The Interview: Sir William Gallagher
Sir William Gallagher heads up New Zealand electronic security manufacturer Gallagher, a company that is unquestionably a world leader in access control and automation solutions. Sir William is a witty and erudite lateral thinker, rich in anecdotes, who rarely takes his eye off underlying business principles.
JA: How old were you when you first started on the factory floor at Gallagher, Sir William?
SWG: SCUBA diving was my thing when I was young – I was still at school and was running a little business making SCUBA regulators. I was about 22 when I joined Gallagher – it was a 10-man band back then and now we have 950 staff on the direct payroll and about 1100 staff in total. We’ve certainly grown a bit.
JA: What do you put the growth of the Gallagher business down to?
SWG: Customer demand is the key. If you are going to be successful in a global sense, you need to come from a market with the most demanding customers. In one part of our business it’s agriculture – New Zealand would be the only country with a western standard of living and an economy based on unsubsidised agriculture. When it comes to electronic security, New Zealand is not the most demanding market as we don’t have that much crime here. But we do have significant involvement in countries around the world where crime rates are higher, which pushes us to be at the top of our game. There are also many competitors in the ANZ access control market considering the market size and that has really driven technology ahead. As an example, we find many more of our system features are used inside ANZ than outside.
JA: Does satisfying those requirements mean customisation of Gallagher solutions to meet the specifics of lateral applications?
SWG: Often and we have a 12-person customisation team to support customers and integrators in this area. It’s certainly a key area of the business that feeds into system functionality. When you get into some of the big mining projects, a feature will be well worth a customer spending money on – in one case, a software development costing $NZ100,000 ended up saving a large mining company $6 million a day.
From our perspective, it’s about establishing what a customer wants to achieve and establishing whether there is a better way of achieving it. After our team receives a request, we will come back with a proposal outlining what we will do, the estimated cost and the time it will take us to create the customisation. Obviously, once a development has been created for one customer, it’s much less expensive to include this IP in subsequent releases of our management system.
Over time we have evolved a powerful product by meeting customers’ operational requirements. In another recent example, a development for a client in the U.S. involved automating a lockdown function at a school. Using the old manual system, it took about 20 minutes for a response to develop after an alarm event. Our customisation is so proactive an active shooter was caught between the secure layers of the school and quickly arrested.
JA: When you get into process control, automation, streamlining of core operational structures, the return on investment is considerable, particularly spun out over many years?
SWG: Yes, return on investment is a huge thing for some of our big customers and it’s an area we’ve been focusing on for a long time. Many of our features are driven by what I call ‘customer demand development’ and a lot of it is streamlining business process, not just security, which may not be the biggest goal of half our customers. For example, we can manage and enforce health & safety procedures. Health & safety policy manuals can be very difficult to apply but at the same time, H&S has a larger budget. When you get into health and safety compliance, especially here in NZ and Australia, where there is director-responsibility on H&S, it really focuses the attention.
Elsewhere, return on investment comes from automation that lead to operational efficiency. I’ve just been to Zambia to visit the copper mines there and they are using our access control and automation system for process control via an integration with the SAP's enterprise resource planning system. This allows them to manage the movement of copper ore in 250, 350 and 400-tonne trucks. In this case, the load number and weight all comes up on the Gallagher management system in real time allowing monitoring and report generation.
These big mines also manage staff competencies which are included in an HR database that populates our system. It allows warnings to be generated at the reader, informing cardholders that without undertaking refresher courses, qualifications will expire in a certain number of days, after which the worker won’t be able to enter the mine. There’s also messaging and mass notifications where you can send a cardholder a message and if there’s no response the message can be elevated to a supervisor to ensure a worker is not denied access for not following the instructions from the system.
JA: Would you say that much of the functionality of the latest iterations of the Gallagher solution are reflections of the requirements of the end users over many years – evolution by application?
SWG: Yes, they are – over many years we’ve automated aspects of our customer’s access control and automation functions. An application I mentioned earlier involved a mine that was using manual tag boards to manage blasting, which was taking an hour-and-a-half twice each day. Customisation of our system got this down to 10 mins per blast and saved our customer 3 hours a day. Given the mine costs $2 million an hour to operate, that’s a daily saving of $6 million – it makes me wonder if the bill for our customisation was a bit small.
Sir William on the factory floor at Gallagher in Hamilton, NZ
JA: When it comes to technology, what do you think makes Gallagher’s solutions so strong in the high security market?
SWG: It comes down to how long we have been working on the high security aspects of our solutions. We’ve been focusing on these areas for decades, while competitors are only considering them now. What we’ve got for the PIV market in the U.S. – that’s public key/private key for very high level card systems – is a perfect example.
In this case, we had a consultant come down from Boston to look at the Gallagher system for an application and our architecture looked as though it had been specifically designed for the high security application the client required.
This was coincidental in one sense but given our long focus on end-to-end security, it was not unexpected. Our system structure is very different to what has been developed in the U.S. where most solutions are a 3-play – there’s the head end guys who do software management solutions, behind these are Mercury panels and HID handles the card readers. In some cases, the connecting technologies are 30 years old.
We’re quite different and our solution is holistic and built around secure communications. When you come to PIV (public key/private key interchange), you have a lot of data. Weigand is a one-way protocol so it won’t work. Now many systems use an RS-485 bus which communicates at 38k but we now talk via our H-bus to readers at 1Mb, which is very different to 38k. For many manufacturers of cards and readers something like end-to-end encryption is rocket science but we’ve been doing it for 15 years.
Because we are strong in card communications we have developed things like downloadable code – this thing is changing like steam – we can download code from the head end through our 1Mb links and upgrade every reader in a system almost instantly. I don’t think anyone else can do that. For competitors, if a reader upgrade is required, they need a tech out there to power readers down, take readers of the wall, flash the chips, reinstall then re-power them. If you have a few thousand readers, that’s months of work. We can do it virtually instantly. And we have a read range of 38mm – we were the first to pass.
JA: Are other manufacturers continuing to get it wrong when it comes to secure card communications?
SWG: Some are. When it comes to card security there are still plenty of 125 card readers being used in high security applications, such as law enforcement. For a few dollars, it’s possible to buy a device that duplicates these cards. Mifare 13.56 is so much more secure but it can be a hard sell in some markets to convince customers they need to upgrade – integrators often must demonstrate the ease of duplication first hand to make their point.
JA: Keeping up with technology these days is a never-ending battle – where is Gallagher focusing its attentions?
SWG: Technology does move fast and cycles more quickly than it used to. For instance, with Windows 10 there are changes to underlying functionality. Does that mean you go and write your client software again? Everything we do is designed to keep our customers and their IT teams happy. We have recently released our Bluetooth readers for getting security staff mobile. There will be ongoing development there.
Longer term, cloud is a trend we must continue to work on. We are working on credentials as a subscription model, which is a bit different. When it comes to cloud, the provider we are using for the Bluetooth credential is AWS. We are provisioned out of Australia but we can expand anywhere in the world based on demand. We store almost nothing in the cloud but we can keep what we store in the local area, which meets some people’s concerns. ANZ is our largest density of systems, so we are starting there.
JA: How receptive is the market to the latest technologies?
SWG: We get a lot of people interested in our new technologies – there’s been a lot of discussion about a card subscription model. Even talking about a subscription model for credentials is a big change for our team and it’s a big change for the channel. Of course, our integrator partners all have contracts with their customers for ongoing maintenance, so it’s not completely unfamiliar.
We’ve also been getting as many customers as we can signed-up to our software maintenance and that is quite interesting because everyone who is used to software maintenance, including some of our channel partners, sees the value in that. We’ve got several customers signed up for 5 or more years so it’s a mutual commitment. It works well when you’re dealing with the IT department but when you working with the security department you might be dealing with a former military or police officer and they may think they do not want or need software maintenance. Certainly, the IT department looks at SM as a tick box – it’s normal for them.
JA: What is the percentage of systems you install that are governed by the IT department?
SWG: It comes down to size – the small ones are handled by the security department but past a certain size, all the larger ones are managed by the IT people.
JA: Do you think the best technology companies are smaller and often privately owned because a corporate MBA-style of business management that focuses on things like acquisitions and share price performance breaks management’s connection with end users, installers and integrators – disconnects management from the fundamentals of the business itself?
SWG: One of my observations is that most our competitors began as relatively small companies like ourselves – some of them still are smaller manufacturers – but many others have been sold to larger corporations for an unrealistically large sum of money. The way it seems to work when you are run by bean counters is that you fire half the R&D team, which adds to the bottom line and makes someone a hero for a little while. We look at some of our large competitors overseas and they are slipping behind – just to keep up with the platform changes, let alone advance the management system, is very difficult. R&D is vital to success which is why we continue to invest heavily in ours.
JA: The access control market is becoming more price competitive, too. Is that impacting on the business, or are you making in-roads there?
SWG: We are competitive in very competitive markets. We win a lot of big, simple buildings (commercial blocks, residential towers) in China and the Middle East based purely on price. We must be price-competitive because everybody can open and close doors – a big simple building is not complex.
JA: You may be doing well in big simple buildings but at the top end of town with enterprise access control and high security sites Gallagher seems to have become the benchmark, hasn’t it?
SWG: I certainly do believe we are at the stage where we are the best in the world – especially at the high security end. We are very strong in complex sites like mines, airports and seaports. We have about 44 seaports and 82 airports. We have some big airports – Beijing terminals 1 and 2 and Riyadh Airport in Saudi Arabia, among many others. We are not just strong in larger systems, we’re good at dealing with large customers, too.
JA: What about cyber security? There’s been plenty of talk around that area of electronic security systems lately. How are your customers responding?
SWG: Over the past 12-18 months more and more customers are putting us through cyber security testing and all the customers we know about have been happy to share the results. That’s one of the trends at the moment. We have taken on an in-house IT engineer who is looking at the development process early to make sure we figure out any cyber security issues before release. We want to have the system doors tightly locked before products get out there.
JA: Could you put your finger on the biggest challenge you’ve faced since starting in the business?
SWG: Sales is always the challenge – production is usually the easy bit. Another way of looking at it is that technology is the football and it’s really the team that plays the game – you can have the best mousetrap in the world but unless you can get it into the hands of your customers, you’re not going anywhere.
JA: What advice would you give managers and business owners in electronic security – what should they most focus on to ensure their own success?
SWG: You must have a user focus and make it your priority to satisfy your customers’ requirements.
JA: As a company, Gallagher is a philanthropic powerhouse, especially in healthcare. What was the catalyst for this unseen side of the organisation and how important is it for you as a business person to support local community?
SWG: One of the benefits of being successful is being able do the right thing by the community and that is what we do with our sponsorships and charities. Sports would be the biggest focus and that also has some benefits for staff and customers, but it is much wider than that. Being a private family company we don't have the limitation of outside shareholder approval.
JA: You’re not at all bored, are you Sir William? What keeps you interested in the business?
SWG: The thrill of the chase, to close sales, see new places, face life's challenges, keep busy and interesting, do different things, keep learning, never being quite satisfied. To be in business for fun and profit, and to do the right thing by the community, associates and family. ♦
John Adams with Sir William Gallagher