Campuses face complex security technology challenges that can be daunting. That’s why CS’ sister publication, Security Sales & Integration, conducted its first Commercial Security End-User Forum this fall.
Weighing in were Chris Wynn, director of security for the Hemet Unified School District in California; Daniel Schmelzer, CHPA, director of security at Cardinal Health in Dublin, Ohio, and founder of Pegasus Security Coaching; Mark Reed, director of support services, Martin Luther King Jr. Community Hospital, Los Angeles; and Jeff Slotnick, CPP, PSP and president of Tacoma, Wash.-based Setracon, a security, training and consulting services provider.
In the article that follows, participants opine on topics ranging from the sophisticated technology solutions they seek, the inherent challenges they face and the must-haves they require in an integration partner.
In-Demand Security Technology Solutions
Referencing the industry shift over the past 10 years from analog to IP, Schmelzer believes the industry is once again undergoing a dramatic change. The focus now, he contends, is cyber-hardening those IP-based systems, noting that it’s top of mind for larger facilities today as those threats and vulnerabilities constantly evolve.
“It’s important to continue to develop ways to meet those evolving threats,” he says. “In addition to risk mitigation, clients today want to take advantage of IP technology to use it for ways to better support their business operations. The security cameras serve to protect assets, but we’re looking to find analytical solutions to bring back value to the business.”
Analytics can provide information, for example, on how to improve space utilization to better manage building structures and layout, Schmelzer adds. It’s important for campus end users to not only talk to their integrators about risk but everything else the campus can do using security solutions.
“Cyber-hardening the infrastructure as a whole and learning about new tools available to help increase the value to the business are important, and asset protection is of course our No. 1 priority. But we’re looking at the analytics side as well,” says Schmelzer.
Reed points to the network management system (NMS) and access system as the backbone of any security system. He concurs that analytics is worth end users’ time to explore, citing facial recognition capabilities as important in a hospital setting, which leverages that technology to remember a face, rather than relying on staff to do so. This is particularly important for Reed since the visitor management system (VMS) at his hospital is spread out.
When Slotnick was asked what he views to be the most important requested security measures and technologies today, he agrees it’s beneficial to mesh legacy and new systems to glean as much information as possible for full situational awareness.
“This is especially important in a large enterprise with multiple sites and systems to get them onto a common platform in order to collate that information so it’s actionable and useable,” he says.
Mass communications and emergency notifications have become a critical technology, as it’s essential to be able to send intelligible messages, especially on distributed campuses, Slotnick adds.
From his school district’s perspective, Wynn says the most crucial components of his security solution are cameras and electronic access control with lockdown capability. Given the rise of school shootings across the country, these fall into the must-haves category in the education sector.
Integration, Coverage Challenges Loom Large
Some obstacles to a successful solution highlighted by Setracon’s Slotnick include integrating existing security systems onto a single operating platform in a way that will provide the end user with the relevant and time-sensitive information they need.
He points out that building automation systems are highly integrated and communicate well with each other to produce analytics and provide high levels of information.
“But we’ve been reticent to do that in the physical security space and it’s a challenge for end users today,” he says.
Wynn says that with access control, many school districts have a wide variety of openings to cover. Hardware typically must be retrofitted, and a lot of the products may only fit on some of the doors across all of the district’s buildings. This can be costly and require multiple vendor solutions.
Another challenge, he says, is having an IT infrastructure capable of supporting all the security measures in place. For instance, he has more than 1,200 video feeds running within the schools.
The healthcare sector has some distinct challenges as well.
“The thing that would keep me up at night would be infant security,” MLK Jr. Community Hospital’s Reed says. “The way we’ve secured the hospital, I don’t lose sleep because we have a good team and a good system.”
Workplace violence is another issue at the forefront of healthcare security, he points out.
“We’re asking integrators what products are out there,” says Reed. “Our staff is at risk, and the state of California recently passed the Health Care Workplace Violence Prevention Act. It’s getting a lot of traction and play, and we’re trying to do what we can here on the ground.”
Some technologies specific to this that Reed refers to are analytics, gunshot detection and aggression detection. He and his team have been researching options and working with their integrator to understand what’s available. Reed stresses how important it is for an integrator to understand not only the user’s needs but also their budgets, particularly in K-12 education and healthcare markets.
“They can bring in a million-dollar solution, but the budget likely won’t be there to support it,” he says. “Understanding what you need and can afford helps you identify that solution.”
End Users Strenuously Vet Potential Integrators
These types of end users have come to expect certain capabilities from their integration partners. So how do many of them vet their go-to integrators to make sure they can get the job done with the level of expertise they require?
“First off, I want to know which product lines the integrator represents, because repping everyone isn’t necessarily good,” Slotnick asserts. “It means they’re trying to keep up with a whole lot of technologies. The second thing I want to know is that they’re a good listener. I need them to listen to me so they understand what my pain is. I want them to be collaborative, a trusted advisor and not out to just sell me what they want to sell me. And, I want them to have the proper industry certifications and, beyond that, even possibly a dedicated engineering department.”
It’s a lot to ask of a security integrator, but then it takes a certain type of firm to step up to the challenge of providing security and life-safety for a mission-critical environment such as a hospital.
“There are lots of smaller companies that can hang a camera and do some system integration, but can they speak the language and wield products to their maximum capability?” Slotnick asks. “And availability. Availability is so important. The last thing I want to do is call an integrator and get a call back a week later. In addition, as with any other vendor, I want to know who else you work for and be able to check references.”
Schmelzer says that, “Oftentimes, integrators will tell me they’re interested in a partnership with Cardinal Health but, for us, that means they’re able to align what they bring to the table with our mission, our vision as a whole and our risk management strategy. The certs [certifications] are important, as well. We’re highly standardized in terms of the security technologies we deploy and want integrators to have the highest level of certs in the product lines we use.”
He adds that integrators that demonstrate a level of progressiveness with today’s cutting-edge and efficient technologies also enhances their value proposition.
“Keeping up-to-date with their certifications is a must, but we also like to see new adoption of technologies and different project management tools, e-portal tools for account management, different proposal generation tools and system design tools,” Schmelzer says. “It just brings a better experience to the customer, and having them align with our vision gives us the best overall experience possible.”
With workplace violence protection concerns weighing heavy on the minds of many hospital security directors, Reed explains, integrators dealing in healthcare should certainly be adept in areas such as video and access control, but any regulations-savvy or expertise is also appreciated.
“We have to do assessments and evaluate the risk factors for each area of the hospital to determine how we need to beef up our security in any given area,” he says. “This may be adding cameras, better lighting, physical barriers, alarms… there are a multitude of different options to help mitigate the risk. If we had an integrator who knew that law, they could help with that assessment and recommend solutions to be in compliance and create a safer environment.”
Among the integrator must-haves for Reed is having the certifications for the systems the hospital has in place, plus the scope and skills to meet the hospital’s growing needs.
“We had a rapid expansion from upgrading our VMS and access control system to adding cameras, so we’re doing a lot of projects in a short timeframe,” he says. “It stretches and challenges the integrator, and I need to know that they’d be able to handle that much.”
Working in the education sector, Hemet Unified SD’s Wynn notes a few requirements of his own.
“It’s something people overlook, but we have to operate off the public bid rules, so we require that someone be a responsive bidder,” he says. “We also require the integrator to have five years’ experience installing cameras in a school district environment and to carry the needed manufacturer certifications. We also do reference checks.”
It’s Not Just About Technology
Besides having technical skills, Schmelzer looks for integrator partners who he trusts and can educate him on how he can sell the security solutions to his internal stakeholders, particularly if the internal client doesn’t have a technical background. Additionally, he looks for a professional, easy to understand yet comprehensive proposal along with a bill of materials.
Wynn recommends not trying to change a system entirely. With 28 sites to secure within his school district, having someone come in and try to change the systems and put in what they’ve already designed wouldn’t work. He also doesn’t want a sales pitch.
“We don’t have time for that and are already working with specific manufacturers,” Wynn says. “I’d say get all the certs you can because we do pay attention to that and look for a high level of certifications.”
Reed likes integrators who focus on some bread-and-butter products that they know inside and out for these markets.
“I feel more confident with an integrator who knows the product they’re selling and how to service it, as opposed to one who wants to sell me whatever they are and isn’t in tune with what I really need,” he says. “Rather than saying they sell everything, they’re better off selling a select few lines and really knowing them.”
He adds that word of mouth and reputation are key, particularly in healthcare.
Meanwhile, Slotnick wants integrators to look at his system design in the way the name “integrator” suggests — how will everything work cohesively?
“We need to look at physical security systems holistically and what the entire system is capable of doing,” he says. “Even in our assessments, we don’t do feature-based design — we do quantitative assessment. The issue is not simply that I have 12 cameras that make my system efficient; I have firmware, policies and procedures and am concerned with how it reports and if I can trust those cameras. That’s a systems-based and not features-based approach.”
The integrator needs to understand upfront the client’s pain points and how a specific product feature is going to help against their greatest threats.
“In risk management, what’s needed is a comprehensive risk threat and vulnerability assessment to define the threat and then recommend mitigations that are valued by the client to stop those threats,” Slotnick says.
Erin Harrington has 20+ years of editorial, marketing and PR experience within the security industry. Contact her at [email protected].