By Erez Goldstein, Nice Security Blog
Part I : Achieving Operational Savings
There are those who say that security systems, specifically PSIM solutions, don’t provide true ROI, but are simply a cost of doing business. Personally, I believe that PSIM solutions are a great vehicle for security management, which save expenses and prevent unnecessary costs. In this two-part blog, I’ll explore two types of ROI value that PSIM systems deliver.
The first type, and the one most often discussed in relation to PSIM, involves “doing more with less.” This is all about achieving immediate and frequent savings, usually associated with improved utilization, faster responses, or the use of fewer resources for day-to-day operations.
PSIM can make operations more effective and efficient in a number of ways, which in turn can result in substantial savings. Here are some of the ways:
Increased Personnel Effectiveness
With PSIM, organizations need not rely solely on the experience, training or capabilities of individual operators. Instead, PSIM guides whoever is seated in the control room and automates many of the tasks to ensure that they are always done. This results infaster incident response times,better collaboration between departments and stakeholders,and shorter reporting times on the back end.
Control Room Consolidation
PSIM can also integrate systems and sub-systems across any number of locations, so organizations can consolidate control rooms and handle response and security operations from a single location. This equates to less space, fewer people, and lower costs.
Reduced False Alarms and Dispatches
The cost of false alarms and resulting unwarranted dispatches can be substantial for some organizations, not to mention the drain on internal resources. PSIM can reduce false alarms by correlating different data sources and giving operators the ability to instantly verify the authenticity of an alarm prior to dispatching resources.
Elimination of Rip & Replace Costs
In order to keep up-to-date with the latest security technologies, organizations often choose one vendor for a specific technology across all sites to simplify operations. With PSIM, organizations can make smarter capital expenditure decisions. That’s because it’s no longer necessary to do a complete rip & replace. PSIM can unify a myriad of technologies seamlessly under a single user interface. The different underlying systems are invisible to the control room operator and have the same look and feel.
Reduced Training Costs
Relying on a single user interface shortens the training time necessary to bring operators up-to-speed. Additionally, the PSIM system can be used to conduct drills and rehearsals for potential event scenarios, including the capture and analysis of responses for improved responses during real situations. This would be much more difficult and time consuming if done separately on each individual subsystem.
For some industries (e.g. electric utilities), penalties for non-compliance with regulations can be steep, and regulations frequently change. PSIM addresses regulatory compliance on two fronts – first, by enforcing compliance through automated processes (and simplifying process changes when new versions of regulations come out); and second, by automating the necessary reporting to prove adherence to these regulations.
In the next blog in this two-part series, I’ll share my take on the second type of PSIM ROI, which is achieved through “better security”.
Part II: The Hiddnen ROI of Better Security
When a company invests in a solution such as PSIM the obvious reason is to improve security. But when’s the last time you heard “improved security” mentioned as a source of ROI? Yet, the potential ROI from security improvements can far outweigh any operational cost savings from PSIM. This is especially true in very sensitive industries where the cost of a security breach, the mishandling of a safety malfunction, or failure to comply with regulations can have huge financial impacts.
Take for example catastrophic situations. I’m talking about the kind of events that can have extreme negative consequences – like an explosion on an oil rig resulting in loss of human life or environmental damage, a breach in a bank security system that protects the personal information of millions of customers, or an extended shutdown of an airport terminal due to a bomb threat.
How can we measure the potential financial impact of such catastrophic events? How much does improved security “save us”? Here’s one way to look at it:
The potential $ damage from an incident = the risk of the incident happening (%) x the loss created from the incident ($) if it were to occur. For example, even if the risk of a catastrophe happening is only 1% or 0.1%, if the loss from that incident would be billions of dollars, the overall potential loss, despite its low probability, is still high.
So, catastrophes, although they very rarely occur, still have the potential to cause huge damage – not just from an immediate financial perspective, but also from the long-lasting blow to a company’s brand image or reputation.
Consider the oil spill in the Gulf of Mexico, which resulted in criminal and civil penalties in the tens of billions of dollars. No one would ever claim that such an incident could have been fully prevented through the use of an advanced situational awareness/situation management solution like PSIM. But in this type of catastrophic situation, arguably even the slightest improvement in situational awareness and response could have lessened the impact.
How can PSIM help in a catastrophic situation? Without getting into the specific details of deep sea drilling challenges, it’s clear that it’s a complex environment with many systems and sensors that need to work together and be closely monitored. By correlating readings and alerts coming from these various systems and sensors, PSIM can raise awareness of a mounting crisis much sooner, thus expediting the chain of responses and corrective measures. Also, once a crisis situation is already in play, PSIM’s automated response plans can guide local and remote teams to react based on standard operating procedures and predefined emergency response plans. These procedures, which ensure the right actions are taken by the right people at the right time, are critical to averting or at least minimizing the impact of a potential catastrophe.
And here’s another example. Large airports can average as many as 300 security breaches a day. An unresolved security breach can cause a complete terminal shutdown, which can cost upwards of $600,000/hour. So it’s easy to see how preventing such breaches in the first place, or resolving them faster, can have a direct financial impact. The ability to effectively utilize security information from video cameras, access points, and other sensors can help airport security personnel quickly assess a security breach. Effective assessment can be the difference between a two to five-minute process and a 30 to 50-minute terminal shut down. PSIM can alert an operator to a breach, show that operator the breach location on an airport map, automatically display the cameras nearest to where the intrusion was detected to help the operator instantly verify the intrusion source, and provide the response procedures. The end result – a faster response, and a potential shutdown averted
So what’s the lesson at the end of the day? Simple – when you’re looking at PSIM ROI, don’t forget to consider the hidden ROI of improved security