Are Integrators Overlooking Total Cost to Serve?

Jan. 18, 2019
Security Business Cover Story (Jan. 2019): Why Total Cost to Serve may be one of the most important metrics for a successful security service business

Which customers account for most of your profits? Which products and services generate more profits than others? This is typically a complex picture, which is why most security integrators do not closely track what is perhaps their most important metric: cost to serve by customer or product.

Although many service providers believe that the perceived benefits of tracking total cost to serve do not outweigh the anticipated trouble and expense, the history of successful service providers proves that idea wrong. In practice, managing TCS is not an all-or-nothing proposition. You start with what you know and expand on it, step by step.

Given all the thought and effort that you and your people put into your business, you are doing yourselves an injustice if you do not fully consider the total cost to serve.

What Is TCS?

Total Cost to Serve (TCS) is an analysis that calculates the profitability of a customer account or a product, based on all the actual business activities and overhead costs incurred to service that customer or product. For example, if a customer’s facilities are in remote locations, costs related to service may be higher than for other customers. Service vehicle mileage goes up, as do fuel costs and labor costs. This type of situation reduces the number of customers that can be served per service technician, which is another profitability factor. It also raises the TCO for that customer. It can be an unacceptable situation for both customer and service provider.

Some TCS costs are easy to track by customer, such as service billable labor hours. Other costs are not so easily tracked per customer but are still tracked as a category, such as monthly fuel costs and vehicle maintenance costs. Typically, there are many other cost factors involved, including personnel product training, spare parts management, and so on.

Calculating TCS can be complicated, which is why large service companies with well-staffed accounting departments and sophisticated management software closely track such costs. Other service providers simply use what their gut or intuition tells them, because over time they have developed a good sense of which customers have a high overall cost to serve compared to others.

So far, they have managed to get by without having the total cost to serve details. Likewise, most integrators have a similar sense of which products and types of products have a higher cost to serve associated with them.

There are three ways that security integrators can make immediate TCS-related improvements to their business model without having to get into a highly-detailed cost analysis:

1. Take maximum advantage of new product and vendor service capabilities that lower TCS.

2. Adopt an IT-style approach to automate system infrastructure management and reduce the need for integrator technician on-site service work.

3. Use Key Performance Indicators (KPIs) to identify areas for improvement, help prioritize the improvements and show the results.

Let’s take a look at each of those aspects:

TCS Factors Are Changing

The cost-to-serve picture is now changing dramatically – making it much more difficult for owners and managers to go by gut instinct. Regardless of how closely the cost details tracked, TCS is an aspect of business that warrants serious new attention.

It is not just the fact that important cost to serve factors have changed – many of the changes are still ongoing, and for many at a higher rate than in the past. There is not a single disruption making an obvious impact – instead, change is continuous and occurring at your customer’s businesses; in security and information technology capabilities and pricing; in vendor products and services; in age and skill levels of integrator personnel; in consumer technology DIY trends; use of personal mobile devices for security and business operations; and of course your customers’ growing tech familiarity along with the desire to access business applications (including security applications) anytime from anywhere.

In fact, cost to serve is changing for many businesses – not just for security service providers. The SAS Institute (short for Statistical Analysis System) has an excellent article describing the three classes of data driven businesses, in which it defines a “data-informed business” – the category achievable by most security integrators. The idea behind this approach is to identify the data that best fits your business model and is most helpful in steering strategies and business decisions. TCS is one of those strategy and decision factors whose examination can yield big payoffs in both business profitability and customer satisfaction.

“While the trouble and expense of tracking TCS may be onerous and a bit too theoretical to some, adopting a long-term service attitude is not,” says Ed Meltzer, founder and CEO of Security Cloud & Mobile Partners. “Our primary job is to help our customers cost-effectively deploy risk-management strategies that will safeguard their organizations and help them achieve their business outcomes.”

The Five-Year Model is Dead

Twenty-five years ago, integrators, consultants and end-users could attend an annual security conference and keep current on technology advances. Now, technology advancement is continuous, and it takes more than annual trade show attendance to stay abreast of changes relevant to customers.

“Being responsive is valuable, but it is not good enough,” Meltzer says. “Integrators who grow their business by being resourceful, well organized and by providing innovative services are more valuable to their customers. Challenging legacy industry behaviors and service standards is the starting point.”

A decade ago, it was still common to see large security system RFPs that required the exact technology being procured to “have been operating successfully in a similar type and size of deployment for a minimum of five years.” Today, it is common for a network camera vendor to discontinue manufacturing a camera model that is only two years old and replace it with a new model that costs $300 less and has more features and greater capabilities.

In an earlier era, most customers conceded that they would rip and replace their access control or video system somewhere between five and ten years, because the products lasted that long and because there was not enough technology change to warrant any other approach.

For the past 25 years or more, most organizations scheduled physical security risk assessments at five-year intervals at best. Now, risk assessment updates are an ongoing risk management activity, based on changes to the evolving business as well as external risk factors.

Product training could be expected to last five years, as could on-the-job training for on-site service technicians. Now, product change as well as new product emergence is continuous. Thankfully, the availability of online documentation helps compensate for the fast pace of technology change. It also makes the same technology information available to end-user customers. That makes it a must for sales and technical personnel to maintain up-to-date product knowledge.

The fact that some of these 5-year cycles have changed is well known in the industry. What is often not understood is that they still shape and dominate much of the common thinking in the industry.

The Top Technology Influences on TCS

There are many drivers for the changes to physical security technology TCS factors, but these three top the list:

1. The Cloud. Technology change is continuous and includes new high-value elements, such as retail video analytics that provide business operations insights. IT server infrastructure has moved to the cloud, eliminating the periodic CapEx server hardware refresh bump. More importantly – especially for video surveillance – the on-site hardware constraints to performance and capacity are eliminated, because cloud computing technology includes scalable resources in a pay-only-for-what-you-use model. Software updates in the cloud are continuous, and hardware updates are invisible and seamless. There is no hardware upgrade downtime for cloud-based services.

Cloud-based offerings mean that integrators do not need to perform hardware or software updates. At any point in time, all end-users are running the latest software application. As a security integrators, you are likely aware of these changes; however, have you considered their impact to customer or product cost-to-serve factors? With the cloud, more time can be spent on other aspects of customer service that provide greater value than technology service calls.

2. COTS IT Infrastructure. Part of technology change is the use of high-performance commercial-off-the-shelf (COTS) technology. For example, video walls are commonly built using high-end consumer technology – such as 8K Ultra HD video resolution.

COTS high-performance IT servers can reduce an integrator’s the total cost to serve – not only because today such products have a high reliability factor, but also because they have same-day or next-business-day on-site service available for a reasonable vendor subscription fee. Some Dell models, for example, have a replacement policy that includes replacing hard drives on-site when the server’s diagnostics report signs of pending drive failure. This prevents data loss but is also important because large-capacity RAID drive rebuild times – with their accompanying drop in system performance – can be measured in weeks.

Eliminating RAID drive rebuilds is especially important for video surveillance systems, whose video storage performance cannot be sustained during a drive rebuild. Such service offerings have only become available in recent years. Pivot3, on the other hand, offers COTS-based video surveillance appliances that do not use RAID storage arrays but take a cloud-technology approach common with Amazon, Google and Microsoft called erasure coding.

A combination of high-performance COTS (commercial-off-the-shelf) hardware (Dell, Lenovo or SuperMicro) and software (VMware) with Pivot3 proprietary virtualization management software enables six-nines (99.9999%) reliability – which translates into 3.15 seconds of downtime per year. When the system’s diagnostics warn of an impending drive failure, the system proactively fails the suspect drive over into its virtual spare pool in minutes, with no loss of data or performance, and then puts the hot-swapped replacement drive back into the virtual SAN storage pool. No system or storage down-time is required. Erasure coding makes that possible. The system does not require deep IT expertise to deploy.

Until recently that kind of system reliability was impossible. Capabilities like these eliminate the traditional types of security system emergency service calls, which are becoming needless based on the capabilities of modern technology.

3. Cybersecurity. Cybersecurity for physical security systems – especially cameras – has significantly changed the cost-to-serve dynamic. Product warranties, as well as customer RFPs and contracts, often now require integrators install products exactly according to the manufacturers’ instruction, which includes product and system cybersecurity hardening. While only one company had such a guide in 2015 (Axis Communications), now there are more than 20 security industry companies who provide one. Every physical security system should have a hardening plan as part of its design.

All product hardening guides require the use of the latest software (or firmware). The need to keep customer software and firmware updated significantly impacts customer total cost of ownership and service provider total cost to serve. For high-camera-count deployments, the labor cost is unacceptably high for manually updating firmware, whether firmware updates are preformed by customer technical administration staff or by a security integrator. Safely managing and performing manual firmware updates for 2,000 cameras requires hundreds of staff-days of labor, which is why most high-camera count deployments never have their firmware updated, an unacceptable situation given the high level of today’s cyber security risks.

Cameras are essentially Linux server appliances with web-server and other software installed. No IT department would install hundreds or thousands of servers without monitoring and managing them and keeping their software and firmware updated; yet, that is how we often treat networked security cameras.

IT learned long ago that automated infrastructure monitoring and management tools are the only cost-effective way to manage technology systems. Automation enables the focus to be shifted to value-added work with only a fraction of the time spent on mindless repetitive actions. Automation also makes sense out of large quantities of real-time performance and diagnostics data that’s mind-boggling for humans.

As technologies advance, manufactures must incorporate features to ease the support burden of security technology providers. Fortunately, such tools are emerging for networked physical security systems. As explored in-depth in my May 2018 article (www.securityinfowatch.com/12410421), Axis Device Manager automates the firmware updating process for Axis products; and Viakoo’s Camera Firmware Update Manager also automates firmware updates for major camera brands, is cloud-based, and provides central management.

“Manufacturers must understand how and to what extent each type of customer will deploy and utilize their products to enable service providers to support service provider and customer objectives easily and effectively,” explains Ken Francis, security industry veteran and President of Eagle Eye Networks. “Building cybersecurity into products lowers the overall deployment and maintenance costs; providing performance metrics lowers the cost of monitoring a system and keeping it running well; automatic software updates lighten the service provider’s burden while at the same time keeping the customer systems up to date with features and security. The bottom line is that manufacturers must provide easily supportable products.”

Key Performance Indicators (KPIs)

A few years ago, research by the PSA Security Network discovered “First Time Fix Percentage” as a highly effective KPI that strongly influences integrator profitability. Measuring this TCS factor does not automatically improve service; however, investigating, discovering and eliminating the causes of repeat service trips does – with results shown by the First Time Fix Percentage numbers and an improved balance sheet.

This is a KPI that can be shared with customers, as it is an indicator of the growing cost-effectiveness of service – a TCO-lowering factor that customers already understand. When all other factors are equal, sharing this kind of information – and the fact that customers can benchmark their own First Time Fix score against the average for all the bidder’s customers – could easily be a tie-breaker.

“We already make service calls and gather data such as make, model and some even document serial numbers – what if we spent the time necessary to add a category of the device, such as power supplies vs. reader heads, then extract the amount of time trouble shooting and repairing that device,” Meltzer asks. “(Integrators can) analyze service by the number of service calls by manufacturer or the total cost by category. This would be one of the most impactful exercises aimed at continuous improvement in the entire electronic security industry.”

Meltzer adds that by analyzing and leveraging historical service data, you can differentiate your company from the competition. Thus, it would be possible to ultimately:

  • Predict service loads;
  • Improve the logistics of service delivery;
  • Generate incremental training revenue as a result of operator errors;
  • Increase customer satisfaction and confidence;
  • Improve the morale of field staff;
  • Create a competitive advantage; and
  • Save your customers money while putting more money in your pocket.

Using the data you have available now, it is possible to identify specific total cost to serve factors and begin improving them. Everyone will win, and likely be sleeping better at night.

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.

About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com), a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).

Follow him on LinkedIn: www.linkedin.com/in/raybernard

Follow him on Twitter: @RayBernardRBCS.