Dan Solomon writes about the infrastructure operators’ reluctance to invest in security solutions, and the implications for vendors.
The reluctance of the operators in some sectors of critical infrastructure to invest in physical security solutions will remain a major contributory factor to limited growth within the security industry across Europe. A return to slightly more buoyant investment in physical security solutions in 2011 has reflected the heightened attention being given across Europe to assessments of risk to critical infrastructure, and the ongoing programmes for replacing legacy surveillance and access control systems. However prudent investment attitudes are still very entrenched with many sectors taking an incremental approach to upgrading their security systems, and markedly so in the UK where growth of less than four per cent is projected in 2012-3 across energy and utilities sectors. <br><br>This is somewhat exacerbated by the more urgent allocation of greater investment spending to cyber-security, and the conflicting priorities between risk and security managers for investment in specific Business Continuity Management (BCM) initiatives that are coming under greater scrutiny across these sectors. Nevertheless, in real terms, investment in physical security will continue to lag recommendations particularly in perimeter security, and surveillance software. The underlying reluctance to invest in security among operators of critical infrastructure, must been seen within the context of their business environment. While they are facing business pressures of operating profitably, ensuring investment in necessary strategic infrastructure projects, adhering to environmental regulation and with strict cost management in the current financial climate, any investment in security solutions requires a clear business case. <br><br>One of the major factors contributing to the low investment is the perceived weaknesses of new solutions. The challenge in new technology is two-fold. From a commercial perspective there is reluctance to adopt new technology that is not long-established in the market, and the lack of relevant references does hamper the adoption of new technology, though this is changing rapidly. Furthermore there is such a broad range of solutions being developed by SMEs, that it is proving impossible for operators to be fully conversant with the range of solutions available. This has two direct effects. Firstly is limits the access to major operators to only the largest integrators, with long established brands, that can offer better perceived reliability; Secondly it restricts operators choices of the more advanced technology solutions.<br>Related to this is the perceived value for money that the systems offer, which may be weak without a indisputable body of ROI [return on investment] evidence, or simply that the solutions are positioned more for security value than commercial value. This varies according to the type of firm offering solutions, as there are some niche firms that offer competitively priced solutions. <br><br>The operators are also reluctant to invest in security technology which may prove difficult to integrate in future iterations of the technology, particularly for access control and video surveillance. This tends to disadvantage the smaller firms which need to assure operators of an evolutionary path of their systems, and continuity of technical support and research and development (R&D).<br><br>The technology deficiencies represent an important consideration limiting demand for security solutions, but this is likely to decrease over time as awareness increases, and buyer pressure prompts technology vendors to better position their solutions. Further consolidation in the industry, with major integrators acquiring upcoming technology will also accelerate this process. The recent surge in technology development specifically for crowd monitoring in transport networks, and sporting events like the football world cup and the Olympics, is being pushed towards infrastructure protection applications, but take-up has been disappointing. As a result, some R&D budgets were cut in 2011, and the proportion of resource allocated to new product development will remain lower than historical levels until 2013 as some technology is still perceived as being a little ‘ahead of the curve’. <br><br>This reflects one perspective: that the technology is current sufficient to exceed some expectations. However the ability to integrate the technology remains the more critical ‘gap’, and ease of integration will remain one of the most compelling advantages of new systems coming to the market. There has been a growing recognition of the benefits of more complex integrated security systems throughout the whole security community, though the rates of migration vary considerably across the different sectors of critical infrastructure. This drive towards convergence of physical and logical control, has intensified structural shifts in the supply-side of the market.<br><br>Supply-side <br><br>In order to drive the adoption of increasingly complex security solutions, the supply side of the security industry is evolving rapidly. As offerings must meet the expected standards and also to serve the diverse needs of the infrastructure operators for cost and operator efficiency, the development of product offering, solution technologies & configuration, and market approach, are all contributing to a constantly changing market structure and competitive landscape. New companies are aggressively trying to enter new sectors, which has prompted existing suppliers to reassess their practices. While supply across Europe is still very country-specific, there is a clear growth in pan-European market penetration among the major primes seeking to leverage their international experience within specific sectors. In the current economic climate, there is fierce competition between leading integrators, and among technology vendors through distribution channel strategies, as an increasing amount of suppliers seek routes to the major infrastructure operators either directly or through established partner networks. <br><br>The leading primes must to be able to provide a comprehensive product portfolio and integration capabilities, in order to position themselves to exploit opportunities among major infrastructure operators, which require complex solutions. In the near term there is unlikely to be significant consolidation among the major integrators, as there is still scope for expansion and differentiation in terms of portfolio and integration capabilities. Moreover the rush to achieve more ambitious product portfolio goals, and access to new client bases and references, is sustaining interest in growth through acquisition. However within some specific sectors like electricity and ICT it is especially challenging for new entrants, and some integrators are likely to downgrade their efforts to enter the larger markets with more entrenched incumbent suppliers. The focus on cyber security is providing an opportunity for leading primes that also provide SCADA systems, to emphasis the cyber security credentials of their other solutions, but this is one area where there is greater pressure to prove the reliability of their systems.<br><br>Low buyer awareness<br><br>The level of buyer awareness of technology and system capabilities through a wide range of sectors is relatively low. Systems are becoming rapidly complex and the range of choice is high, which is making it increasingly difficult for end users to understand the capabilities they can buy. This asymmetric level of knowledge between suppliers and buyers, is adversely affecting the ‘market’ and therefore critical infrastructure protection. There is an assumption that the ‘market mechanism’ will ensure that the best and most cost-effective solutions will be adopted, but this is one structural fault in the current market conditions when considering the unmet needs of the buyers. Infrastructure operators are not investing sufficiently in the right systems, and a supply-side push is required. Due to the asymmetric nature of the relationship the onus falls on the suppliers to improve their process of marketing and selling, through a more consultative approach, and better familiarity with the end users and their issues. Moreover, the degree of scepticism among buyers about the value for money and the integrity of service and support provision also ‘clouds’ engagements with buyers, who do not have confidence in major procurement decisions for integrated systems or with previously unfamiliar supplier or technology. It is unlikely that buyers will be able to improve their knowledge of technological capability and system functionality, and therefore the pressure on the suppliers to improve marketing effectiveness, augment sales capabilities, and provide more compelling justification for the potential returns on investment, and relatively value for money within the overall total cost of ownership. <br><br>Understanding end-user risk<br><br>While suppliers are currently aware that buyers’ budgets are being limited, they are less aware of the risk posture of buyers in taking the decision to cut security budgets. It may be argued that the buyers are not fully aware of the implications of their decision to limit budgets, and to a degree this is a valid argument. Operators are effectively increasing their risk exposure by not maintaining their investment in security in proportion to the risks they face and the investment in capacity. However, suppliers can benefit from better awareness of end user risks in order to build a more compelling argument for investment. This requires greater familiarity with the domains and issues that the operators face. There is a clear competitive advantage to suppliers that can inform the operators of specific types of threats that their systems will help to mitigate, and how the systems would operate specifically. This requires a more in-depth knowledge of the operating environment, but there is a clear business incentive for suppliers to leverage this knowledge in their sales and marketing approach. This has been a very effective in a consultative selling approach adopted by the major integrators, and it is now a challenge for specialist technology vendors to adopt a more sophisticated selling and marketing process.
