Physical security becomes even more powerful when its mission and objectives are aligned to those of the business whose assets and activities it’s there to protect. This is the vision of Enterprise Security Risk Management (ESRM) and it’s one that can transform the appreciation of the value added by security operations and get beyond the idea of security as just a ‘necessary evil.’
Challenging the status quo
I remember chatting with Richard Latham when he was Head of Security at the iconic London O2 arena and he explained that his security staff were an integral part of the customer experience – not just an afterthought added onto the event. This alignment between security needs, and an enjoyable customer experience drove the requirements Richard had in terms of security staffing – meaning he would, for example, need security personnel with experience dealing with the public and the associated soft skills.
While this was a great example of an organisation recognizing the value that security can add, the situation can vary depending on the sector. According to Rollo Davis and Michael O’Sullivan, the two UK experts on security behind The Professional Security Officers Magazine: “Businesses that understand security and how to use their security resources recognise the value because they are the kinds of businesses to measure it and calculate the benefit to the business.”
The pioneering information security sector
As far back as 2014, at an information security conference in London, Brian Honan, the then Chief Executive of the Irish Reporting and Information Security Service (Ireland’s computer emergency response team), said: “IT security is not just an IT problem, it’s actually a business problem, and therefore needs to be treated like every other business problem.”
It seems the IT and cyber world have been talking about security as a business enabler for some time and therefore understand the issue. Can we extrapolate that view into the physical security world? Baker Hughes, that provide technology and service-based solutions for oil and gas companies have a mantra when it comes to security: “The security function aims to be business professionals first, with an expertise in security.”
This is achieved by outsourcing many of the pure security functions through Security Operations Centres and then developing data analytical capabilities to add to the wider business intelligence picture and look at processes that can add value outside the traditional security function.
Technology helps advance the joined-up, ESRM approach
As we’ve heard from other industry commentators, customer expectations for security service providers continue to grow with security personnel increasingly being expected to step beyond the traditional ‘guard at a gate’ paradigm and play a more active role in contributing to business value. These expectations create a supportive environment for the professionalisation of the security sector and the development of broader skill sets that reinforce the vision of security as a business enabler rather than just a necessary evil.
Advances in technology such as the adoption of physical security information management (PSIM) platforms to manage the inflow of data from increasingly sophisticated security hardware also strengthen the case for security being an integral part of an organisation.
Recognising that physical security can protect and enhance reputation and goodwill, act as the frontline for cyber defence, and support business continuity and regulatory compliance, among other actions, means that security teams are increasingly getting incorporated into wider business planning and being seen as part of the whole team. After all, security personnel are the eyes and ears protecting all aspects of the business, the front line in deterring all sorts of threats and also in spotting the unusual, out of place or out of character.