Total Cost of Ownership (TCO) refers to all the costs incurred in owning and operating an asset. For IT servers, typically the initial CapEx expenditure contributes only 10 to 20 percent of the TCO; it is a similar picture for server-based electronic physical security systems.
The differences in TCO for competing products can range between 50 to 100 percent; however, due to recent technology advances, the TCO difference between some types of products can be as much as 1000 percent.
Here’s an example: Five years ago, video analytics servers running Agent Vi software could run analytics on 16 video streams per server on average. Some analytics companies still use technology like that; however, the new generation of Agent Vi technology can process 200 such video streams – a 1,250-percent improvement! Another way to state it is that the previous generation technology requires more than 12 times the number of servers.
Although the purchase cost of two competing video analytics software products may be the same, the cost to deploy and operate them with identical functionality may not be. For an explanation on the difference in video analytics technologies, see the SIA’s technical paper, “The State of Video Security Analytics."
While the above example seems cut-and-dried, the picture is complicated by cloud-based systems, for reasons that are explained later in this article.
Most businesses experience internal competition for technology funding; thus, security system projects are not immune to cost pressures created by internal battles. End-users want to know – and have a right to know and understand – all the cost elements involved in security deployments.
These cost factors are becoming a part of the competitive landscape, and I have personally seen recent security system RFPs that require a five-year TCO analysis as part of the design-build package.
How to Create TCO Analyses
Security system manufacturers should provide TCO analysis support to their integrator partners, because, as mentioned, it is now becoming an important security system sales factor.
Eagle Eye Networks, for example, provides five-year TCO comparisons that look at TCO for a fully on-premises VMS vs. a cloud-based system. These documents provide detailed cost factors, including, for example:
- Server configuration (CPU, RAM and storage);
- Additionally required equipment, such as routers and switches where they may make a difference in the comparison; and
- VMS requirements, including camera and site count, resolution and frame rate, days of retention, etc.
These example comparisons can serve as a template for making an accurate comparison between Eagle Eye’s cloud-based VMS offering and a competing brand of VMS and server or NVR system. Of course, for those integrators who are Eagle Eye partners, this information is extremely helpful in the design and specification process. Check out the figure at the top of page 27 that offers a TCO comparison for multi-site enterprises. Access the full document at www.een.com/security-system-true-tco.
Helping Clients Make an Informed Decision
TCO enables decision makers to evaluate an asset and obtain an accurate comparison in competitive bidding –
where the lowest-priced bid may or may not be the least costly asset to purchase and operate for the lifecycle period; thus, TCO is sometimes referred to as Lifecycle Costing (LLC).
Whatever name is used, unless the cost comparison is fully complete, it will not provide all the important decision factors – because both hard and soft benefits must be included in the comparisons. Soft benefits impact the business operationally and are often part of the business use-case.
This applies to comparisons of true cloud-based systems vs. on-premises systems and is especially important for the on-premises servers and workstations of VMS, access control and alarm monitoring systems.
Here are several key factors that should be under consideration:
- Hot redundancy for system uptime (for video viewing and recording; alarm monitoring and response; and real-time server-based functionality – such as analytics, real-time access policy enforcement, etc.);
- Remote operator and responder access (access to data and control functions for security personnel on the ground); and
- Redundancy for data storage (especially important for compliance with corporate and regulatory video retention requirements, integrity of investigations and historical analytics).
The importance of any one factor will vary depending on the end-customer’s type of business and the size and extent of business operations.
For example, real-time hot redundancy for system processing and data storage elements is drastically different between on-premises and cloud-based systems. For a multi-site retail business, these factors are vital, because the video system requirements typically include high video resolution and frame rate, 30-day or longer video retention, and high up-time to maintain the integrity of video surveillance
and store traffic video analytics. Remote access to video and to store analytics data is also important.
The expense of hot redundancy for on-premises servers and video storage systems typically makes them cost-prohibitive; however, they are built into true cloud-based systems, as is secure wide-area and global remote access with multi-factor authentication. The strong cybersecurity features of cloud deployments are typically not applied to on-premises systems – primarily for cost reasons.
Cloud vs. On-Premises TCO
With fully on-premises systems, there are typically two CapEx investment bumps – the initial investment, and the hardware refresh around the fourth year for hard drive replacement and computer processing power and memory upgrades. The computer upgrades are typically desired for support of expanded software functionality and increased application usage.
These days, mobile device usage continues to grow, with visitor management systems and personnel safety applications being prime examples. Mobile apps also considerably extend the security system user base.
The contrast in lifecycle cost between cloud and on-premises systems is very easily shown in a graph like Figure 1 (left), which shows a cloud TCO savings of 15 to 20 percent. In TCO cost comparisons that I have personally performed for clients, the cloud TCO savings can range between 10 and 40 percent – not including the costs of hot redundancy for processing, data and video storage, mobile device wide-area support and cybersecurity costs, which of course are not part of the on-premises deployment.
Any cloud vs. on-premises cost comparisons for decision-makers must include these important aspects that otherwise would not usually be part of the stakeholder thinking (except perhaps for IT stakeholders).
Cost comparisons for security systems whose servers reside in corporate data centers must account for IT cost allocations, which for a server are typically 80 percent or more of the lifecycle costs. For the data center storage refresh cycle, the cost to decommission the upgraded storage must be considered, which includes wiping the hard drives of sensitive data.
Access control and video surveillance data contains protected personal information – particularly applicable under GDPR. This decommissioning cost factor is real but often omitted in cloud solution TCO cost comparisons, as are some other cost factors.
Security System TCO Cost Factors
There are eight security system TCO factors for an enterprise deployment where the IT department is hosting the servers in a corporate data center – as illustrated in Figure 2, furnished by the Security Industry Association (SIA).
The color legend in the donut graph shows the often-found relative cost of corporate video system deployments. These costs can vary significantly from one company to another, and from one service provider to another, depending on many factors. Editor’s Note: The next article in this series focuses on Total Cost to Serve (TCS), an important element of TCO cost analysis which is also evolving due to technology advances.
When most of these security TCO cost factors are incurred in the cloud, they are subject to economies of scale that have a cost-lowering impact.
When creating security system TCO cost comparisons, it is important to get actual costs as charged or quoted, in writing, based on a full description of the scope of the costing. Such information is almost always available, but it can take a bit of digging and requires persistence in some cases. It is more than worth the effort to make these comparisons; in fact, it is mandatory to have decisions made based on reality.
Be sure to include the cost of cybersecurity, and to document the cybersecurity differences between on-premises and cloud-based deployments. Cybersecurity controls can be found in at least half of the eight security cost categories, and as such cannot easily be broken out as a separate cost.
For example, cybersecurity requirements impact field equipment configuration labor costs as well as IT management and support costs; however, when the cost categories are calculated, cybersecurity can be unintentionally omitted, which is why it is important to pay specific attention to them.
Strategic Technology Planning
TCO enables service providers to engage in strategic technology planning with their customers. Integrators should give customers a conceptual view of where security technology will be in 10 years, then compare that to where they expect their information systems technology to be.
Most clients will agree that most or all of their IT infrastructure will eventually move to the cloud. Use an estimated TCO for the future state of their security systems, optimized for what a feasible cloud transition path will be.
An example: For VMS users who are at or near the point of hardware refresh now, consider using BCDVideo servers, which have a global, on-site warranty that essentially provides a five-year “Keep Your Hard Drive” guarantee on the entire server, providing zero cost of service for five years after the initial investment. The term of warranty service can be extended from five years to seven, which is reasonably priced if done at the time of purchase. Keep Your Hard Drive means the customer can wipe the drive or otherwise dispose of it, ensuring compliance with privacy regulation requirements and corporate policies regarding the handling of sensitive data.
BCDVideo server intelligent hard drives proactively alert the administrator of a pending failure up to ten days before the drive actually fails. This allows for an on-site service call on a still-working drive before it fails, resulting in zero downtime for the customer and zero service cost for the service provider.
No-cost server hard drive replacements (until recording is transitioned to the cloud) is a TCO lifecycle cost consideration. This is an example of how emerging technology and improved service offerings can provide elements of a strategic technology roadmap – when TCO-related aspects are fully considered and documented.
The Added Value Customers Seek
Providing customers with a well-planned technology roadmap that includes the full TCO picture supports advance budget planning and gets early buy-in from the financial stakeholders. The roadmap should match emerging technology trends with the customer’s changing risk picture. Service providers (including security consultants) can let customers know they are keeping an eye on emerging technologies and will update the roadmap when noteworthy advances occur.
This engagement with customers also helps stabilize future revenues for integrators and establish the knowledge and service capabilities that technicians will need.
Thus, TCO is more than just an immediate sales tool – it is something service providers can use to provide long-term added value to customers and clarify their own future vision of services to be provided.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com). In 2018 IFSEC Global listed him as #12 in the world’s top 30 Security Thought Leaders. He is the author of Security Technology Convergence Insights, available on Amazon. Mr. Bernard is a member of the ASIS councils for Physical Security and IT Security. Follow him on Twitter: @RayBernardRBCS.