IT Speak

When selling IP-based physical security systems, it's best to know the language.

• By Fredrik Wallberg
• Sep 04, 2009

The first thing any system integrator should realize when talking to a customer's IT department is that they're the experts.

"You probably won't be able to tell them anything about IT that they don't know," said Mike Tarras, a consultant with Security Consultants International.

That's particularly true when it comes to the infrastructure. Your job, then, is to quiet fears about technology and its impact on the customers' systems. You want to make sure you are well prepared to answer their technical questions and demonstrate your own IT knowledge. That will help gain their respect and position your solution for success.

The idea is for you to progress quickly from an "us versus them" dialogue to a cooperative session. In most cases, an IT department will quickly test your knowledge with some pertinent questions, and if you pass, you'll move on to a working relationship.

Here are some tips on how to win over an IT department.

Walk in with an open-platform, open-architecture solution. IT departments place a high value on open-platform solutions. They want solutions that are extensible and allow third-party hardware or software integration.

What they dislike are proprietary solutions. They've been burned in the past by solutions that do not allow third-party integration and fail to do everything they need them to do. They like solutions with legs that can support a wide range of hardware and software products so they can build the best solution for the price. They want the solution to work with their existing hardware, software, storage solutions and networking technology.

"IT departments are very picky about the technology they let into their server room and brands of equipment they purchase," Tarras said.

If your solution limits what they can do behind closed doors, they're going to show you the door. If a solution allows them to make their own decisions on the equipment they use, you will walk out the door a winner.

Do the math for them. Bandwidth is a major concern for an IT department. If you're presenting an IP video surveillance solution, they will worry about added traffic and the network's extra storage requirements.

The best way to combat bandwidth concerns is to tell IT exactly how much bandwidth your solution will require. Start with the bitstream per camera and take them through the math. Validate the claims you made in your response to the RFP. Also mention the many ways—H.264 compression, frame rate and use of motion detection—to tweak a video surveillance system's bandwidth needs and explain that almost every modern network can handle the load. If the IT people still aren't convinced, give them something really hard to argue with: setting up a separate physical network or a virtual local area network for your solution.

Directly address their security fears. IT has spent years on IP security and has to continuously fight new threats. Your solution is perceived as one of these threats. You need to show them that you have battened down the hatches. For instance, you should validate that you're using 802.1x-port-based authentication to ensure that only a specific device, such as a camera, can send information through a specific port. You need to show them you have secure sockets layer login for remote clients. You need to speak to user authorization and management.

A big plus is having a solution that supports common industry workhorses such as Microsoft Active Directory® for user authentication. That puts the keys to using your solution directly in IT's control, which is exactly what they want. They don't have to have another user management system on top of what they already have. Of course, if you're setting up a separate network or a VLAN, a lot of IT's security concerns will be moot.

Make storage a nonissue. Some IP-based security systems, in particular IP video surveillance, are going to raise big caution flags with IT when it comes to storage. Fortunately, the cost of a terabyte of storage is constantly dropping. Still, video data takes up a tremendous amount of space, and IT will want to know how you plan to address it. The best video management solutions use a cost-effective, dual-stage archiving model with fast, local disks for shortterm recording and affordable network storage for long-term archiving.

For instance, these solutions can use small computer system interface drives or solid-state drives for first-day recording and serial advanced technology attachment arrays for archiving. This improves both write performance and reliability since SCSI and solid-state drives are fast and more reliable for applications that frequently write to disk.

SATA drives, on the other hand, are not designed for the frequent writing to disk required in first-day recording. They are inexpensive and consequently make an excellent cost-effective solution for long-term archiving. If an IT department doesn't have its own solution for storage, this might make an excellent suggestion.

Make version control easy for IT. Any time new hardware or software applications are added to the network, version control becomes a concern. With security products, it could be firmware updates on cameras or smart client updates for an IP video management system. You need to demonstrate to IT that distributing new versions and updates can be done without disrupting performance or security.

What IT departments particularly appreciate are solutions that allow them to take a staggered approach to updates. For instance, an IP video management solution with 100 percent backward compatibility will enable IT to roll out a new version at their own pace, perhaps completing one server or client at a time so the entire system doesn't have to go offline during the installation of the new version.

The same goes for a camera firmware update utility. The best ones enable a staggered rollout. After all, if you take 100 cameras offline at once, who's watching the store?

Clicks to completion. If the product you're recommending has a truly intuitive interface—particularly if it's Microsoft-like—demonstrate it. IT will want to know that it can perform necessary tasks quickly and easily. Take IT through a few typical tasks, such as installing a device with a hardware wizard or configuring a group of similar devices simultaneously. Show them how your solution reduces clicks and uses industry standard techniques, such as storing system, event, audit, rule and alert log entries in a centralized Microsoft SQL database. The more something works like the other solutions they use, the more comfortable they'll feel.

Handling the processing. Face it, some security systems, such as IP video surveillance, can be processing-intensive, particularly if a system is running large numbers of cameras. This could bog down an individual server. IT will want to see a solution for that, specifically the ability to cluster servers to handle larger volumes of processing.

Virtualization also is a big buzzword today. Demonstrating that your solution can run in virtualized environments also will score points, particularly in environments looking for green solutions that have underused servers.

Helping IT become more physically secure. One often neglected area in the physical security of many organizations is the IT department itself. One way to get IT on your side is to show them how your solution—whether it's an access system, a video surveillance system or, perhaps, an integrated solution of both those—could also help IT protect a server room. Do a gentle cross sell.

Perhaps all that is required is a more advanced lock on their server room door or a few cameras to watch sensitive areas after hours. Think of the benefit to IT if, when there's a problem on the weekend, they could zoom in on a server and actually see that its status light is off. There's nothing like having IT buy into a system because of self interest.

IT and physical security departments have more in common than you think. While it's commonly pointed out that IT and physical security people are radically different, they both have a similar task: protecting the organization's assets. In one case, the assets are the IT infrastructure; in the other, the physical infrastructure and people.

Both are always looking for ways to prevent the unexpected. They're never 100 percent secure, yet they're always working toward 100 percent security. Both appreciate solutions that help them do their jobs better and keep incidents to a minimum.

Be sure that IT understands your system is the right solution and not something they'll be firefighting for years to come. This is where customer testimonials from other IT departments, market penetration and ecosystem can be important trump cards.