Last week, I chatted on the phone with Terry Neely, CEO of PlaSec. His company produces standard interfaces which allow the enterprise to control different physical access control panels and doors and interface these to IT identity management systems. They are one of the first signs I have seen beyond Quantum Secure, of what I call "the commoditization" of physical security. That's what this blog is going to discuss.
Historically, physical security manufacturers produced their own door control, control panels, database and their own admin systems. There was competitive advantage for them in that there was a great different between how different systems worked. The manufacturers business model was to install their own hardware and the sales reps were accordingly given sales incentives to achieve this.
Then along came TCP/IP, digital convergence, off-shore manufacturers of access control devices, enterprise identity management and regulatory compliance. This is bringing to physical security what I call "commoditization".
Commoditization is the process of producing goods at low price points. Today, one can make a case that there is a different between cameras used BUT the differences are quickly diminishing. Thus no longer is the hardware used such a large difference between vendors.
When commoditization meets digital convergence, then you have what is commonly referred to as a market disruptive force. Now new protocols are emerging such as PSIM that allow physical security devices to interconnect with identity and access management systems. You also have companies like PlaSec appearing that can provide universal interfaces to different hardware components.
It is my own personal opinion that the physical security market is entering the very early days of a big shakeout. Many large enterprises are going to begin taking the decisions to purchase their physical security systems away from Facilities and transferring this over to CSO's and CIO's. They will do this because:
* Regulatory compliance - Quickly produce reports on who had access to what with one mouse click on an integrated identity and access management system that combines physical and logical security
* Reduce costs - Lower their overall on and off boarding costs by centralizing this function and linking it in the end to their identity and access management systems
* Security ops - Integrated physical and logical security systems to detect and respond quickly to combined physical/logical attacks
This means bad news down the road for physical security manufacturers. Those that keep to the past will go in the door to the Facilities Managers trying to sell them new hardware i.e. replace all that you have with my system. This argument will diminish over time as enterprises begin to swap out only pieces of a system with low cost generic parts.
Manufacturers will also face new competitors coming out of the IT space. Enterprises like Cisco are a new emerging competitive threat to physical security manufacturers. They have the ear of CFO's, CIO's and CSO's. They will provide their own physical security interfaces that easily connect to identity and access management systems.
Large physical security enterprises like ADT have advantages in that they provide 24 hour security services. However, for large enterprises, these services will come under increasing pressure to merge with IT security ops. In my long term view, these services will come under price pressure as combined physical and logical security services will be moved off-shore more and more.
I also think that over time, ERP vendors will move into this space. They control the identities, they produce access systems and they will be become responsible for integrated physical and logical security ops. This will be bad news for physical security manufacturers when this happens. They will not only face increasing pressure from the hardware side BUT they will also have to compete on price points with the likes of Oracle who can slash margins on their physical security side and then make them up from their database and many other vertical applications.
We are at the early days of the disruptive market place. Companies like Quantum were at the leading edge a few years ago. Now you have companies like PlaSec emerging and new protocols like PSIM. Cisco is on the move in this market. It is still the early adopters phase of the market.
However, over the next two to three years we will move into the beginnings of the wider portion of the bell curve. That means trouble for those physical security vendors who haven't repositioned. It also means lower operating and capital costs for their customers who will increasingly move to new vendors who offer them services at lower price points and allow them to easily integrate with their identity and access management and security ops systems.