprise security services are integrated, converged and operating effectively and efficiently; and
• Identify supporting financial models to show ROI, payback and other economic metrics that enable organizations to gain efficiencies and effectiveness in their use of these assets.

This process lays a roadmap and migration strategy designed to execute the desired benefits. It entails a comprehensive study of the enterprise security operating model to include a review of global, regional and local asset utilization based on the following methodology:

• Identification and evaluation of reasonably foreseeable internal or external threats for locations/site(s) and business operations.
• Study and assessment of location/site(s) vulnerability based on neighborhood and area crime environment.
• Assessment of uniformed security personnel deployment and utilization to further ensure the operation’s state of readiness.
• Assessment of uniformed security force policies, procedures, post orders, functional responsibilities and training programs to ensure the state of readiness for security events or emergency situations.
• Assessment of utilization and functionality of existing local and global command center operations.
• Assessment of existing electronic security measures for effectiveness in addressing location/site(s) and business exposure to identified threats/vulnerabilities.
• Evaluation of architectural elements such as landscaping, fencing, lighting, doors, windows and other access points.
• Identification of inadequate or obsolete equipment and systems in need of updating, replacement or re-deployment.
• Identification of opportunities to converge total security resources more effectively by blending and leveraging the benefits of technology and security personnel.
• Integration with other business functions (payroll, HR systems, etc.)
• Review of work processes using LEAN business practices to reduce, integrate and generally improve work flow throughout the operations.
• Presentation of financial models and scenarios to reduce security officer operating costs with technology in a more effective and efficient converged model.

The methodology inherently ties staffing, technology and their associated cost impact together with the effectiveness of each security measure. This allows organizations to arrive at an optimum model that improves the level of security while controlling costs, supported by an ability to accurately project resulting outcomes.

A New View
In addition to determining effectiveness and cost efficiency, our methodology process also has a toolbox of software programs deployed “post study” that can be used in creating a “security information fusion center.”

The result is a software platform that features an integrated view of the security operations and business program with numerous modules that allow an operations center to proactively monitor various aspects of a security program and gather information that supports risk mitigation. These modules encompass task areas involved in daily operations, incident tracking, data distribution, analysis and resource optimization.

Front-end process software is designed to screen, test and qualify personnel to work in a complex dispatch and security operations center environment. It uses customizable testing modules for evaluating personnel on key skills essential to each unique security scenario. To effectively manage a security operations center, and then take the next step to handle processes and systems for “strategy altering” intelligence, the entire team must operate with key communication, analysis and decision-making skill sets.

The back-end features risk-analysis software that integrates all components to allow the information and intelligence to reveal specific threats, vulnerabilities and mitigating solutions. This tool is the basis for the perpetual assessment process, aimed at continually improving risk mitigation strategy and resource optimization.

Living the Dream
Developments in enterprise risk management, and converged physical and logical security assets and value-driven software tools, have provided a significant platform for increased productivity and/or cost reduction opportunities. After all, success in security should not be measured by volume of staff hours or the newest trick technology, but by the overall effectiveness and value of the security solution.

The goal of our methodology is to integrate resources in a manner that enhances the security environment and allows personnel to function on a more professional, effective level. To that end, the analysis often results in recommendations for fewer hours provided by more qualified personnel, combined with technical resources. The outcome is overall cost savings and an improved level of security efficiency and effectiveness, enabling CSOs to live what has long seemed the illusive dream.

And that’s the ability to “protect more with less.”

Ty Richmond is the COO of Andrews International and co-creator of the company’s Security Asset Effectiveness and Efficiency Analysis. Previously, he held executive security posts for a number of Fortune 200 companies, including Agilent Technologies, where he was Senior Director of Security, overseeing operations in sixteen countries throughout Asia Pacific, and Hewlett-Packard, where he was Manager of Corporate Worldwide Security and Americas Security Manager. He also has worked as a security executive in several sectors including energy, consumer products, high-tech and now as the COO of a service provider.