The Next Level of Convergence

May 1, 2008 12:00 PM, By Michael Fickes

Microsoft Corp.'s salespeople are putting the company's global security department to work.

When talking to local, state and federal agencies about Microsoft products, the sales teams often showcase the security department's network of three global security operations centers (GSOCs). The state-of-the-art centers manage video surveillance and access control systems; they lock and unlock doors; they dispatchsecurity officers and vehicles; and they host emergency operations teams.

Most important to the sales force, all three GSOCs have integrated a host of Microsoft applications and configured the GSOC network to be security officers and vehicles; and they host emergency operations teams.

Most important to the sales force, all three GSOCs have integrated a host of Microsoft applications and configured the GSOC network to be interoperable.

“Most emergency operations centers stand alone,” says Mike Howard, general manager, Global Security for the Redmond, Wash.-based Microsoft. “We designed ours to interoperate. If an earthquake shuts down the Redmond GSOC, the GSOC in the Thames Valley in the United Kingdom can take over and manage all of the security technology at the Redmond campus. The same is true of our GSOC in Hyderabad, India. These facilities ensure business continuity for Microsoft security.”

Howard and his GSOC staff have created presentations to show off the capabilities of interoperable emergency operation centers to customers with an interest in emergency operation center technology. “Our sales people use the centers to demonstrate Microsoft products to Homeland security agencies, state and local law enforcement groups and others,” Howard continues.

And that's what Howard intended when he created the GSOC concept for Microsoft three years ago. His goal was to enhance security for Microsoft's people and property, while, if possible, building something of value for the corporation. Howard calls that strategy “revenue-influencing.”

“We're not there yet,” he says. “But at some point we want to go from being a cost center to being a virtual profit center by helping to generate revenue.”

Working to secure value

The idea that a security department should do more than provide core security services has been percolating through the strategies of chief security officers at the world's largest multinational companies — such as Microsoft — for years. Senior executives in these corporations expect everyone with a C-level title to figure out how to go beyond core competencies and to find ways to add more value to their businesses. Chief security officers and security directors with other senior titles are not exempt.

It is such an important idea that the Security Executive Council was formed to research value-added issues connected to security and to develop tools and concepts for security directors to use. “Security directors deal with two kinds of risks,” says Bob Hayes, chief security officer and managing director of Security Executive Council. “First are security risks with a business impact — such as product theft. Second are business issues that affect a company's security. Outsourcing is a business issue that can affect security. If a corporation outsources IT to a company in India, for instance, how will the corporation do background checks? That's a business issue with huge ramifications for security.”

Security Executive Council members, such as Microsoft's Howard, use the term convergence to describe the concept of handling business issues that affect a company's security.

Security directors across the country are developing strategies that will enable their departments to contribute substantive solutions to business challenges that raise security questions. First things first, though: before you can contribute, you have to find a seat at the table in the C-suite.

Getting a seat at the table

In the past, security directors haven't viewed themselves as part of the corporate management team. They work for the company, but they remain separate. “That's a formula for a narrowly focused approach to security where you write policies and procedures, but don't look at an organization's overall goals,” says Joseph John Gulinello, an adjunct assistant professor in the corporate and Homeland security program at St. John's University in New York.

But some organizations just don't operate that way; they don't want the security director sitting in on meetings of senior executives. “My advice is don't work for those kinds of organizations,” Gulinello says.

Once a detective in the New York City Police Department, Gulinello left to become head of security for a major hospital system in New York City. Before accepting the offer, however, he told the CEO: “I know enough to see that you have a lot of problems, and that is why the last security director isn't here anymore. I can see that you want to get things done. The only way I'll take this job is if I have an open door to you, and if I report to someone at a very high level — close to you.”

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue