Should security be a CAPEX or an OPEX? Is the trend shifting?
6 Oct 2020
Should security spending be a one-time capital expense or as an ongoing operating expense? At first glance, the question appears to be an accounting issue with little impact on the actual equipment or systems involved. However, as security professionals seek to cost-justify new systems, the question may be central to providing the “best security for the money” and a system that fits the company’s continuing needs. We asked this week’s Expert Panel Roundtable: Should security be a capital expense (CAPEX) or an operating expense (OPEX)? Is the trend shifting and what is the impact?
The answer is OPEX and the trend is absolutely shifting. The forces that are causing the shift are from the customer and the security integrator. Today’s customer is recognising there’s very little value in ownership and the antiquated CAPEX consumption model. The reason is the rapid depreciation of the solution, driven by an acceleration in technology. Economics 101 says you don’t take after tax-dollars and throw it and a non-revenue generating asset that plummets in deprecation the day after it’s installed. This is why more and more customers are embracing the subscription consumption model or Security as a Service. At the same time Integrators are desperately seeking ways to sell more services to build Recurring Monthly Revenue (RMR), which is received monthly. A subscription is paid monthly. Neither of those fit into a CAPEX model. The good news is the impact serves great value to both the Customer and Integrator.
Up until a few years ago, security spending would have most likely been a CAPEX item. However, with growing pressures on company cash flows due to the severe economic issues brought about by both the pandemic and the resulting financial effects, this is now trending towards an OPEX point of view, with the acquisition of technology on an ‘As a Service’ model. Security as a Service has been a progressing trend in recent years, and the pandemic is only accelerating the inevitable. Procuring services on an ongoing basis is completely normal for many other business services (with monthly or similar payments) as it spreads out the costs and adds greater flexibility in terms of scaling services as required. The benefits for security suppliers are also apparent. The pressure to constantly drive sales each month is reduced, as longer-term and more stable contracts stabilise revenues.
Security solutions are a necessity for companies across the globe, regardless of organisational size. As with all things, we should provide customers with the option of both CAPEX and OPEX purchase plans, helping to tailor custom solutions from technology selection to payment options. However, we have seen an increase in customers using their security system for more than physical security or asset protection. Sometimes the business intelligence tools, advanced analytics software, and AI toolsets can seem out of reach. We have also noticed rapid innovation and change in security industry technology, suggesting solutions deployed today could quickly become obsolete. The best way forward is to embrace options available with an OPEX model and shift customers to a monthly recurring cost where possible. This strategy increases customer stickiness, gives the customer protection from outdated equipment, and opens the potential for capital expenditure that would have been taken off the table otherwise.
There is no black-and-white answer to this question because there are typically a variety of budgetary constraints and procurement norms -- both inside of organisations and within specific industries -- that influence how businesses procure IT solutions. How or when someone pays for security matters at some level, but because security is not a “set it and forget it” solution, it requires regular updates and upkeep to remain valuable. It’s also important to remember that the work of the vendor does not end when a solution has been delivered to the customer. Customers expect vendors to help them realise the outcomes they had envisioned when they first selected the product. From this perspective, it makes sense that the vendor is held to account – and paid on an ongoing basis to keep the solution current and fit-for-purpose as the organisation continues to evolve.
Security from a broad perspective should be accessible whether you're a Fortune 100 company, or a mom-and-pop shop with a single location. Arguably, the shift toward implementing security to more of a managed service, or OPEX, allows a broader segment of the population to access security solutions in line with their ability to invest in what could be technology and oversight that might be cost-prohibitive. Another factor in the emergence of OPEX is the idea around Security-as-a-Service (SaaS) in delivering a service-based approach that takes the burden off the end user and places it in the hands of the integrator and OEM. For the integrator, the recurring nature of revenue helps even out challenging months with reliable income while the end user benefits from cost-sharing across a period instead of an all-at-once investment. Integrators should be getting on board with the concept as more end users are demanding it.
It's not a matter of "should" security be one or the other. Integrators and dealers are going to have clients that need to keep the same cadence for security technology updates and investment through a CAPEX model because that's what works for them. But more and more businesses are taking a step back and determining that the high up-front expense and ongoing upkeep of this model just isn't working for them anymore. So they become more open to an OPEX model, where they engage in an agreement with a managed services provider that can provide ongoing support and automatic updates that keep these technology investments operational for longer, with little to no engagement needed from the organisation. As more organizations realize the lower TCO associated with the OPEX model, as well as more functionality and options coming down the pipeline from these MSPs, we will see that shift continue.
It wasn’t long ago that IT departments were reliant on internal mainframe computing technologies with each new application requiring the purchase of yet another black box. SaaS providers and cloud companies such as AWS have put an end to most of those CAPEX purchases. The same migration is happening in security with video as a service (VaaS) and other cloud-based service offerings. Making an OPEX investment in cloud video storage as opposed to a CAPEX investment in a DVR hard drive is but one example. Increasingly, security investments are made in solutions in which equipment (i.e., CAPEX) is simply one piece of a much larger puzzle. As devices on premises/at the edge become cheaper, more powerful and centrally administered in the cloud, these security solutions will further lend themselves to a recurring OPEX service model. Expect to see OPEX take a larger share of security budgets as cloud-based services evolve.
The bottom line is that security should be a priority, whether it’s a capital expenditure or an operational expenditure. Each organisation has a level of risk that they must address; the decision then becomes: how much risk can I feasibly assume or address with my current security department? OPEX is quickly being seen as a way to do more with less infrastructure by shifting the security management to an external managed service provider that is equipped to provide security oversight (as well as overall system health monitoring). For example, enlisting a managed services approach to global security operations centers is designed to provide a level of emergency response, protection, detection, risk mitigation, and prevention support that typically is only synonymous with Fortune-level businesses. The result of this OPEX shift is more ROI for organisations, a greater ability to harness the power of global security operations at any level, and the tools needed to manage security incidents before they become significant threats.
Emergence of cloud and subscription-based physical security systems is one factor driving a shift from considering security as a one-time capital expense to deeming it a monthly operational expense. For integrators, the shift helps to ensure a steadier cash flow including recurring monthly revenue (RMR). For end users, paying for a service by the month may put more expensive and advanced technologies within budgetary reach. And spending is more predictable. As one Expert Panelist asserts, the issue isn’t “should” a system be one or the other, but the ability to provide whichever option works best for a specific end user company.
- Baltimore is the latest U.S. city to target facial recognition technology
- ASSA ABLOY Opening Solutions embraces BIM to smooth specification and installation of door security solutions
- Open Options paves the way for new customers in access control
- Panasonic AI-driven cameras empower an expanding vision of new uses
- Getting to know Dan Grimm, VP and General Manager of Computer Vision at RealNetworks
- Big wins and the importance of showing up: Insights from SourceSecurity.com editor Larry Anderson
- Setting goals, business travels and radioactivity: Success secrets from Tiandy's John van den Elzen
- Getting to know Jeff Burgess, President/CEO at BCDVideo
Smart and reliable rail and metro operationsDownload
5 ways RFID readers can secure your workplaceDownload
Simplified security for utilities & critical infrastructureDownload
Webcast: Save time and money with Wireless Access ControlDownload