In the security industry, as in everyday life, technology is constantly and rapidly changing and evolving as new capabilities emerge to meet the needs of end-users. As technology changes, the role of the security department is also evolving. No longer can security function separately from core business functions; to be most effective it must align with organizational goals. Advancements in technology are creating opportunities for security to make the necessary transition from what has been largely viewed as a mainly reactive cost center to a more proactive strategic business partner – a value center, if you will.
The single greatest opportunity for creating that value lies in technology that makes security more efficient and can deliver the capabilities to transform business infrastructure in addition to strengthening security. Thanks to new technologies, security is well-positioned to achieve this status.
Every organization is unique in terms of overall structure and its specific goals and challenges. Therefore, it would be impossible to apply the same processes to each to help security achieve strategic partner status. Although there may be no universally accepted specifics that apply to every situation, there are five core rules found to be common to organizations that determine both the efficiency of the process and its ultimate degree of success. These rules, which are discussed in depth below, represent actions that can be taken today to improve the organization in the short term, and which will likely have a major long-term impact as well.
1). Break Down Organization Goals to Security Goals
Transforming security’s role begins with identifying overall organizational goals – both organization-wide and at the departmental level – and determining how they align with or are applicable to security goals.
The top-down approach consists of four main actions: identifying key result areas; identifying internal and external stakeholders; gathering information to understand challenges; and writing goal statements for each area and stakeholder. These can be accomplished through the use of surveys, face-to-face interviews, secondary research and other techniques.
A departmental approach takes a more granular view of achieving these outcomes. Therefore, it may be helpful to identify policies and procedures that require a lot of effort and the delays that result from these inefficiencies.
For example, if an organization’s current visitor check-in process is complex and inefficient, visitors may end up waiting a long time in the lobby before they are allowed to enter the building. All goal statements for addressing challenges should be measurable, such as simplifying the check-in process to reduce wait times to 20 seconds or less by a certain date.
2). Expand the Role of Security
Many organizations place most of their focus on security’s goal of minimizing risks and threats, but security can do much more. Key functions that can deliver significant impact beyond this primary focus include reducing process inefficiencies, delivering actionable data and reports, and achieving compliance.
By reducing inefficiencies, security can lower the cost of labor-intensive processes with automation, which contributes to the overall bottom line. Technologies such as Physical Identity and Access Management (PIAM) solutions collect and analyze vast amounts of data from multiple security and non-security systems to deliver actionable intelligence about threats, potential cost savings and more. Additionally, compliance-related information can be pulled from this data, with reports generated automatically to demonstrate organizational compliance with government, industry or company requirements.
3). Use Automation to Build a Case
As previously mentioned, automation plays an important role in security’s evolution. Automating security and other processes ensures minimum human or manual intervention, which naturally streamlines internal security processes and increases efficiency. In the visitor check-in example, automation might come in the form of self-service visitor registration and check-in processes to create and track requests. When a request is submitted, a PIAM system automatically completes compliance checks before forwarding the request to the appropriate individual for approval.
This is just one of the many areas where security can utilize automation to help improve processes and efficiencies and deliver additional cost savings. Automating previously time-consuming manual processes increases productivity by allowing employees to focus on other tasks, and all information is captured and analyzed within the system to create reports that will help security build a business case with automation.
4). Identify Metrics to Prove Success
To determine and demonstrate all-important ROI requires identifying metrics that are crucial to tracking success. These metrics help measure performance to demonstrate security’s contribution to the bottom line, and should include factors such as costs, process delays and systems’ usefulness.
Measuring metrics begins with creating a baseline, such as how long a process currently takes and/or overall accuracy. This helps identify the most costly processes, which may include delays visitor check-in, on-boarding contractors and approval of access requests.
For example, lobby delays impact individuals responsible for visitor check-in, guests, hosts and others in the scheduled meeting. An internal cost may be the number of people visitor management requires, while an external cost may be resulting repercussions on the rest of the day because a visitor is five minutes late due to inefficiencies. Using automation, security can measure current data against established baselines to demonstrate concrete cost savings that contribute to the bottom line.
5). A.B.E. – Always be Evolving
Simply identifying and tracking metrics to demonstrate cost savings is only one part of an ongoing cycle that also includes surveying stakeholders for feedback on processes and reviewing findings of those surveys to either change or implement new goals that will enable the security program to continually improve. All of this flows back into the first step of identifying, measuring and tracking metrics, beginning the cycle all over again and helping security demonstrate its ongoing value to the organization.
As discussed earlier, security’s role is evolving alongside technology, and these five core rules can help the security team understand and adopt the latest advanced technologies. The efficiencies these technologies enable will create greater opportunities for security to demonstrate a positive and measurable impact on the overall bottom line – allowing security to make the crucial leap from reactive cost center to proactive strategic business partner.