Tag Archives: CPP

[205] Enterprise Security Integration with Honeywell and Gail Essen

Building SolutionsBuildingSolutions.com is an informational resource for construction professionals.With a focus on the challenges and opportunities in construction today, you’ll find product ideas, building approaches and techniques, and even help with marketing and growing your business.

All of our content is developed by construction, marketing and business experts. It is HoneyWelldesigned to give you real information you can use today. With new content added regularly, we hope you’ll use BuildingSolutions.com as a regular resource.

Honeywell’s innovative technologies are making our world cleaner and more sustainable, more secure, connected, energy efficient, and productive.

 


 

Chuck Harold & Guests

Gail Essen
Gail Essen HoneyWell.com | BuildingSolutions.com
Chuck Harold, The Security Guy
Chuck Harold
The Security Guy

Full text of radio show

Please forgive any typos, this podcast was transcribed by my typing pool comprised of volunteer stalkers.

Chuck: Welcome to Security Guy Radio. What’s your name?

Gail: My name is Gail Essen, CPP, PSP, I’m with Honeywell.

Chuck: That’s a lot of acronyms, what does it stand for. For my nieces and nephews who don’t know what that stand for?

Gail: What that stands for CPP, both of those Board, ASIS Board Certified. CPP stands for Certified Professional Protection.

Chuck: Certified Protection Specialist.

Gail: Correct and PSP is Physical Security Professional.

Chuck: Oh, I was wondering what that was. I don’t have any acronyms. Well, I’m junior, but that’s all I have. So what do you for them?

Gail: What I do for Honeywell is, we represent our enterprise level clients, so we bring in solutions that meet their multinational, they’re usually in highly regulated industry, so they have to have solutions that can help them not only deliver operational efficiencies, but also ensure that they’re compliance based.

Chuck: Well that’s a big challenge. I used to work at Fox and Disney and I used to have to hire regional guys and that’s a lot of regions, by the way right all across the country.

Gail: It is, it is.

Chuck: You know this is back in the ‘90s there really wasn’t this enterprise view. There are couple of companies that did things, right, but Honeywell’s been in this space a long time and I mean, Honeywell is synonymous with security and alarms and all kinds of things, as soon as they moved to this enterprise level, what are the challenges of the compliance area, because I think every state now has all these new regulations, and if you get it wrong as a, you know as the end user you got a problem?

Gail: There’s, a huge financial implication and there’s a reputation implication to the company, so compliance is number one driver and for the companies who take security, who implement security in their strategy as a core strategy those are the companies that really understand the nature and the impact that security has to their operations.

Chuck: Now you are finding that more companies are doing that?

Gail: Yes.

Chuck: Okay. Now, what’s interesting to me is it it’s driven by the law, by regulations…

Gail: Yes.

Chuck: Not by the motivation to protect the enterprise first and foremost, right. Sometimes you get this it’s like oh, I have to do it, I guess I will.

Gail: Well, in some cases…in some case it is to drive value to their core customers, so for example if you’re a company that produces Baby Formula or a product that’s going to affect the public a medical device for example, you do want to have to make sure that what you’re putting out there to the public is the best, it’s safe, it’s quality, and so compliance that it’s not a problem. They do, they really do drive towards safety and security.

Chuck: Okay. I understand correctly, that’s a good observation, because we’re talking about manufacturing, we’re talking about consumer products not guarding the office building and paper or something.

Gail: Correct. Yes. Yes.

Chuck: So, talk about some, you don’t have to name main clients per se, but what is kind of a big client and how do you help them across a wide enterprise? Worldwide I assume.

Gail: Well…correct. Global accounts, multinational accounts, regional accounts and really what they are looking for us to do for them is to really help them build a tech, multi-year technology roadmap as well as helping them understand how the products can deliver to their corporate strategy. How we can connect what we’re doing, how we can deliver an ROI, how we can improve operations, how we can increase the effectiveness of their manpower, how could we reduce incidents, how can, you know by using the systems and the technology behind it. We also go in there and we help them really build security plans. We’ll come in and we will do initial risk assessments and vulnerability assessments, so it’s an end-to-end solution, it’s not just about the product. In fact the product is really a secondary thought.

Chuck: It’s a good point.

Gail: It’s — we really look at the corporation and what they’re doing and try to identify and understand what that means and then bring in the appropriate solutions. The solutions never come first; the solutions come after an intensive look and feel what that company is doing.

Chuck: Now, who drives these at an enterprise level, I mean, at lower level it’s purchasing, you know, well we can’t afford it sorry there is decision made, no board meeting, right.

Gail: Right.

Chuck: At a higher level who drives these issues?

Gail: At higher level that, those decisions are really done at the more the C-Suite level, so what you look to penetrate is the CSO. Most of these companies have a CSO. They’re connected with the CFO, the CIO, so the C-Suite first, they get the value proposition. They understand how this is going to help their business, how it’s going to help their clients and help them position in the marketplace, so they are the ones that you work with first, and really it’s a collective. It’s really a family, you have IT involved, you have physical security, you have facilities, you have operations, you have HR, you have a lot of entities involved in the final decision making and the direction of the path.

Chuck: I’m really happy to hear this. I mean I’ve been doing this a long time; I’ve been in the business 32 years, white hair right. You know, Fortune 50 experience, but when I was in Fortune 50 arena, this was not at the C-level, just it wasn’t for whatever reason, right, so I’m happy to hear this is coming up to that level, because really that’s the only way to be effective.

Gail: It is.

Chuck: Nobody cared what I said as a Director of Security. I’m sorry they just didn’t, you know, but if the boss came in, and said we’re going to do this, it happens, so I mean funny example is, we initiated ID cards at Fox one day. Nobody wanted to use them and all of a sudden Mr. Murdoch shows up at the gate, uses his ID card, boy, everybody wanted to use to it. Not because they are afraid, but they want to please him, you know, that’s how it works, so when we get involved at this level, how do you handle the challenges of per se going across different countries, let’s say it’s Company A who is in 10 countries, with 10 different cultures, 10 different languages, but you really need the same security plan mostly at an enterprise level to start, right that’s where your policies come and then the policies drive down performance, right. How do you handle that part of it?

Gail: Right. Well, that is a challenge, because when you’re talking about in multiple countries, in multiple regions there are trade and different compliance, different ways of doing business. You know, EMEA, APAC, everybody it’s different than the way we do it in America, so there are different challenges you have to really work well with the local entities in that country, in that space and understand what that, culturally how they operate, because that’s the key thing you cannot be successful if you’re not dealing in their sub-culture or otherwise it’s not going to work.

Chuck: Oh, I agree with you 100%. I mean it works at a micro level, in a big corporation here, right. So when I rolled out ID cards, they’d not had ID cards in 75 years and all of a sudden who is this idiot trying to make me wear an ID card. I had to pre-sell it. I had to get, buy in agreement from all the bosses and department heads and then when they brought into it, it fell better, but it was a challenge to not, without the cultural buy-in all the technical bills and whistles and all the rules nobody cares.

Gail: Correct. So, it’s conformance to policy it’s at a minimum level that’s what you want, but you really in order to get it implemented you have to understand how they operate, how they think in, you know what is, you know, really make them understand the value to them. What it’s going to do for them, and how it’s going to improve their life or make it safer, easier.

Chuck: Now you mentioned Return on Investment, this is a big driver right now.

Gail: Yes.

Chuck: Security used to be considered a cost center. I’ve always thought it could be a profit center or at least a break-even center, right. How do you guys look at that, how do, how do you present the Return on Investment to a C-Suite?

Gail: Oh, easy.

Chuck: Oh, good. I like easy question.

Gail: Yes. I, to me the ROI is a good conversation, because if they see security as a cost center they’re looking at it completely wrong. I’ll, I give you several examples, but one is and it connects to compliance, so if we don’t have a process or something in place and you have a violation, you have an incident that’s going to cost your company to shut down. You are going to lose revenues you’re going to lose reputation in the market. You’re going — and then you’re going to get the fine on top. So, all of that combined is a, is a huge cost compared to what the minor investment would be to implement the mitigation strategy that should have been in place to prevent that in the first place.

Chuck: Yeah, you still see the data breaches, you know, Target. I love Target, any time you go to buy something Target has it right and I was very disappointed in their breach, because it didn’t need to happen.

Gail: No.

Chuck: You know, this sort of thing I think helps the ROI argument, because that’s going to cost them X amount of dollars per breach of data, when the whole system going to cost them $2 million.

Gail: Correct.

Chuck: You see what I’m saying?

Gail: Correct.

Chuck: Now, how do you sustain, here’s a big challenge I’ve always found. Honeywell comes in, we work with compliance, we change the culture. We get it all wired in, everybody is happy. Talk about sustainability.

Gail: Sustainability is a good one, because really you have to when you’re doing your original assessments you have to, you have to maintain those assessments, so you don’t just come in and do your one assessment, call it good, implement the mitigation tactics and then move on, that’s not how it works, so really that’s what we do, that’s our sweet spot, because we kind of involve and help you build a multi-year roadmap and it’s not just around technology, it’s about policy building, it’s about changing the culture, because sometimes it’s not there yet. Oftentimes, these companies are they’re a conglomerate of companies that have been come together through acquisitions…

Chuck: That’s right, all different cultures, business cultures.

Gail: Correct, so you have a lot of different thoughts of — they were raised up in one sub-culture for security, one has a higher level than the other, and so you have to get everybody sort of evened out, and that takes a while, and so they’re building that road map, building that multi-year plan, that is what we do and we do it very well.

Chuck: Now, do you offer a service, you know, paid service or whatever that assigned somebody as a, what the best word would be the Project Manager, you know the contact. That kind of comes in and audits your own system for them, because I found, you are not – installer, we are talking your straddle level, C level, but you are an integrator. You may have to integrate the local camera guy, who put this in and make his cameras work with whatever system you are using in such and you know what happens is, if somebody puts a camera and then they get, the leave and then three years later, “Oh, how come you don’t have video because the camera broke we didn’t fix it. How do you handle that sustained maintenance and I guess testing is a good, a good way to describe the system. You know, really challenge the system, make sure it’s working.

Gail: Yes, so we — as part of, as part of any solid plan, there is a built-in service side component to it, There’s professional services at the onset, but there is a long on-going service plan that goes with it, so every year we come in, and we’ll do annual test and inspections. Typically what we do in these large enterprise solutions you can’t just go in and say, “You know March 1 we’re going to test everything”. So, over the course of the year everything gets tested once, at least once and then what happens is you build out, say, “Okay” and then also the systems are getting smarter, so they can report to you, “Hey my camera isn’t working, or maybe I have analytics on there that tells me that the camera has been spray painted over.

So it’s not its working but it’s not recording anything because there is no imaging, so they’re, so with the annual test and maintenance programs that we have available that’s how we can sustain the systems and elongate their life. If you take even a simple door application for example where over, you know, I’ve worked in a new construction, so if you build out, they occupy and after one year the building starts to shift and these doors get out of sync and if you don’t fix that you’re going to shorten the life of your electric strike by years, so it’s an easy thing to do, just go and look at that visually test it, and then you’re going to elongate all of your solutions and your ROI then just continues to build.

Chuck: The reason I asked whether you have an internal security department in a large enterprise or an external contractor. There tends to be high turnover in security departments. More so the contractor let’s say, right.

Gail: Right.

Chuck: Who owns this after you have put it in? It’s driven from the C-Suite which is fabulous, right you need that, but who owns it down on a day-to-day working level, is it just security in their department or are there other partners in that help to maintain that?

Gail: On the client side it’s typically managed by the CSO, who then he has his armies of folks, so regionally they use their Regional Directors. They also work with the CIO, the infrastructure folks, so they team up very well that way, and then they drive that out to the enterprise level and once it’s in place and we have that ongoing plan in place, if you stick to the plan you will, you’ll have a successful security program at the end of the day that’s how it works.

Chuck: What is one of your largest enterprises? You don’t have to name a name, but you can if you want to it’s up to you and you can give me some, give me some scale on it how many countries or regions that kind of thing.

Gail: Oh, we have many that are across the globe thousands and thousands of readers and cameras thousands and….

Chuck: They can kind of act as one overall system.

Gail: Correct.

Chuck: Separated by regions and countries.

Gail: Correct and so what happens is they acquire another company, then we go in and we try, we look at what that company has in place, what needs to change to get to their standards and then start implementing the changes…

Chuck: Your challenge is with integration, right.

Gail: Yes.

Chuck: Last year somebody told me that as of 2014 analogue cameras still out sold digital cameras.

Gail: That’s unbelievable.

Chuck: It is, isn’t, right.

Gail: It’s hard to believe.

Chuck: So, you come into a company and they just bought Company Z and they got an Earl tape deck and you know Pelco Camera and it’s circa 1984.

Gail: And it’s working.

Chuck: It’s working.

Gail: And they say why do we have to replace it.

Chuck: Exactly, but how do you integrate it, how do you bring them into that. I mean, you know maybe there’s a corporate mandate and they have to do it, but what are the technical challenges or something like that?

Gail: Well, the technology challenges are the, traditionally the infrastructure, so you know, you then you have to outfit with encoders and routers and switches and switch everything, even if you can sustain if the camera is good and solid, you can sustain that camera and just convert the backbone to the technology that you needed to be, and then get it to the VMS that it’s going to attach to, because ultimately that’s where you have to get it to anyway, you have to get it to the VMS that you are talking to, so you, but that is a challenge, because usually these things, and you know, you’re going to find these cameras out on a pole and the cable has been buried and no longer there’s no accessibility in that pipe anymore and we’ve run into all kinds of challenges and it’s big.

Chuck: It is. I find going to these conventions that we have a lot of smart people here that have a lot of solutions, but when you take all those solutions for manufacturing side, it’s taken to the operation side that’s the biggest challenge. There is a very sad case in San Francisco few years ago, where women in a hospital walked off her bed, and they couldn’t find her and they looked for her, and three weeks later they found her dead in the stairwell, locked in the stairwell. Oh, we didn’t see the camera is broken, but, the camera worked, oh, about a year and a half ago, all right and nobody thought that well the camera’s out that’s significant. My question was why didn’t the guard walk the stairwells, all right? So yeah the operations level is always, it’s always the challenge. We have the technology, but how do we get in place, right? So do you have any, any good stories? There is also some more stories about something that succeeded or you are called in because the company waited until after they were hit for something then they put it.

Gail: That’s almost always unfortunately, that’s almost always the case.

Chuck: Oh, it’s that almost always when you get a call is after something catastrophic.

Gail: Yes because, you know, we will try to approach them, I shouldn’t say almost always, but in often times that happens, because you approach them they say well, if and truly if they, if you can tell the companies where security is core to their strategy or not, because if it’s not core to their strategy they’re going to wait to that devastation hits then implement. Those are the companies that then all of a sudden it becomes mission-critical.

Chuck: And then it has to be done tomorrow.

Gail: Correct. So, yes, we have tons of those that happen, and unfortunately we try to go ahead of that and pre-warn them, give them you know our case studies and our long examples, and how we can help them, but until if they, if it’s not core to their strategy they are not going to implement it.

Chuck: Well, one thing I like about Honeywell, because you guys have been around a long time. I didn’t look it up, but it’s, I mean Honeywell was around since I was a kid in some capacity.

Gail: Right very, very old.

Chuck: So, you are a trusted brand.

Gail: Yes.

Chuck: That has some experience and Honeywell is not going to go away tomorrow.

Gail: No.

Chuck: Right. What’s Honeywell got on the table that they’re working on, that could be the latest, greatest thing anything in the pipeline or some of your latest products that you might think people are interested in?

Gail: We have, actually we have, we really do have quite a few products and the thing about what we do is, we can take our what we call our EBI solution, and we…

Chuck: Spell that for me.

Gail: E-B-I.

Chuck: What’s that stand for?

Gail: EBI.

Chuck: Okay, Enterprise Business something.

Gail: Something like that and so what EBI does is, it will actually connect not only to the security solutions, but it has hooks to other things, like energy manager, access control, VMS all kinds of things, you can take a EBI as a core engine and incorporate that in to your whole building so…

Chuck: So, can you come in, can Honeywell System come in and integrate and work with an older proprietary system whatsoever?

Gail: We can because a lot of the Honeywell actually owns a lot of like Allerton and some of these other companies out there who have other subsystems that we can talk to, on a HVAC side, the backbone is they have common protocols that we talk to BACnet for example. So, yes we can communicate with a lot of these other solutions that are out there.

Chuck: That’s really important. People overlook HVAC, right. If your server room get’s too hot, guess what? You are done. You’re offline.

Gail: Correct.

Chuck: And HVAC is seldom integrated with the security department. Now at the studio we had to, because we were on the air and we’re live and if you didn’t something would happen and it happened one day we called it Black Sunday, Fox went off the air for the X-Files. Cost them $125,000 a minute and they are off for 45 minutes. What happened was we got an alarm, because we had an integration that guard saw it and said, “hey, TOC your air-condition is not working don’t worry about it and we called them three times and they didn’t pay attention, because they thought security don’t know what they were talking about, right, and they went off the air, so I’m glad to hear that we have that and of course Honeywell is in that space with thermostats and it had been there forever. So, it’s kind of a natural connection.

Gail: Correct. Right, it’s a natural. Yeah, so you get a whole system solution, and the beauty of it is you have the core engine and then you just bolt on when needed or where needed, where applicable, so again we don’t come in with a solution first, we look at the enterprise and what their needs are, and then design around that, but the idea being that you have this capability to orchestrate your entire building and a lot of times and then also include into that the fire perspective as well.

Chuck: They’re big in air space as well, right.

Gail: It’s life, its life safety, so everything connects in and at the end of the day, when you’re talking about a true plan, a holistic plan you have to consider all of these things. Energy savings what that going to do to your building, your HVAC, how you’re protecting your people, how you’re getting them in and out, the fire components, so it really is a holistic approach.

Chuck: I think in the past they were looked at silos, facilities handles air conditioning.

Gail: Right.

Chuck: Fire and safety handles fire, it really has to be integrated together.

Gail: It does.

Chuck: You know what do you guys do about the Black Cats, the hackers. They just had a, at Christmas time, the first successful hack of a public utility happened at the Ukraine and really nobody heard about it, but it took out all the power for eight hours, and this is a big problem, so how does Honeywell approach that? You know, fortifying the system.

Gail: Yeah, so connecting also back to the EBI there’s another cyber component an InfoSec component to that, so that’s just another, we can do that, we can do risk assessments in that area, is that on, “Okay, we can do risk assessments in that area as well, so the, that’s a huge thing, because you can place a camera, an IP camera and that’s your back door in or your front door in, really.

Chuck: People forget that a camera is now a computer for lack of a better term on a network, right.

Gail: Correct. Or even a reader, an IP based reader same thing, so if you don’t put it in right and set it up to protect your network, if you don’t have, you have that proper layered security in place then you’ve, you’ve just left yourself vulnerable to the world.

Chuck: You know, there was a survey years ago where they found that some guy in Ukraine figured out that most passwords of cameras are password underscore zero and nobody ever resets, the installers didn’t, right and he was logging into cameras all around the world seeing all kinds of stuff. So, Honeywell gets that part and that’s good, because a lot of time the installers, says, “Okay I got my camera done see you later buddy. Does Honeywell have an IT department per se at an enterprise level that works with the IT you know CISO. Sometimes the CISO and the CSO, yeah, they talk, but they’re still separate departments, right?

Gail: Correct, yes, so we have, we have entities that we work with, Honeywell, you know as a corporation we do outsourcing like any other company does of certain fields and the IT is one of those that we do, but we can leverage our own groups that we use to come in and work with us on these projects to work with the CISO or CIO.

Chuck: You are making sure when you put the camera in the password is not password underscore zero.

Gail: Oh, absolutely not, no. Our technicians, so we have, we have programs where we have mandatory fields that they have to fill out and to make sure that these things are being changed, and that’s again all part of the holistic solution, so you take this big approach and you have to drill it all the way down to that very final thing, because that’s if you don’t do that very simple thing…

Chuck: It’s the simple, the whole systems on, right?

Gail: Right.

Chuck: So, enterprise level corporations and people tend to like single point of contact.

Gail: Yes.

Chuck: Maybe it’s not practical for you in 10 countries. You’re not going to fly around the 10 countries or maybe you are, right, but tell me how Honeywell represents itself with the C-Suite, is there one point of contact that drives the project and gets it all done, you know what I’m saying?

Gail: Right, so we have a couple different approaches that we actually do have and oftentimes they do want a single point of contact, but what the other thing that we do very well is we’ll connect our C-Suite to their C-Suite.

Chuck: Oh, that’s interesting.

Gail: They are likely already connected, so we’ll take like David Cote our CEO and he probably knows their CEOs. So, they are already connected, so we connect people at the appropriate levels and so while I would be a single point of contact overarching to the whole enterprise, they still have their sub connections across…

Chuck: Of course, yeah to get it done and you know why they want a single point of contact, right.

Gail: Yeah, one throat to choke.

Chuck: That’s exactly right, well Honeywell gets it.

Gail: Well, what I say is it’s one neck to hug that’s what I say.

Chuck: That’s a better approach. Gail, it’s been a fascinating conversation.

Gail: Thank you.

Chuck: I’m so glad we hooked up here.

Gail: Yeah likewise.

Chuck: In ISC West and you are welcome to come on the show anytime you want, tell us what’s going on with Honeywell.

Gail: Thank you so much.

Chuck: Thanks for coming on the show.

Gail: It’s good to be here. Thank you.

Security Company Advertising Opportunities

Click here for information about security company advertising or promotion opportunities on Security Guy Radio.

    • Be a guest speaker in your area of security expertise
    • Promote your Security Product or Service
    • Let us create a Video Show Infomercial for you
    • Security Company Advertising on this website
    • Sponsor a show on public safety & security

Ev