When IBM needed to secure 22 of its UK locations, it turned to CNL for its CMS solution IPSecurityCenter. Thom Williamson, Manager of Security Operations for IBM UK, talked to A&S about integration.When IBM needed to secure 22 of its UK locations, it turned to CNL for its CMS solution IPSecurityCenter. Thom Williamson, Manager of Security Operations for IBM UK, talked to A&S about integration.
We identified 22 locations within the U.K. for the initial scope of the project. The first element of the project was to integrate more 700 security devices, including surveillance cameras, switching matrices, DVRs and several thousand access control doors, intruder detection sensors and alarm systems all from different manufacturers. Fundamentally we needed to ensure auditable compliance to security policies within a diversified infrastructure all governed by our CMS, IPSecurityCenter.
We reviewed the capability of a number of CMS systems. IPSecurityCenter was chosen as it was uniquely capable of providing complete control over all of our security assets, including legacy systems and guarantee all responses to events and incidents are fully compliant with our security policies and standard operating procedures.
The security of our staff, visitors and assets is of prime importance to IBM. The procedures we developed optimized the way we would respond to a threat to our business. Before IPSecurityCenter these procedures were locked down on paper, now the system provides easy to follow on-screen guidance for our operators and automates a large amount of the response process.
It was important that all of the functions we required, such as control of video walls, digital dashboards and reporting were intrinsic to IPSecurityCenter and not bolt-ons from other software vendors. Automated reporting and communications meant there was flexibility in the frequency and format of reports on incidents and trends without increasing management or production overheads.
We needed a provider who understood the significance of the threats faced by a global organization such as IBM. We had to have software capable of integrating and automating our defined corporate security policies, initially across the U.K. and potentially expanding to geographic roll-out. We needed a system to consolidate and analyze events and communicate actions to response teams, thereby providing the business with real-time situational awareness and response. We wanted on-screen operator guidance and workflows to reflect differing procedures, even on a site-by-site basis. The fact that these workflows were graphical rather than in computer script meant our security managers and operators could understand the workflows and contribute to improving them.
CNL understood the need for scalability and consistency to support in-country, regional and global deployment. They worked with us to customize the solution ensuring our current and future operational needs would be met.
Another important factor was speed of implementation. We did not want to be constrained by legacy equipment or future security applications requirements. IPSecurityCenter's graphical design approach meant we were able to rapidly integrate our legacy and disparate devices as well as incorporate our security policies and procedures within our project timeframe.
We wanted to work with a company that could demonstrate a background in security solutions as well as software expertise and that had the credibility and experience to match a project of this scale.
IPSecurityCenter consolidated security operations in 22 buildings across our operations in the U.K. We are moving from five command and control centers down to one. This represents major cost savings to us, not only in terms of the reduction in the number of man-guards but also in building services and running costs. We estimate our ROI will be less than 24 months. The solution will provide the business with operational flexibility I never imagined possible.
The built-in and tailored reporting gives visibility of operational efficiency and demonstrable security policy compliance. Customized user interfaces reduce training needs and improve operator effectiveness.
By combining process flows with automated communication, we are delivering improved situational awareness and distributing incident intelligence to point of need. Integration of new and legacy systems is preserving existing investment deferring procurement and therefore delivering rapid return-on-investment.
Overall IPSecurityCenter gives IBM enhanced security, greater control and operational efficiencies.
The software is scalable. The .Net architecture of IPSecurityCenter and the ability for it to expand to include new devices means that we can add extra server capacity to accommodate any future requirements. We have ambitious plans for IPSecurityCenter to manage more business processes, more applications and more devices on a wider geographic basis.
We have found the flexibility of IPSecurityCenter to be both a major benefit and a challenge. It has made us reexamine and think deeply about our security policies and procedures and to optimize the way we implement them.
In the relatively short time we have been working with the software, we have come up with many ways we would like to expand its use in the future. We are delighted to be part of the IPSecurityCenter Customer Advisory Board, so we can work with CNL and other users of IPSecurityCenter to help set the future direction of developments.
Gap in Expectations?
No, on the contrary, through our close collaboration we are seeing more and more security and business applications that we can incorporate into the IPSecurityCenter CMS. Also we are beginning to benefit from what other users have achieved with IPSecurityCenter and are keen to share our experience with them. We see the sharing of best practice with other users as one of the major benefits of the system going forward.