As a society, it’s fair to say we’re now facing rapid changes with regard to our ‘sense’ and ‘awareness’ of security and its related issues. New challenges seem to be cropping up at every corner, and much of what we used to take for granted as being safe is now somewhat vulnerable.
Massive advances in the speed and reach of communications coupled with an ever-increasing sophistication of the criminal/terrorist and the relaxing of border controls have, together, realised myriad threats that once didn’t exist.
Viewed in its entirety, this reality means that security professionals – and even more so those responsible for security and safety issues in top end corporate organisations – need to bolster their security regimes, increasing control while at the same time often having to reduce costs by way of satisfying the Board of Directors. That’s no easy task.
With this in mind, those bright sparks at CNL and Frontline Security Solutions have joined forces to launch The Security Directors’ Forum specifically to address several key issues, among them:
Want to be a discussion leader?
Back in early March, Adlan Hussain – the marketing manager at CNL – had asked if I’d like to participate in this inaugural Forum as a discussion leader. Naturally, I said: “Yes” without any hesitation.
One of the best elements of my dual role as Editor of SMT Online and Group Content Editor for UBM Live’s Security Portfolio is that it allows me to participate in the wider industry discussion agenda and make my views known in helping to move security management forward as a discipline.
Having agreed with Adlan what I’d be talking about on the day, I made my way to the venue – Gordon Ramsay at Claridge’s, no less – on Thursday 22 April in good time for the noon reception jointly hosted by Frontline’s Peter Goodenough and James Condron (the co-host from CNL).
My wife Annora and I watch Mr Ramsay on The Magic Rectangle pretty much every time he appears. Hell’s Kitchen, Gordon Ramsay’s Kitchen Nightmares, The F Word… You name the programme and we make time for it.
In my opinion, young Gordon’s the most talented – and, more importantly, the most interesting and diverse – of today’s Celebrity Chefs (who, by the way, seem to be burgeoning in number at an alarming rate… there must be money in catering).
That said, until The Security Directors’ Forum I’d never eaten at a Ramsay restaurant, and I was very much looking forward to the experience. Annora said to me that if I saw The Great Man himself I was to ask for his autograph on a menu. I suspected that he would be away filming somewhere and far, far too busy to sully his Persil-white apron with any cooking. These days, I’m sure he pays other people handsomely to do that for him!
On my way from Bond Street tube and along Brook Street, I recalled walking by Gordon Ramsay at Claridge’s a few years ago en route to G4S’ Carlos Place offices just beyond Grosvenor Square in London’s West End, and remember stopping to peruse the lunchtime menu.
A rainbow trout salad came in at a whopping GB pound 25. Wonder what it costs now? Probably a soupcon beyond us mere mortals’ pockets, that’s for sure.
Information sharing and networking
Anyway, having chatted to Peter Goodenough in the foyer upon my arrival, I was ushered through to the private dining room beyond the main, open plan restaurant space. I was ready for what had been billed by Adlan as “an exquisite mix of inspired thinking, stunning surroundings and fine dining”.
“Today is all about information sharing and making new contacts,” asserted Goodenough, before swiftly handing over the introductory duties to James Condron.
“Many Boards now want more security for less spend,” explained Condron, “but that’s not the easiest nut to crack. Hopefully, we can have an open and honest discussion here today that will break down some of the barriers and provide a route to success.”
The opening speaker slot was occupied by yours truly. I’d been handed two topics for my address: assessing the threat to the business and mitigating the risk, preceded by an appraisal of how companies might cope with reduced numbers of security officers on site in favour of a greater reliance on systems.
I began by distilling where we are today with security guarding. “As things stand, there are 655 Approved Contractors listed on the Security Industry Authority’s core register. Whether or not you consider there to be 655 good security companies in this country is another matter entirely.”
Sadly, anecdotal evidence suggests that pay rates for officers haven’t improved that much post-regulation, and that too many contracts continue to be won on price over and above the drive for quality service delivery.
Who’s to blame for all this? “Well, the guarding companies have to walk away from the bad work and bad customers,” I said, “but when shareholders have to be satisfied such an altruistic path isn’t always an easy one to tread.”
By the same equation, clients ought to be paying more for the service and not forcing contactors down to the lowest common monetary denominator. End users cannot – and should not – be expecting a silk purse of a security service if they’re only willing to pay for the proverbial sow’s ear.
“With the 48-hour working week not likely to be enforced any time soon, and with a recession still nipping at clients’ purse strings, the likelihood is – and wrongly, in my view – that security budgets will be shaved and shaved, and that the manned presence is where cuts will be made.”
Coping with reduced officer numbers
The $64,000 question is: “How might end users cope if they’re forced into reducing officer numbers?”
While we haven’t witnessed any great increase in officers’ wages post-regulation, there has been something of a direct correlation between the overall cost base increase engendered by licensing and the volume of end users who’ve been turning towards ‘alternative’ security solutions.
Those ‘alternative’ solutions, of course, encompass systems-based set-ups involving a combination of CCTV, remote monitoring, IP-based regimes, intruder alarms and access control.
It’s at this juncture that the talk often turns to the mythical concept of added value. “What is that?” I posited. “To one client, it’s having the security officers do everything from water the plants in reception through to full-on site patrols. To the rather more enlightened client, however, it’s all about deciphering the difference between adding value ‘in’ and adding value ‘to’ the business.”
When it comes to adding value ‘in’, the guarding service provider can score by introducing, for example, new shift patterns, different tactics and techniques for patrolling, building-in extra site visits from regional managers and tweaking training to suit the fact there are now less bodies around.
End users who want to raise the game need to put some building blocks in place before they can do so. “If you’re not an expert in security per se, ask for help,” I stressed. “Call in a recognised and professional security consultant. Conduct a fulsome appraisal of your current operation from head to toe. Assess the risks and threats, and then plan to mitigate them.”
On the technology side of things, I recounted that it’s probably best for security directors and managers to develop their existing legacy systems in the short term rather than rip everything out and start from scratch.
“It’s not for nothing that hybrid solutions, defined by mixing the old with the new, are very much de rigeur.”
Cutting out the middle men
One area many clients don’t always think about is making sure security officers are fully-trained on the systems in use.
“If the officers can solve minor technical problems,” I explained, “this will reduce downtime and save money on engineer call-outs.”
Based on the plethora of discussions I’ve had with industry practitioners, it would seem that IP-based solutions are gaining traction. IT directors are now less wary about having security systems running on their networks.
On top of that, every company needs a defined security policy in place. Crucially, that policy’s contents must be spelled out to staff at every possible opportunity.
My closing gambit on guarding was, I think, salient and very much to the point. “At the end of the day, intruder and fire alarms, CCTV cameras and access turnstiles are only effective if they’re properly and correctly administered – and responded to – by those who watch over them. The good quality security officer will never be wholly replicated by even the most sophisticated of systems set-ups.”
As mentioned earlier, I was also tasked with talking on the subjects of threat assessment and risk mitigation. It must be said that security practitioners are often guilty of starting at the end of the cycle rather than the beginning, choosing to look at risk assessments prior to conducting threat or environmental analyses.
Consultant Steve Garton of Advent IM – and a fellow devotee of The Security Institute – has spent the last two years or so developing a model for protective security. During that period, it became readily apparent that many clients he dealt with didn’t always have a 360 degree view of what it is they’re protecting against.
“The risk management cycle is clear,” I ventured, “and pretty well known by the majority, but how many practitioners are starting the process early enough? And how many have to hand the right information and intelligence on the threats they face?”
True understanding of the risk(s)
I for one agree with Steve’s assertion that the process of review and/or analysis has to begin with a clear and thorough understanding of the threats, their vectors and agents. Only in this way can practitioners truly understand the risk(s) posed to the business.
I continued: “Another hugely important point to make is this one: who’s commissioning the security system installer’s work on behalf of the end user?” It’s Garton’s assertion that too many clients are being ripped off by engineers who do a poor job.
The good news on the grapevine, though, is that the more savvy installers are now holding their hands up and asking independent companies to carry out the commissioning processes for them, particularly on the more complex and large-scale projects.
Today’s threats to the business are many and varied. They can include: terrorism, data theft, the insider threat, burglary, kidnapping and extortion, natural disasters (volcanoes erupting, for example!), fraud and scores of others. What, then, can security managers do to be proactive about them.
“Follow the national media reports on what’s happening in your area and beyond,” I stated. “Cultivate close links with the police service and local law enforcement agents. Security and IT managers need to examine every aspect of how they deal with security, and plug any gaps. Is the network on which your information assets sit really secure and appropriate for the information that it contains?”
In terms if the insider threat, I spoke about the PREFIT initiative launched by David Chernick (of KPMG Forensic) and supported by SMT Online, and also the Wicklander-Zulawski non-confrontational interview technique adopted by – among others – HMV in a bid to expose internal fraudsters.
“Making sure you have rigorous vetting and screening procedures in place is vital. One need only look towards any of the recent stories in the national press where such screening hasn’t taken place to witness the serious outcome that often results.”
Ladies and Gentlemen, luncheon is served…
On that note, I sat down to a very generous round of applause as luncheon service began. The food was indeed delicious. Smoked Longford Estate trout with a beetroot, grape and caper dressing and horseradish ice cream followed by the main course of succulent roasted organic chicken, truffled chicken tortellini, a blanquette of seasonal vegetables and shallot sauce.
Preceding the dessert came a sumptuous selection of both English and French cheeses with all the trimmings, then it was time for lemongrass creme brulee accompanied by a ginger sable and rhubarb sorbet.
All washed down with a Chateau Bauduc Bordeaux Blanc from 2008 and a 2006 Faugeres Les Leonides, Domaine du Meteore red wine.
Bob Martin of the RFM Solutions consultancy spoke immediately before the main course. 34 years in the security sector, Bob used to work for a large petrochemicals concern, and had been asked to talk about how security practitioners might break down the barriers between themselves and IT.
“To my kind there aren’t really any barriers, or at least there needn’t be,” said Martin, opening his discourse. “Back in the good old days, I had a pal who worked as an HR manager. He wanted his HR data loaded to the company’s access control system, but was told it wasn’t possible.”
At which point CNL’s Keith Bloodworth chipped in: “90% of access systems don’t allow on-boarding or off-boarding. The convergence of HR and IT has thrown up those kinds of issues.”
As far as Martin’s concerned, IT directors still have an old world view of the security function. “Integrators must be competent in security and IT, and demonstrate that competence at regular meetings. Then they’ll gain the trust of those who matter most in the equation. In other words, the client.”
Harking back once again to days of yore, Martin suggested that any integration then was “a nightmare”. Now, it’s less of a problem. “Thinking out of the box means that security systems can add value to the business. CCTV, for example, may be used to monitor footfall in the retail environment while raising the profile of security across the company as a whole.”
IT and security: the ‘soft’ issues
According to Martin, there are also an important number of “soft issues” to be addressed by IT and security. For example, making sure an employee’s access control card rights are updated so that, when they return after a long spell away, there aren’t any problems to resolve.
“It’s all about going back to your company as the head of security and devising – and then demanding – that next step to be taken,” asserted Martin. “Also, ask yourself what functionality you might want from your company’s database in, say, a year’s time. End users perhaps need to push back against proprietary systems.”
He continued: “For security managers like yourselves, it’s your own sphere of influence that’s most important to you. That being the case, I would urge you to make good use of Forums like this for the betterment of the profession. The messages from today must be spread far and wide.”
Judging by the nods of agreement in the room after his incisive comment, it’s plain that Robert Hall – Stratford City project centre manager with Westfield, and one of the two chaps sat either side of me for luncheon – echoed the views of many in saying: “I cannot recall a time when a security systems provider has ever come to me and talked about IT.”
Martin reckons that bespoke solutions are the way forward. “It’s great to receive all your reports on a Monday morning telling you what has happened, but they’re meaningless unless analysed and acted upon. There’s a gap in the process. We tend to be too slow and too weak at analysing.”
He explained why he feels written tender processes are a constraint – “It’s difficult to get what you really want without dialogue, and relying solely on a piece of paper is sheer folly”.
In conclusion, Martin stated: “It’s not upfront costs that procurement departments and Boards should be focused on. Rather, it’s about the long-term benefits systems will realise for the host company. Trouble is that it’s difficult to make Boards of Directors understand that concept.”
Reductions in security guarding: real world experiences
Last to speak – ahead of that to-die-for dessert – was Rod Allen, former physical security advisor at IBM (UK) and now an independent consultant.
I’d chatted over lunch with Robert Hall, Trevor Manuel (a technical engineer with responsibility for operational security at FIL Investment Management) and Michael Egdell, EMEA security manager at Thomson Reuters. By the time Rod Allen stood to address us all, I was waiting with baited breath to find out how IBM has coped and dealt with some of these issues.
Rod’s opening gambit was to talk about reductions in security officer numbers. I’ll not recount what he said on this particular issue, as you can watch and listen by accessing the video clip at the foot of this article.
Allen and his team at IBM (UK) wanted a defined security process in front of the officers and managers, and a situation wherein the escalation of that process – when necessary – was an automatic reality.
“If the md needed to be woken from his slumbers in the middle of the night by a security officer earning GB pound 6.00 an hour because there was a problem, we wanted that officer to be empowered to do so.”
Interestingly, Allen doesn’t wish to see a handful of systems producers dominating the security market. “We want systems that are generic and suit everyone. There also needs to be flexibility.”
He backed up that last point by recalling an incident at last year’s All-England Lawn Tennis Championships (held, of course, at Wimbledon).
“The new roof was put on Centre Court, and Court No 2 was effectively ‘dropped down’ by close on four metres to placate local residents. However, the walkway next to the court then posed a problem, as people could lob things over onto the playing surface if they felt so inclined.”
How to resolve the issue, then? “We could have put a fence in, or called for security officers to work on a 24/7 basis. The third option centred on two more cameras being added complete with analytics. The last option was chosen, has been a success and didn’t cost a great deal of money.”
Heading back to Ludgate House
Immediately after dessert I had to hot-foot it back to Ludgate House for an IFSEC 2011 strategy meeting, and a further meeting on the Technology Leaders’ Forum which we are now running in conjunction with Veracity.
I thoroughly enjoyed the Security Directors’ Forum, and congratulate CNL and Frontline Security Solutions for having the foresight to develop the concept before running such a professional event.
I’m very much looking forward to the next gathering, guys!
As for Gordon Ramsay at Claridge’s, the publicity blurb reads: “This restaurant defines glamour. The stunning surroundings are soft and sublime, punctuated by an elegant service. A gloriously modern European menu awaits, featuring carefully balanced dishes that change with the seasons.”
‘The Ramsay Dining Experience’ was all of these things and more. All it needed, in fact, was Gordon to sign a copy of the menu for Annora and my day would have been complete.
Maybe next time…
With this in mind, those bright sparks at CNL and Frontline Security Solutions have joined forces to launch The Security Directors’ Forum specifically to address several key issues, among them: https://baocaosuhome.com/chong-xuat-tinh-som