Securing the Underserved: A Look at Security in Rural and Small Communities


Tre Washington, a member of the SIA RISE Steering Committee, is CEO of Integrated Information Systems.

Picture a school district that covers more square miles than there are students in a large metro. The technology director is also the network admin, the AV coordinator and the help desk. The closest integrator is two hours away. The single elementary, middle and high school for the whole county share the same building, with internet speeds that, on a good day, are enough for staff to download coursework. The server room is a converted closet without dedicated cooling, sharing a wall with the building’s old steam heat.

This is the environment where a lot of our industry’s assumptions quietly fail.

It is also, increasingly, where some of our most important customers live: remote school districts, rural health care clinics, small county governments, volunteer fire departments, small-town businesses on Main Street. These are communities that arguably need security the most, and they live outside the assumptions our standard playbook is built on.

The Failure Mode Isn’t What Most People Expect

When small and rural deployments go wrong, the failure most people predict is “they ended up with less than they needed.”

In reality, the more common failure is the opposite. They ended up with the wrong thing entirely, often with more system than they could sustain.

It is easy to walk into a small district, like the one above, with a top-tier enterprise platform that is genuinely excellent in its class, and watch it become the wrong answer over the next three years. The licensing trajectory outpaces the funds, the complexity outpaces the IT capacity, the learning curve is steeper than the training budget. The customer ends up paying for a platform they are underutilizing and cannot easily leave, and the money that funded it could have gone further.

This concept may seem counterintuitive, but the best product is not always the best product for them. We are trained, professionally and culturally, to give every customer “the best there is.”

Vendors reinforce it in their marketing, and our own engineering and sales instincts do the same. But “best” is contextual. The best-in-class platform and the best-fit platform are not always the same system, and treating them as if they are is how this market gets oversold and underserved.

Beyond the Budget

Budget is the part everyone anticipates; nobody is surprised that a small school district has less to spend. What gets overlooked are the second-order factors that turn a system from “installed” to “sustained,” or fail to.

In these settings, the infrastructure is often what’s already there. Aging buildings lead to limited mounting options, network closets (that were not designed to be network closets) are the only head-end we have. Power that has its own opinions during summer storms is the only feed available for our servers, cameras and devices. 

The design that works on paper must land in this environment and survive in it long-term.

Operability is its own constraint. A powerful platform that requires a weeklong class to administer routine changes is not really self-service when the only available administrator is also running the help desk and driving a school bus after 3 p.m. If a customer has the capacity to use three features of a hundred-feature system, the other 97 are shelf weight they are paying to maintain.

Cybersecurity is often overlooked too. Can they keep firmware current? Do they have a path to patch when a CVE drops? Will the network segmentation survive the next IT turnover, assuming they had the resources to configure it in the first place?

The recurring cost picture rarely lives in isolation either. Security system licensing competes with the ten other software subscriptions that all climb yearly, and something has to give. That means our line items are more fragile than they look.

Service response is also a consideration, especially in remote areas. It shapes what “reasonable” looks like for repairability, expansion and local sourcing.

A Few Questions Worth Asking

Before scoping a project in this environment, a handful of questions are worth asking:

  • Can the customer sustain this at year three, year five, and year seven, including licensing and support, and what happens as they grow to the next site or the one after?
  • With the staff they actually have, not the staff we wish they had, can they operate this without a constant reliance on the integrator?
  • When something breaks on a Friday afternoon in February, what is the recovery path? Are parts locally sourceable? Can the system tolerate the time it will take to get someone on site?
  • Can they maintain the security posture itself, including patching, firmware and the basic hygiene the platform assumes?
  • Can they grow this without a forklift, and what are the options if they can’t?

These questions do not have universal answers, but they help surface whether the proposed solution actually fits the customer.

The Discipline

The hardest part of this work is internal. Recommending the right-fit option over the best-in-class one often means going against what we are trained to do, and sometimes against what the customer thinks they want after seeing a demo at a conference. That conversation is part of the job, and it is our responsibility to have it.

It is also worth remembering that the next project, the expansion or the support years out may not be ours. We owe it to the customer to set them up for success regardless. If what we install cannot be built on cleanly, they end up with a stack of disconnected systems that nobody wants to inherit.

The goal is to build something holistic that solves more than one problem, that the customer can confidently own and that leaves them better positioned for whatever comes next. That is the standard worth holding ourselves to, because the customer is the one who lives with what we leave behind.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association.

This article originally appeared in RISE Together, SIA RISE’s newsletter for young security professionals.