vice in the exact amount they need and forgo the costs of maintaining them while those same things remain idle in the garage or in another city. On a very fundamental level, this represents a risk management strategy. On an individual level, the consumer can mitigate their fi- nancial risks by only consuming what they need.
The IaaS model is designed to take advantage of this emerging business model, by offering customers options to outsource the own- ership and/or operation of their physical and our logical security sys- tems. As previously mentioned, CSOs know firsthand how much it costs to install a physical security system. They are now becoming aware of the indirect costs to operate and maintain those systems, including the costs of servers, networks, switches, IT staff and system administration. At first glance, the indirect costs can range between 20 percent and 70 percent of the direct costs. More work needs to be done to fully validate these numbers, but it is safe to say, that indirect costs are increasing at a time that most corporate IT departments are looking to decrease costs through some sort of outsourcing model.
In addition to the direct and indirect costs of security, the at- tention of both CSO’s and the Chief Information Security Officer’s (CISO) are the vulnerabilities that are created by deploying physical security devices on the corporate network. Traditionally, these devic- es were either not designed with cyber hardening in mind, or if they were, they weren’t being maintained with the same rigor of a laptop or desktop computer. In either case, the layer of security that was de- ployed to protect company assets may in fact, enable a breach. These vulnerabilities can be addressed at the device level, but again, most IT teams are primarily focused on protecting the most importance assets against an unceasing barrage of cyber-attacks. They have little patience, time or resources to spend on physical security systems.
If a sharing economy model existed within the physical security
industry, it would enable an enterprise consumer to purchase the ser- vices they needed without having to build, operate and maintain it. It would provide many more features that would be available at the time of need but today almost always go unused. The term “uberiza- tion” comes to mind. Uber recognized a demand for a car service that didn’t require a person to buy, rent or wait for transportation through a dispatch system. They brought people together who had a car that wasn’t being fully leveraged from a financial perspective, with the people who were willing to pay for a ride.
What Uber did for the car sharing service industry, IaaS could do for the physical security industry because it will, for the first time, provide corporate consumers options to purchase the physical secu- rity services they need, without having to buy the whole car.
IaaS will also raise the bar on the cyber security protection of the physical security devices through the direct monitoring of the devices through a 24/7 Network Operations Center (NOC) and/or the ability to air gap the network that the physical security systems ride on from the corporate network.
IaaS will also unlock other market opportunities by offering en- terprise quality products and services to mid-market companies that traditionally lacked the financial resources needed to deploy a system of their own.
Ed Bacco is the chief security officer, Enterprise Security Risk Group, at ADT.
Editor’s Note: IaaS will be discussed and demon- strated at The Great Conversation in Security on March 4 &5 in Seattle, Washington and in Plano, Texas on May 22.
30
0319 | SECURITY TODAY
SECURITY BUSINESS
Panchenko Vladimir/Shutterstock.com