There’s Value In Integrated Security

• By Marleah Blades
• Jun 03, 2008

When Mike Howard became director of corporate security for Microsoft in 2003, he had to upgrade the company’s global security monitoring hub.

Microsoft wanted effective, integrated security and life safety monitoring -- watching cameras and access control events, performing dispatch, enabling seamless emergency response and continuity -- to protect corporate assets and nearly 80,000 employees around the world.

“As we started to do some due diligence into the center,” Howard says, “we realized that it was made up of a bunch of proprietary systems that didn’t integrate well with each other and were not scalable. In terms of real global presence, it was global in name only.”

The three Global Security Operations Centers that Howard and his global security team have worked for the past three years to develop -- one at Microsoft headquarters in Redmond, Wash., one at the Thames Valley campus in the United Kingdom and one at the Hyderabad, India, campus -- are based on a variety of Microsoft and third -- party applications that integrate with Microsoft products, backed by a technical infrastructure from  Lenel Systems International. The GSOCs have built -- in interoperability and redundancy, so if one center goes down, all functions automatically transfer to another campus. Operators can easily pull up and view every camera location at each connected campus, and events can be monitored from anywhere.

Many companies won’t have the capital or technology available to create a system this elaborate to monitor remote offices or locations. Yet the lessons learned from this project apply to security for companies of all types and sizes.

Use technology as a force multiplier. “For smaller companies and for us, the idea is to leverage personnel in strategic hubs and use technology as a force multiplier,” Howard says. “So instead of, for example, having two or three guards in Dublin, you have remote monitoring via cameras that give you the same views of entrances and exits and garages without having to have personnel there.”

Howard notes that the GSOCs have allowed Microsoft to reduce the guard force at one U.K. campus from four to one, and they also were able to give the old monitoring room to one of the business units for other uses.

Evangelize security. “Our team has worked hard to get senior leadership support for the GSOCs,” Howard says. “The first part was just to acquaint senior management with what we’re doing here in global security and our strategy. To a lot of people five or six years ago, we were the guys who ran around in uniforms on campus. There was no knowledge of our investigations, threat analysis, handling of international events, etc.”

After the team briefed the managers on the security program, they focused on the inadequacies of the current monitoring center.

“We wouldn’t have been able to do this if we hadn’t gotten to senior leaders and been very open about the gaps,” says Howard, who took managers to the center to see the issues for themselves. “We were at a parking garage level, the room was very small, and I could take them around to see bundles of cables spliced together and stacks and stacks of servers that were running out of space. Once they saw that, it hit.”

Tie new projects to business value. A security leader will more easily gain support for any big project if he or she can show its business value -- not just how it may improve security, safety and productivity, but also, where possible, how it may be used by other groups to improve efficiencies or create new opportunities. Because the Microsoft GSOCs are built on Microsoft applications, the global security team works with

Microsoft’s sales and marketing departments to perform demonstrations for potential customers who might be interested in similar technologies.

“A typical example involves a scenario in which an earthquake in Redmond shuts down the operations center,” Howard says. “We’ll turn the lights off for our viewers and shut down the computers, and we move load sharing from Redmond to the United Kingdom. Then there is a fictional employee here on campus who can’t get out of his office. We are able to show that the U.K. center can see every camera view on our campus and can dispatch responders in Redmond to take care of that situation.”

These demonstrations make security more than a cost center.

“We’re contributing to the bottom line by influencing revenue, bringing in potential clients and having technology keep employees safe and maximize use of limited manpower,” Howard says.