In the case of a self-hosted solution, the software provider supplies the application and the integrator is responsible for creating the self-hosted operating environment. As discussed, the integrator can choose to provide the datacenter, servers, power, cyber-security protection measures and IT resources themselves or outsource to an IaaS provider. In the self-hosted case, it’s up to the integrator whether to provide an SLA and what uptime their infrastructure will be designed to deliver.
A New World of Standards
While central alarm monitoring is a unique security industry service with a limited amount of industry-wide operating standards such as the CSAA Five Diamond Certification program, Web-hosting is a global IT service with well-recognized operational standards. Integrators looking to provide self-hosted services meeting IT standards should become familiar with guidelines published by the Cloud Security Alliance (cloudsecurityalliance.org).
Another useful tool is NIST Special Publication 800-53, Revision 3, “Recommended Security Controls for Federal Information Systems and Organizations.” While the NIST document is particular to the federal government, the concepts and recommendations are directly applicable to an integrator looking to provide hosted IT services. Yes, that’s right: when you choose to provide hosted or managed access control and/or video services, you are providing hosted IT services and will be expected to comply with these standards.
Regardless of the infrastructure choice made between self-hosted and SaaS, using the baselines provided in these standards, integrators should be prepared to answer the following types of questions from prospective clients:
1. What is your track record of availability and SLA guarantee?
2. What are your data security controls and how are they audited?
3. Do you have multiple, secure, disaster-tolerant datacenters?
4. Does this service require any inbound holes in my firewall?
5. How does this service perform device authentication?
6. How do you perform ongoing vulnerability assessments?
7. Does this service provide two-factor administrative authentication?
8. How do I integrate this service with other business applications I have?
Once decisions have been made on how to provide the services, we can turn our attention to the fun part, choosing how and where to sell your services.
Let’s Get Ready to Sell!
Hosted and managed services require a professional, consultative sales approach (see sidebar for a specific example). This is not bid work; projects are generally not advertised as RFPs. You have to go find the opportunities.
Now that you are ready to find customers, how should you do it? Here is a list of potential ways to generate leads for your business:
- Web site and search engine optimization
- Architects & engineers
- Direct mail and E-mail campaigns
- Security consultants
- Leads from your SaaS partner
- Associations (BOMA, IFMA, ASIS)
- Working the territory
Examples of business types that are good prospects for hosted and managed services include any of the following:
- Medical offices
- Child care locations
- Multitenant properties
- Fitness chains
- Law firms
- Multifamily properties
- Housing authorities
- Utility companies
Building an RMR business will take continuous effort, focus and discipline. Start the renaissance of your business by getting out of that installation rut and forging a new future for your service-based business with hosted access control.
John Szczygiel is Executive Vice President, Business Development for Brivo Systems LLC (brivo.com).
Page 2 of 3 pages <