Ask The Expert

Physical Risk Software: Should You Build or Buy?

By Daniel Young | April 15, 2024 | 3 min read
DIY software

It’s the job of physical security to protect your most critical assets: your sites, your property, and most importantly, the lives and safety of your people.

So when it comes to physical security software, is it better to build your own platform, or invest in one that’s been developed already? Do you trust your most important data to a vendor or should you attempt to build an application yourself? In the age of Software as a Service (SaaS), this might seem like a dated question, but it’s one that we see some clients wrestle with. The security industry is understandably risk-averse, so it might seem like building your own physical security platform is a safe move.

However, it’s important to understand the risks that come along with building your own platform. This article will take a deeper look at the pros and cons of each approach.

Building your own physical security platform


Control: When you create your own software, you have full control over the development process, project timeline, and the features that are being included in the platform. Your team can customize the software to your own requirements, and integrate it with the tools you already use.


Cost: While control is a pro when it comes to building your own software, it's also a con. You have full control over the product, so when things go wrong, you own those problems. And fixing those problems can cost both time and money. In fact the entire development process is costly, and it’s not just a one-time cost; your product will need constant updates and maintenance over its entire lifecycle. You’ll need a team to maintain, secure, and refine the platform.

Time: Development is also time-consuming. It might be months before your project is complete and you’re ready to track risk with your platform. In that time, any number of incidents could happen.

Expertise: Your team might include physical risk experts, that doesn’t necessarily mean they know how a platform should be designed. Your organization needs to invest in developers who can build a database, for example, and who understand both your grand vision for the software and how to bring it to life.

Subscribing to a physical risk platform


Time: Often when organizations need to assess risk, they need to do it quickly. When you subscribe to a platform, you can typically get started with risk assessment quickly. Even if you’re working with a vendor to customize the product, implementation time is still quick compared to building a product from scratch.

Cost: Subscribing to a platform is cost-effective, especially if that software meets your requirements out of the box. You’re not just paying for the software; you’re also also paying for ongoing support from the vendor, including training, troubleshooting, constant improvements, and patching. A subscription is also more scalable than bespoke software. As your organization grows, you can simply move to another price tier.

Knowledge: When you subscribe to a platform, you’re outsourcing the development and security of an app to a team of experts, which allows you to concentrate on what you do best: physical security.


Customization: You don’t necessarily have as much control over the product as you would if you designed it yourself. However, these days, most SaaS solutions will work with you to customize a product to your organization’s unique needs.

Security controls: You do not have direct control over the vendor’s cybersecurity controls. However, this may be good news for some organizations, because the burden of complying with security regulations is shouldered by the vendor. Businesses that need advanced levels of cybersecurity controls, however, can often negotiate with the vendor.

ACAMS: A cautionary tale

In 2005, the Department of Homeland Security developed its Automated Critical Asset Management System (ACAMs). It was developed to be a secure web-based inventory of critical assets, so that organizations could better understand their risk. Millions of dollars were spent developing the system, and barely anyone used it. At the time, there were other products on the market that could have done the same thing while saving the federal government time and money. Eventually ACAMS was shut down in 2014.

When deciding whether to build or buy, it’s important that your team takes a long hard look at your needs, your budget, what’s available on the market, and whether you truly need to develop your own application.

Can you Afford to Wait?

Want to learn more? Subscribe to the Circadian Risk newsletter to get more news about physical security and risk.

Are you ready to improve your organization’s risk management?

See Circadian Risk In Action Now
Schedule FREE Demo