may 2023
Enterprise Services
By Sarah Ludwig Rausch, Contributing Writer
Optimizing your security program can reap big benefits for your entire enterprise.
8 Ways to Optimize Operations and Support Business Continuity
ilkercelik / iStock / Getty Images Plus via Getty Images
There are numerous ways to optimize security operations, such as implementing technology, consolidating vendors or harnessing the power of automation.
“Everything we do as security leaders needs to be with optimization in mind to ensure that we’re giving the organization value,” says Alan Saquella, CPP, Professor at Embry-Riddle Aeronautical University’s College of Business, Security and Intelligence.
The benefits gained from optimizing your own program can spill over into advantages for the rest of the enterprise as well. Here, seasoned security leaders share eight strategies for optimization and case examples of how their approaches translated into increasing operational efficiency and supporting business continuity within their enterprises.
Christopher R. Lanni CPP, CMCA, AMS, President and Founder at Secure Residential Services, LLC. Image courtesy of Lanni
Alan Saquella, former corporate security executive and Professor of Global Security and Intelligence at Embry-Riddle Aeronautical University — College of Business, Security and Intelligence. Image courtesy of Saquella
SVP and Senior Director of Physical Security, Safety and Facilities at Black Knight. Image courtesy of Skoglund
Greg Wurm, VP, Chief Security Officer, Elevance Health. Image courtesy of Wurm
1. Consolidate Platforms and Technologies
“Security leaders should leverage a single pane of glass methodology that allows for multiple technologies and platforms to be viewed through a universal — and often easier to view — platform,” says Michael A. Skoglund, SVP and Senior Director of Physical Security, Safety and Facilities at Black Knight, a fintech company. Skoglund says this unified monitoring lets multiple users simultaneously view and correlate alerts such as access logs, camera analytics and data.
Moving to a single platform for security tools has been a big investment — and a big win — for Greg Wurm, CPP, Vice President and Chief Security Officer (CSO) at Elevance Health. “It has helped us to better manage the operations more effectively and efficiently and reduced our budget as well because we don’t need as many subject matter experts (SMEs) to run it,” he says.
The single platform was especially vital during the pandemic, when buildings needed to be locked down and only verified people let in. “If we were trying to do that on multiple disparate systems with multiple people, it would not have worked,” says Wurm.
2. Implement Automation
Wurm’s team has also utilized automation to help manage operations, some through third-party programming, but much created internally. These automation technologies help meet compliance regulations and monitor the health of systems. No more discovering during a routine check that the CCTV operations went down and footage is missing.
“We know right away where it’s out, how long it has been down and we can remotely resolve it or get a technician out so that we’re meeting compliance with either contracts or government regulations,” Wurm says.
Automation has also promoted efficiency for onboarding new hires. “It used to be you had to submit multiple tickets that went to multiple people for approval, and then it took several days to give them access,” says Wurm. “There was lots of human interaction and error.” Now that everything is automated, it’s done within a couple of hours.
Skoglund believes automation is a critical component of operational optimization. “Utilizing automation can drive consistent systems of record and ensures immediate changes and updates,” he says.
For instance, employee termination information is received in real time at Black Knight, enabling physical access to be updated immediately, reducing the risk of excess access to the organization and enabling adherence to both regulatory requirements and client expectations.
3. Create Efficiencies
In the residential setting, recent technology trends such as mobile access control credentials, hands-free door opening controls, electronic visitor management programs, electronic keys and video camera technologies boost optimization, says Christopher R. Lanni, CPP, CMCA, AMS, President and Founder of Secure Residential Services, LLC.
“These create efficiencies in tasks, more consistent outcomes, save time and allow property managers to direct their resources to what’s most vital in the community,” Lanni says.
These efficiencies also work to optimize overall operations. For example, Lanni says electronic key control systems can notify staff if a key isn’t returned so a staff member doesn’t need to routinely conduct key audits. A visitor access program allows staff and residents to authorize incoming guests, visitors and contractors quickly and easily. Video camera software lets users conduct searches using specific criteria in a fraction of the time.
4. Understand the Business
“As security professionals, we need to lead with a business mindset,” says Saquella, a former security director at Cox Communications, a telecommunications firm. Thus, it’s crucial to have a strong knowledge and understanding of the business you’re securing. The more you know about the enterprise — how it operates, what it does, its suppliers, technology, needs, etc. — the easier it is to protect it.
Similarly, “You’re responsible for protecting the people, product, property, information and the brand,” Saquella says. “It’s imperative that we get out there, that we listen, we talk, we learn, we assimilate information, we analyze it and come up with solutions. This is an ongoing process that you never want to stop.”
“Earning and retaining the trust of our employees to produce a safe, secure and productive work environment is critical to optimizing our security operations.”
— Michael A. Skoglund, SVP and Senior Director of Physical Security, Safety and Facilities at Black Knight
5. Insource Expertise Where Possible.
One strategic move Wurm’s team made was to insource much of their subject matter expertise. Not only has this been more cost effective, but it has also helped keep business operations running smoothly, increased employee retention and reduced vendor cost and reliance.
“We don’t have the turnover that you might see in vendor support, where you lose the historical knowledge of how your system is set up or you have to train somebody all over again,” Wurm says.
6. Leverage Real-Time Security Event Tools
Skoglund’s team uses security event tools and, where possible, looks for use cases with non-security departments within the organization. For example, the marketing and communications departments can use these tools to track reputational or brand risk.
“We really look to fully utilize the capabilities of these tools and it has allowed us to streamline operations through built-in workflows, escalations and notifications that absolutely impact the overall enterprise’s operations,” says Skoglund.
Skoglund also uses in-house security tools for tracking executive travel. This allows monitoring of executive travels across the globe in real time and enables executives to receive automated alerts.
“The safety of our executives can absolutely have an immediate impact on operation of business,” Skoglund says. “It’s leveraging existing security tools that aren’t just security specific, although they may be viewed as such.”
7. Show the Return
Along with operational acumen, Saquella says security professionals need financial acumen. “You need to be able to speak the language of business, which is finance and accounting,” he says. “You need to be able to sell your cause because they want return on investment.”
A three- to five-year security plan that includes budget projections, equipment enhancements and input from other departments is vital. “We can’t just plan by living and breathing in a silo, we have to see what the security and safety concerns are of entities within the organization,” says Saquella. That means attending department meetings and regularly meeting with the C-suite to understand their concerns.
8. Remember That People are Key
“The one thing that cannot be forgotten is the people,” says Skoglund. “Earning and retaining the trust of our employees to produce a safe, secure and productive work environment is critical to optimizing our security operations.”
Interacting with company and departmental leaders regarding employee training and security policies and procedures enhances communication and builds trust so employees are more empowered to engage and report incidents.
Best Practices for Security Supporting the Business
Know your environment. “I really can’t overemphasize the importance of understanding the environment in which you serve, no matter what your role is,” says Lanni.
He believes security leaders will find that time invested to gain organizational understanding will be returned in abundance to both themselves and the organizations they serve and help them become true assets to the enterprise.
Build partnerships. “The key to optimizing security operations is you must first build partnerships with other departments within the organization and gain the support of executives and the C-suite,” Skoglund says.
His team does this by looking at how they can help another department solve a problem or pinpoint where there may be overlapping risks or tools. This enables the team to be viewed as teammates and trusted partners within the organization.
Be a good financial steward. “Be open, challenge your vendors and whenever possible, always be looking for opportunities to enhance and improve but not spend more,” Saquella advises.
In his previous role, Saquella went to his security vendor after multiple break-ins and burglarizing of company vehicles where cameras couldn’t reach. The vendor recommended a drone company, and the drone’s talk-down capability immediately halted the problem.
Patience is golden. “Have a plan and a strategy for executing it, but don’t try to get it all done right away,” offers Wurm. “Some of this is going to take capital investment over the course of a couple of years, as well as a lot of resources, both vendor and internal.”
Rushing the process may lead to mistakes. For example, as Elevance acquires new companies, there’s temptation to get them on the new system right away. Instead, Wurm says his team first does a risk parity assessment and then looks at compatibility and integration.
“Taking the time for evaluation and having that strategy and plan in place has really paid off for us,” he says.
may 2023 / SECURITYMAGAZINE.COM