Delivering Tangible ROI
Boston-based biotechnology company Genzyme is an organization
dedicated to the research of rare genetic-related diseases.
Acquired by French global healthcare giant Sanofi in 2011, Genzyme
has made the security of its physical and intellectual assets
a priority since the 1990s, and was among the first companies to
define security as a process that encompasses enterprise risk, supply chain, insurance
and liability, IT and physical security, and competitive technical information.
After Sanofi’s acquisition of Genzyme, the Boston subsidiary’s security leadership
became a model for the organization and was therefore tasked with implementing
security integration throughout the global enterprise.
Like many global organizations, Sanofi faces significant challenges, including
those centered on risk management, compliance, physical security, IT security and
employee safety. As security continues to be a top priority for the C-suite and
risk management demands widen the scope beyond basic premises security, this
function transforms into complete business continuity and security. This idea encompasses
people, processes and locations—all the assets of the business—across
the enterprise, which are combined and managed in a cohesive and integrated way.
Acquisitions, mergers, brand protection strategies, compliance, regulations and
strategic investments all create a requirement for processes and solutions that accommodate
change and flexibility. Enterprise needs are far more diverse than what
is typically seen in the public sector. These organizations commonly have widely
distributed facilities that need to be linked and disparate systems that need to be
integrated and Sanofi is no different. Consolidated operations among these sites
and across existing technology investments are critical to achieving greater levels
of situational awareness. Security, IT and risk managers also need to ensure a
strong return-on-investment on all capital expenditures to receive continued support
and buy-in from senior leadership. Business leaders need streamlined and enforceable
procedures across the enterprise, backed up by consolidated and robust
reporting capabilities.
Sanofi is a widely distributed organization that crosses geographic boundaries
and a variety of network topologies, and it operates with regional and local
security desks in place. Because of the evolution of its business, Sanofi required
a solution that could meet today’s business challenges but also scale and grow as
business needs and network designs changed and evolved.
As one of the world’s largest pharmaceutical companies, Sanofi sought a solution
to the challenges of integrating and streamlining a multitude of different security systems and sensors into one, easy-to-use interface. After careful consideration,
Sanofi opted to implement SureView Systems’ Immix Command Center
(CC) software platform as a way to not only easily incorporate information from a
multitude of physical locations into their global security command center, but also
provide an enhanced form of monitoring that would make the jobs of operators
much more manageable and efficient.
Immix CC is an enterprise command center software platform used by businesses,
institutions and agencies to monitor security, IT and business systems, as
well as protect critical assets. It is the driving force behind today’s private command
centers and is designed to drive down the cost of monitoring multiple systems
across locations while increasing the effectiveness and response time of the
security team.
According to Bhavesh Patel, senior director of security operations and technology
at Sanofi, the company had as many as 32 disparate access control and video
systems in North America. Following the deployment of the Immix platform,
however, the security team at Sanofi worked to consolidate these and other physical
security systems in use at the company’s numerous facilities, which include
office buildings, laboratories and manufacturing plants. Sanofi actively monitors
more than 150 locations from their Security Service Center (SSC), which range
from buildings that house as few as three employees to office complexes where
nearly 4,000 people work each day.
Given the company’s large geographic footprint, Sanofi also employs a myriad
of security technologies, including surveillance cameras and a multitude of access
control points that are integrated into Honeywell’s Pro-Watch software. Additionally,
Sanofi leverages NC4’s real-time threat alerting system, as well as tracking
technology from FreightWatch. Rather than launch headfirst into trying to bring all of these various systems into
the Immix platform at one time, Patel
said that the company has taken “baby
steps” in rolling each of them out so as
not to overwhelm their SSC Analysts.
Immix is architected to address the
specific needs of enterprise businesses
such as Sanofi. Its Web-based architecture
and ability to support a variety of
network topologies and communication
platforms lends itself to the distributed
nature of the enterprise market. In fact,
the software platform is particularly
well suited to global enterprise organizations.
This architecture also supports
a rapid deployment model and a strong
ROI/TCO model. Most importantly, it
is agile enough to meet the changing
dynamics of enterprise businesses.
Immix allows Sanofi to customize
the system to the specific needs of its
organization. Its open architecture enables
a high level of integration support
for a wide variety of third-party
devices, supporting rapid deployment
and minimizing expensive, complex
piecemeal solutions. The software
enables Sanofi to automate manual
processes to streamline the delivery
of security services, eliminating the
opportunity for operator error and
nuisance alarms, ensuring only actual
security events are handled.
In fact, auto-handling ensures operators
are paying attention to the
most critical security alerts and following
best practices. For example, in
the past an e-mail alert would come in
to an operator and they would have to
open it to gauge its potential impact to
the organization. Email alerts are automatically
filtered to enable users to
quickly determine which messages need
immediate attention. If something does
require attention, the system will automatically
pull up any relevant security
systems in the area of the alarm, such
as surveillance cameras, and provide
the operator with directions about what
steps to take.
It is this exact function that has
proven to be the most beneficial feature
of Immix that Sanofi and its security
personnel have seen: the biggest
ROI is derived from the auto-handling
capabilities.
“Without Immix you would receive
an e-mail, and you have to make sure
you have your e-mail client open, then
you have to look at it and process whether
it has an impact or not,” Patel said.
“If there is an impact, you have to manually
pull up video or anything else you
need to look at, versus now where everything
is done automatically. Based on
the rules we’ve set, the software indicates
you don’t need to look at this email because
you set this for auto-forward, but
the one you need to look at is here, and
it’s going to show you the email, where it
is on the map and then it’s going to pull
up the video for you. This has allowed
us to reduce approximately 20 percent
of the alarms and five to 10 minutes of
event handling time per event from one
of our systems.”
Training is also simplified because
operators are only using a single, unified
interface as opposed to managing multiple interfaces for the many systems
they monitor. The ability to add predetermined
steps for operators to follow
during various security events has also
enabled users to become more efficient
in performing their duties. Ultimately,
this solution has helped Sanofi reduce
the amount of time it takes to train operators
in their command center.
“Obviously, if you are able to process
steps across individuals alarms, it
reduces the training time and also allows
you to provide consistent service,”
Patel said. “We have seen a reduction
in the time it takes to manage alarms
because the integrated components are
pulled together in the same interface.
With these disparate systems, we spent
a lot of time training people to make
sure they were managed correctly. On
average, we have reduced the amount of
time it takes to train our operators from
between 16 to 24 hours overall since we
only have to train on one system.”
Patel said they have also received a
significant amount of positive feedback
from their operators since the Immix
platform was deployed. Mostly, this
is because of the fact that Immix has
simplified the management of its entire
security technology network and subsequently,
eliminated the need to learn
and become proficient with multiple
platforms.
“Things that were not set up procedurally
before, are now are set up in Immix,
and it is consistent. This allows us
to manage our cascading security environment,”
Patel said. “If an alarm does
not get resolved at the site level, it automatically
gets forwarded to our global
SSC so we do not have to have multiple
procedures for the same alarm. Training
has become much easier.”
According to Patel, what differentiates
Immix from a traditional PSIM
system is that it provides end users with
more than just a hodgepodge of converged
data. Because of all of its moving
parts, a PSIM platform is nearly
impossible to implement to its full potential;
however, Immix brings multiple
areas of a security program together
into one solution only to provide information
but to actually help the end user
take action.
“There are multiple integration
points coming into the system, as well
as numerous sensors to help operators
make a decision as soon as they get that
information,” Patel said. “This is more
of an enhanced monitoring tool than
just a physical information system.”
Sanofi has already integrated security
systems at all of its North American
facilities and are looking to expand it to
all of their international sites, as well.
The system is designed with multiple
integration points and numerous sensors
to help organizations like Sanofi
make a decision as soon as information
is available, making it an enhanced
monitoring tool.
This article originally appeared in the September 2015 issue of Security Today.