PSIMs have had a bad rap in the pro security industry for a multitude of reasons; ranging from suppliers overpromising on integration and control capabilities to complexity of implementation and use. However, there is a silver lining to this story.

Today, advanced PSIM solutions are being successfully deployed in commercial applications with the ability to integrate previously disparate professional access, video, notification, building operations and more onto a unified control and management platform. Equally important, these new PSIM solutions are easy to operate, allowing faster and more efficient implementation and use.

To help organisations sort through the many available PSIM options, here are six key attributes to look for in a best-in-breed solution.

Simplifying workflow

Fast and effective response is vital when an incident occurs, and standard operating procedures are critical to achieving this goal. However, even the most well-thought-out SOPs will either be ignored or forgotten if they are complicated (how many command centres have you seen with binders of SOPs covered in dust?), difficult to follow or improperly enforced. Therefore, simplicity is the key to ease of use and consistent response.

Beyond simplifying workflows, the PSIM must also present them in an easy-to-follow and easy-to-understand format, even if the action is brand new to an operator. For example, rather than requiring the user to locate and consult a multiple-page document, an advanced PSIM solution can ask a series of yes/no questions that only require operators to simply click the answer – a far more effective approach, particularly in high-stress and/or chaotic situations.

Operators may begin to tune out alarms or sift through them manually to find a critical situation

Identifying and responding to non-critical events

In a security operations centre (SOC), it’s easy for operators to become overwhelmed by the sheer volume of alarms generated by the ever-growing list of security systems deployed in today’s enterprise environments. Operators may begin to tune out alarms or sift through them manually to find a critical situation, creating the risk that an important incident may be overlooked or a response delayed.

Best-in-breed PSIM systems solve this common problem with automation by identifying and automatically responding to the non-critical events. This provides operators with the time and space they need to focus on those events that are most important and require human intervention and decision-making. Whether the response is automated or requires operators to act, all events are logged and audited, making them available for management reporting and information purposes. More important, the most critical events won’t get lost in the shuffle but will receive the full and timely attention they warrant.

Open architecture of PSIM systems

Without question, the ability to integrate multiple disparate systems into a single, centralised interface is a primary benefit advanced PSIM systems offer. The architecture of these solutions allows them to support and bridge the gap between a wide range of integrated systems over multiple physical locations.

To fully harness and maximise the power of integration, PSIMs must be built on open architecture that provides organisations with a standard tool for integrating their many systems that is simple, easy to maintain, cost-effective and scalable. The flexibility to seamlessly integrate with virtually any solution from a variety of manufacturers – including legacy systems – saves money, streamlines operations and provides more complete information for incident response. Without PSIMs to unify systems, communication between them can be challenging or impossible, substantially increasing the expense, time and potential for error in managing the various solutions separately.

Standardised functionality

To be truly effective, a PSIM solution must also simplify functionality and interfaces across different classes of systems, eliminating the time and cost of custom solutions to deliver a consistent user experience. For example, regardless of manufacturer, every access control or video surveillance integration should perform in the same manner when integrated with a PSIM platform. This ensures security personnel can follow established response procedures no matter what system they happen to be connected to. Consider the impact of introducing an operator to an unfamiliar system or user interface during a high-pressure situation.

Even the most well-thought-out SOPs will either be ignored or forgotten if they are complicated
PSIM must present SOPs in an easy-to-follow and easy-to-understand format, even if the action is brand new to an operator

There is tremendous value in providing an operator with a familiar user interface in any situation to optimise the potential for calm, standardised response. PSIMs with this type of standardisation create consistent outcomes and ultimately ensure adherence to proper practices and standards throughout an entire incident.

Intelligent analysis

In addition to situational awareness, PSIMs can also analyse the data they capture to provide deep insights and intelligence about security, business and overall organisational operations, both in real time and over extended periods of time. Armed with this information, organisations can better prepare for events and identify any potential changes that could improve response and staff adherence to SOPs. These solutions can provide in-depth views into specific incidents as well post-event analysis that can further improve security and operations.

Further, PSIMs should be capable of automating and standardising the creation and initial completion of audit, legal and compliance reports within an incident management system. This generates significant savings in personnel time and ensures not only that the initial report follows a defined company standard, but also that all incidents are reported correctly.

Benefits of advanced PSIMs

Deploying a PSIM solution that complies with industry standard failover and disaster recovery practices is crucial. As the central repository and point of control for security response, it is most important that the system provides redundancy so service will not be affected in the event of an unplanned hardware or network failure.

There are many ways this type of redundancy can be deployed, from SQL and server mirroring to federated servers across regions for both scaling and backup. In our industry, Underwriters Laboratories (UL) provides good standards for running a 24/7 monitoring application under their UL1981 standard. Look for platforms that conform to this standard to ensure the application can meet a rigorously tested failover and redundant configuration for security monitoring.

Organisations that place an emphasis on these important criteria when selecting a PSIM can ensure that they will reap the benefits of best-in-breed solutions that will meet their specific needs. With the ability to seamlessly integrate previously disparate systems into a unified control and management platform with automation and standardised interfaces, today’s advanced PSIMs deliver ease of use, faster and more effective response and most important, enhanced security.

Download PDF version

In case you missed it

Why moving to a risk-based approach helps business
Why moving to a risk-based approach helps business

Today’s security leaders encounter many challenges. They have to operate with reduced budgets and face challenging and evolving risks on a daily basis. Security leaders are often ignored and only called upon when needed or in disaster situations. Many don’t have an ongoing relationship with the C-suite because the C-suite doesn’t understand the value they bring to the whole business. In order to resolve these challenges, a security leader can apply a risk-based approach to their security program. According to  dictionary.com, risk is “exposure to the chance of injury or loss; a hazard or dangerous chance”. Risk is broader than a security concern and involves the entire business.  Through utilising a 3R model - considering resources, risks and resolutions - a security leader can evaluate the output from the model to build the foundation of a strong plan. This allows the leader to make security decisions based on a quantified risk measure.  A business determines what resources it wants to protect, what risks it needs to protect the resources from and what resolutions it can put in place to mitigate the risk. Decisions are based on measurable evidence. Free online risk assessment tools are available to provide a fast, easy way to determine an organisation's basic security risks through an investigative approach The 3 Rs The first step in the 3R model is to figure out what resources need protection. This could be physical - such as buildings, critical infrastructure or valuable equipment, knowledge-based - such as intellectual property, or organisational - such as people or governance structure. Understanding the business will help the security leader develop a list of critical elements. Look for tangible resources such as buildings and machinery, and intangible resources like reputation, knowledge and processes. Second, determine what the resources need to be protected from. Anything that threatens harm to the organisation, its mission, its employees, customers, partners, its operations or its reputation could be at risk. These can include contextual risks (workplace safety or natural disasters), criminal risks (theft or cybercrime) or business risks (compliance or legal issues).  Anything that threatens harm to the organisation, its mission, its employees, customers, partners, its operations or its reputation could be at riskFree online risk assessment tools are available to provide a fast, easy way to determine an organisation's basic security risks through an investigative approach. The tools ask several questions and determine risk based on an organisation’s location and the answers provided. Security leaders can also work with security companies and consultants that offer risk assessments to determine their company’s needs, and then offer solutions based on that assessment.  The third objective is to determine how businesses can best protect the identified resource. The last of the 3 Rs - resolutions - are those security activities that enable the business to mitigate the impact of security risks. Resolutions can potentially prevent a security incident from occurring, contain the impact to resources if an event does occur and also assist the organisation in recovering from an impact more quickly or easily.   The first step in the 3R model is to figure out what resources need protection, this could physical such as buildings or critical infrastructure  The path forward Understanding what risks a business faces in totality provides an opportunity for the security leader to collaborate with other department heads. This gives security leaders an opportunity to engage with functions outside their norm as well as a chance to demonstrate their subject matter expertise. A risk-based approach also helps security leaders fully understand an organisation’s needs and concerns, which they can communicate to the C-suite to help them make better business decisions. Metrics can also help business leaders understand the cost/benefit of resolutions C-suite and executives help define an acceptable level of security risk tolerance to resources and make quality, educated decisions about mitigating security risks. Through collaborating with security leaders using a risk-based approach and the 3R model, metrics and reports show the impact of security expenses, and there is a transparent view of security risk. The final decision about how to mitigate and resolve risks is up to the business owner of the resource and the risk stakeholders. To obtain funding, show the risk and value of resources exposed to potential impact. Then present the recommended resolution that reduces the potential level of impact and the associated cost benefit savings. By providing this information, security leaders can ensure that the business owners can make an educated decision. Measuring success A risk-based approach aligns the security mission with the organisation’s mission. Security leaders should have these conversations with their business leaders on a regular basis. Understanding the thresholds of risk tolerance and showing when incidents or activities are trending outside of acceptable boundaries will help business leaders make educated decisions. The 3R model also helps a business to track occurrences, quantify the direct and ancillary impact and make continuous adjustments to the security program Determining a baseline of acceptance gives a foundation for security leaders to point out when the organisation is not meeting its own requirements. Metrics can also help business leaders understand the cost/benefit of resolutions and demonstrate when costs may be trending outside of acceptable boundaries. The 3R model also helps a business to track occurrences, quantify the direct and ancillary impact and make continuous adjustments to the security program. It is important to note that this process is not stagnant, and needs to be constantly revisited. Examining risks, resources and resolutions in a systematic way will help security leaders understand what they are protecting Defining risks and vulnerabilities Continuous conversations using the 3R model also help business leaders understand what security risks could interfere with meeting business objectives. It also aligns the total cost of ownership for the security program with the business value of the resources at risk.The approach puts the security risk decisions in the hands of the ones impacted by those risks And it defines the security role as risk management, not just task management. The approach puts the security risk decisions in the hands of the ones impacted by those risks…the “owners” of the resources. Examining risks, resources and resolutions in a systematic way will help security leaders understand what they are protecting, what they are protecting it from, and how they can help prevent, contain or recover against a specific risk. Followers of this approach are in a better position to ask for funding because they can clearly define and quantify risks and vulnerabilities. Applying these principles will equip security leaders with the knowledge needed to have better dialogue with colleagues in other departments, encouraging more proactive discussions about security.

Why regional? Inside ADT's mergers and acquisitions of US security integrators
Why regional? Inside ADT's mergers and acquisitions of US security integrators

ADT Inc.’s acquisition of Red Hawk Fire & Security, Boca Raton, Fla., is the latest move in ADT Commercial’s strategy to buy up security integrator firms around the country and grow their footprint. In addition to the Red Hawk acquisition, announced in mid-October, ADT has acquired more than a half-dozen security system integration firms in the last year or so.  Here’s a quick rundown of integrator companies acquired by ADT: Protec, a Pacific Northwest commercial integrator (Aug. 2017); MSE Security, the USA’s 27th largest commercial integrator (Sept 2017); Gaston Security, founded in 1994 as a video surveillance integration company and whose services have since expanded to include intrusion, access control, and perimeter protection (Oct. 2017); Aronson Security Group (ASG), which delivers risk and security program consultants and offers advanced integration services, consulting and design engineers and a National Program Management team (March 2018);  Acme Security Systems, among the largest privately held security systems integrators in the Bay Area, focusing on electronic security systems, access control, video networks and more (March 2018); Access Security Integration, a regional systems integrator specialising in design, delivery, installation and servicing of electronic security systems including enterprise-level access control, video and visitor management solutions, perimeter security and security operation command centers (Aug. 2018); In addition to their moves in the commercial integrator space, ADT has also sought to expand their presence in cybersecurity with the following two acquisitions: Datashield, specialising in Managed Detection and Response Services (Nov 2017); Secure Designs, Inc., specialising in design, implementation, monitoring, and managing network defense systems, including firewall services and intrusion prevention, to protect small business networks from a diverse and challenging set of global cyber threats (Aug. 2018). ADT has acquired more than a half-dozen security system integration firms in the last year or so For additional insights into ADT’s game plan and the strategy behind these acquisitions, we presented the following questions to Chris BenVau, ADT’s Senior Vice President of Enterprise Solutions. Q: ADT has been actively acquiring regional integrators this year – more than a half a dozen to date. Please describe the history of how ADT came to embrace a strategy of acquiring regional integrators as a route to growth? ADT's acquisition of Red Hawk is set to close in December, and brings premiere fire and life/safety solutions BenVau: Our acquisition strategy started at Protection 1 when we embarked on our journey to build out our commercial and national account business and add enhanced integration capabilities to our portfolio. The merger of Protection 1 and ADT brought that foundation to ADT which up to that point was primarily a residentially and SMB-focused company. After the merger, we set out to identify and acquire additional regional integrators that would continue to build on that foundation and deliver enhanced technical solutions, advanced technologies and an expanded service, install and support footprint. Through our acquisitions we now operate two Network Operations Centers and three Centers of Excellence. We are also unique in the industry with the number and variety of certifications, like Cisco and Meraki, our engineers hold which ultimately allows us to offer Managed Security as a Service. They have also enhanced our operational capabilities. Q: What criteria do you use to evaluate whether an integrator is a good “fit” for ADT? BenVau: First and foremost, we look at the culture of the companies. The companies that we target for acquisition must be metrics- and customer service-driven. Secondly, we look at the leadership teams. ADT view their acquisitions more like mergers and take a patient approach to integrating them into their business We have been fortunate in the fact the leadership of the companies we acquired remain with us today in key management and executive positions helping to drive continued growth within their organisations. We also evaluate their current customer base, unique solutions and their ability to complement and enhance our portfolio with the goal of becoming a leading full-service, enterprise commercial provider. Our acquisitions have bolstered our network capabilities, brought enterprise risk management services, and a broader solution set in high-end video and access control solutions. Our most recent acquisition – Red Hawk, set to close in December – brings us premiere fire and life/safety solutions. Q: What changes are typically needed after an integrator is acquired in order to adapt it to the ADT corporate model? BenVau: We view our acquisitions more like mergers and take a patient approach to integrating them into ADT while taking into account their culture. We want to ensure that we find the right positions for their people, embrace the right messaging and put the right processes in place. We acquire these companies because they are the best in their respective businesses and geographies and bring their knowledge and experience in markets or with solutions that we may not have had previous access to. ADT can support clients with their own in-house technicians which helps to ensure a consistent security program Q: How can regional integrators benefit from the ADT brand? Have your newly acquired integrators realised additional growth? BenVau: The companies we have acquired, generally, have exceeded expectations and surpassed initial goals. ADT brings expanded opportunities for these companies as well with our national footprint. Our National Account Sales Team has seen impressive growth over the years and are only limited by our ability to deliver. These integrators help to deliver on that. In the past, the regional players may have had to rely on sub-contractors to service their larger clients. With ADT, we can now support those clients with our own in-house technicians which helps to ensure a consistent security program across multiple locations.Our National Account Sales Team has seen impressive growth over the years and are only limited by our ability to deliver" Q: Are additional integrator acquisitions planned this year and into 2019? How much is enough and when will it end (or slow down significantly)? BenVau: We expect to close on our latest acquisition, Red Hawk, before the end of 2018. Red Hawk brings a national footprint focused on fire/life safety and security to ADT. While ADT already had a robust security offering, Red Hawk will contribute significantly to the fire side of the business. In addition, we will continue to evaluate the companies in the industry to determine if additional acquisitions make sense. Q: Do you expect greater consolidation of the integrator channel in the industry as a whole? Why is this a good time for consolidation? Is it a good M&A market for buyers like ADT? BenVau: We will continue to evaluate companies in the industry to determine if further acquisitions make sense. As for the industry, we can only speak for ourselves. Our focus is on investing in our field organisation, in particular our service technicians, engineers and project management teams" Q: What other trend(s) do you see in the industry that will impact ADT (on the commercial side) in the next year or so, and how? BenVau: In addition to their moves in the commercial integrator space, ADT has also sought to expand their presence in cybersecurity Networking is a big one. As we continue to drive integration of devices and services, from AI, “the cloud,” machine learning and even analytics, there will be more focus on the network they ride on. A deeper knowledge of network design, bandwidth impact, and system integration will be critical. As part of our acquisition strategy, we focused on talent to add to the team and have been able to add to our bench strength in this area. Q: Any other comments/insights you wish to share about ADT’s strategy, future, and role in the larger physical security marketplace? BenVau: Our focus is on investing in our field organisation, in particular our service technicians, engineers and project management teams. The cornerstone of our success lies in our ability to deliver outstanding customer support and service. It starts with sales and the ability to deliver security and life safety technologies, but it ends with a delighted customer who partners with us to help secure the things that matter most to them. Our recent acquisitions have more than doubled our commercial field operations teams and are key to establishing the ADT Commercial brand as a leading full-service provider of enterprise solutions to the marketplace.

Does “security technology” cover the broader application possibilities of today’s systems?
Does “security technology” cover the broader application possibilities of today’s systems?

The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?