Steve Hunt on the Physical Security Industry

Security industry consultant Steve Hunt is a self-described rabble rouser. Hunt, a former analyst who once headed up the security research practices at Giga Information Group and Forrester Research, now runs Hunt Business Intelligence, an industry advisory firm. His additional background in physical security has made him a central figure in discussion about the interplay of physical and IT security.

On his site, securitydreamer.com, Hunt opines on anything from security trends to his love for Twitter. He recently posted a criticism of the physical security industry for a lack of innovation and spoke with CSO about the feedback he received to his comments.

You said your post criticizing large physical security companies was very popular. Can you give a brief synopsis of your argument?

Steve Hunt: The physical security industry is often characterized as an old-boys network. It's an industry, in general, that is not used to public critique or criticism. There has been no Gartner group, no Consumer Reports magazine, to help customers and serve as their advocate. That means that the large companies have been able to develop sales channels that are sometimes impersonal.

These sales channels lock in customers and don't allow for a lot of freedom or flexibility to build a best-of-breed solution. If you are going to do business with Honeywell or Tyco, you pretty much have to do all of your business with Honeywell or Tyco. It's not just because Honeywell and Tyco have a large number of products they want to sell you, but their sales channel has an incentive to lock you in. If a customer tries to add non-Honeywell or non-Tyco products to the mix on their own, the big companies can actually fight them legally or pull out their products. It's just a really mean business.

I talked to senior executive at one of these large companies and said: "When was the last time you had lunch with one of the end users of your products?" And he said: "Lunch with an end user? I don't think I ever have."

This is a top executive selling billions of dollars in products to end users. But he argued his customers are the distributors. And their customers are the integrators. And their customers are dealers and end users. Big companies are pretty far removed from end users.

In IT, we know about dealers, we know about integrators. But in IT, an end user always feels they have some recourse with the manufacturer. An end user can always call Symantec and complain, or call Microsoft and complain. But in physical security, there is no channel of communication, no way to do that.

Can you give an example of how this is hurting companies that use these products?

For example, one company I spoke with uses an access-control deployment from Honeywell. The system is excellent for opening doors and managing privileges. But they don't have a state-of-the-art visitor management system; a system where you log in visitors at the front desk and give temporary privileges. This company I spoke with, a large insurance company, tried to bring in a best-of-breed visitor system and integrate it into the Honeywell access control systems they were using. Honeywell pushed back hard and refused to let them do it.