Eyes on the world

Nothing is more likely to raise the hackles than excessive surveillance, so when surveillance is necessary, how do you win buy in?


I remember fondly my first surveillance system. A small, relatively inexpensive VHS-based system for one retail location, it consisted of a few pan-tilt-zoom and stationary cameras. As the store's loss prevention manager, I was responsible for ensuring the quality of the images by adjusting the recording levels, cleaning the recorders and maintaining new tapes for the VCRs. All in all, the system worked well, and it helped us reduce employee-related losses and shoplifting.

Twenty years later, I'm the CSO of a global retailer whose business model requires intense surveillance, and things are considerably more complicated. When I was hired, the surveillance system desperately needed to be modernised. There were too many different systems from too many vendors, and the quality went from bad to worse. Image quality was rarely good enough to support a finding. Coverage was simplistic, providing more opportunity than deterrence. And the systems required too much local support to keep tapes fresh and libraries current. The company needed a strategic, long-term approach to move away from VHS-type systems.

How hard could that be? Harder than I'd thought. As it turns out, decisions about surveillance systems need a lot more companywide involvement, communication, business acumen and cultural sensitivity than I ever imagined back when I was working on those early cameras.

Time for standards

My group and I got started by creating a standard for video surveillance based on both performance and operational drivers within our US business environment. We decided that the systems needed to be digitally based with hard-drive storage so that all cameras recorded continuously. Recording would have a minimum image-per-second frame rate and video resolution. In addition, the systems needed to be network-friendly, to allow for remote access to live and recorded video, remote serviceability and remote monitoring for equipment failure or other alarm conditions. Finally, the systems had to require little to no local intervention.

We did a full analysis of systems and providers and identified the most cost-efficient system with the best capabilities and long-term flexibility. We chose one provider for our surveillance product and one integrator who would be responsible for installation into our physical security network.

We presented the new platform to the company's US senior managers, making a case that costs would be offset by reduced maintenance, service and training costs, as well as improved performance, speed and quality of the new digital system. Senior management determined that it was a solid strategic investment for the company.

We established a plan to roll out all the surveillance systems across the US within five years. Rather than paying for everything up front, we agreed to a strategy of upgrading as the company opened new locations and renovated existing locations, as well as through annual capital requests allocated to the security department. Basically, if we planned to remodel a location within five years, we could build the new system into the remodeling costs. Otherwise, we used security capital.

Not only was the US transition a great achievement, we also had success in introducing the new platform in some of our international locations that were newly opened or undergoing significant renovation. Because of this success, security decided to extend the new platform to all our international divisions. This wasn't without precedent; the company had standardised many of the information technology systems. Therefore, we assumed that the acceptance by US management guaranteed it internationally.

Going global

As we had in the US, we decided to upgrade all the systems within five years. Again, this was to be accomplished through the opening of new locations, renovations and department capital spending. However, as soon as we began planning the improvements, international management began to push back.

First, the managing directors of our international markets expressed disappointment that they had not been involved with the decision-making process. This was especially important in light of a difference between how domestic and international divisions handle their finances. In the US, managing directors were responsible for sales targets and expense plans, but they were not allowed to adjust their expenditures to drive additional sales and earnings. International managing directors, however, were directly responsible for growing their topline revenue. They could adjust their expenditures significantly - provided that they drove additional sales and earnings. Now, they questioned the ROI of the new surveillance systems, especially in markets that had much lower crime and a less valuable inventory allocation than our locations in the US. For the most part, they agreed that the systems needed to be upgraded, but they felt that any DVR system would be fine.

I remember vividly a conversation with one of our international vice-presidents, who indicated that he didn't want to spend that kind of money on "just a camera system." He had other capital priorities where he thought his money should be allocated. His money? I thought it was our money. We were so familiar with the US model that we missed the point that international divisions had more of a financial interest than their US counterparts.

They also argued that they could purchase the technologies and components less expensively from local markets. They said they couldn't justify the costs associated with the foreign systems.

I hadn't expected this type of opposition. I had believed that there would be some minor opposition, but I never anticipated being challenged on the quality of our standard - we're the experts, after all. But it did lead to a healthy dialogue, and now we're considering our options.

A different approach

One of our main mistakes was underestimating the need to market the benefits of the surveillance system to international management. Now, we're trying to highlight examples that demonstrate its ROI. When international management visits the United States, we give them a tour of the global security centre to show how we will be able to pull video from any site upon request - normally a time-consuming process for store managers. We'll also focus on the fact that the global security center can monitor all surveillance systems worldwide to ensure that the systems are functioning properly, which will take some burden off the stores.

If that doesn't work, one option we're considering is scaling the standard investment against risk. For instance, a higher-risk operation, such as a standalone store, would have to meet a higher standard than a lower-risk location, such as a store within a mall. The overall design of the system might be a compromise in size, price and capability - as long as it maintains a few of the critical performance and operational drivers.

Another option is a more culturally sensitive approach. In this scenario, we would wholly maintain the standard. However, the investment would be broken down into components, and we would allow local management and security to identify components that could be sourced less expensively using local manufacturing and expertise. This approach is more likely in the Asia-Pacific region, where electronics manufacturing is concentrated and local allegiances are strong. The option has some risks, especially those associated with assembling a surveillance system with components from multiple sources. Also, critical components will need to be provided by our primary vendor, so it's not clear how much money this would actually save. Nonetheless, it could engender good feelings with local management and staff.

Lastly, we have the option to mandate compliance despite international management's objections. We could make a strong case to executive management that it doesn't matter how local managers feel, because the surveillance platform is part of a broader strategic investment. This is a last resort, however, because it would probably lead to further alienation and to the deterioration of security's partnership with international management.

In the end, I believe that our commitment to communicate the value of the standard will enable us to migrate our full platform successfully in at least 90 per cent of our international markets. For the other 10 per cent, I fear it will be an endless "lost in translation" issue requiring security to compromise in favor of a locally sourced option.

It's been a long time since I did that simple one-store surveillance installation. The dynamics of expanding surveillance to a strategic investment at a global organisation are inherently complex. We must carefully research, market and communicate in order to establish a standard that fits globally. We need a thorough business case that explores the financial implications to all aspects of the organisation. I now appreciate that a true strategic companywide investment should be vetted through all business channels prior to implementation in the US. This is the mark of a security organisation that is truly global.

Find your next job with computerworld UK jobs