Security: Process or Result?

Tony Security Leave a Comment

What does being a provider of security mean?

What does it mean to provide security to a person or a group? To some it means that we provide them with processes, people and equipment to keep them secure. At a simplistic level that’s what we do. We provide things to decrease the risk of bad things happening. The word ‘provide’ in this context isn’t entirely accurate. When we provide something it is generally because the consumer wanted it, or at least they understood that they needed it. Often times the processes or people we ‘provide’ are not wanted nor are they understood. But is security really about providing these things? Or is it more about the result that we provide? Is it the outcome of all of the processes that is security or the processes themselves?

Selling the wrong service to the right customer.

The customer wants security. They call and ask for security. They try to explain what type of security that they require (single operative, team, technology etc) but they are not the experts. We need to know what they need even if that isn’t the service we sell. What the customer needs and wants is not the process, it’s the outcome. They want to feel secure. The tools and processes they think that they need to get there may not be what they actually need. This can cause a dilemma for security practitioners.

Let me give you an example. I once spoke with retailer who had been burgled. He called me for security advice after the fact. Some guys had broken his front windows and looted his store while the store was locked up. I asked him if he had made any changes already and he told me that he had engaged a security guard in the store and an alarm response service from the same company. I asked him how he felt about that and he said it gave him some peace of mind knowing someone would respond if his shop was looted again and made his night employees feel safer in the store while it was open. When I explained to him that neither of those things prevented his store being burgled again he was perplexed. He had been sold a solution (very well) to the wrong problem. He was sold a solution to feeling better should his store be burgled again. He wanted the emotion of security not the reality. I provided with him with a solution that provided real security but I really had to explain this solution to bring about that same feeling of security he had already been sold.

Being safe or feeling safe?

We operate at the level of emotion. Not ours but our clients, their employees and their customers. Our perceived  performance  is directly related to the emotion we illicit in the people we secure. All of the procedures, processes and controls must be balanced against  this reality. We may not like it and it may mean that we aren’t as secure as we (as professionals) would like sometimes but it is the reality of the service we provide. Just as important as the processes we deliver is the resulting emotion, whether positive or negative.

Providing security

So if we can establish that we are trying to implement security as a verb (secure) in order to illicit security as an emotion (adjective) then what can we do to bring about that condition?

In a client/provider relationship it’s about being able to walk the walk but also about being able to talk the talk. Knowing how to explain and communicate what we do to people who don’t know what we do. Providing that peace of mind through confidence, clarity and communication. It’s something that we haven’t done so well in the profession as a whole. We talk security ‘at’ people in language that we understand. We don’t talk business and we don’t talk client and those are different languages. We need to condition ourselves slightly better to communicate what we do so that it brings that feeling of security as well as the processes of security.

What I mean when I say that we talk security ‘at’ people. We have tendency to talk about our processes and the negatives that they prevent without emphasising the positive benefit to the client. Why do we have that access control in the lobby?  It may be to keep criminals and terrorists away from sensitive areas but the average client manager who pays the invoice doesn’t see the same risk level from those threats as we do. But we also do it so that employees feel safe enough to come to work and therefore work more productively. That’s the feeling we bring and that’s where the emphasis of our communications should be. That is where we need to get so much better as a profession. In understanding the outcome we can often get better at selecting the correct process to get there. I’m not talking about ‘security theatre’ here. I’m talking about selling the right solution to the clients problem and being able to communicate why that is the case.

To bring about the feeling through the process is true security.

Leave a Reply

Your email address will not be published.