Replacing a 24/7 third-party security monitoring contract with a self-managed UniFi stack

Securitas was being paid to watch our cameras, maintain licensing on a legacy VMS, and respond to alarms. In practice the response was email-based, the review workflow required their portal, and the contract bundled licensing we couldn't otherwise buy. Every year the invoice went up.

Three things changed the economics:

• UniFi Protect matured into a full-featured VMS with AI-based person/vehicle detection at a hardware-only cost model (no per-camera license).
• Our internal team grew capable of running incident review ourselves — the 24/7 monitoring wasn't actually generating actionable calls.
• UniFi Access replaced the legacy badge system with a modern, centrally managed access control layer that we already owned the network for.

I built this with four rules to keep it defensible and not just cheaper:

• Unified platform, one pane of glass — doors, cameras, events, all in one operator view. No tab-switching between vendor portals.
• Segmented surveillance VLAN — cameras cannot reach the business network; Protect NVRs are the only ingress path.
• Storage tiered by zone — critical areas (reactor access, loading docks, server room) get higher retention than break rooms. Same hardware budget, better coverage where it matters.
• Ops-floor visibility — a custom lightweight viewer (camera-viewer) runs on plant displays. Operators see feeds without logging into Protect.

The migration ran in phases so we were never without working cameras or badge access:

• Phase 1 — UniFi Access deployed in parallel with the legacy badge system. New hires provisioned on UniFi; existing users migrated batch-by-batch.
• Phase 2 — Protect NVRs and cameras installed starting with the highest-risk zones (main entries, loading dock, reactor floor). Securitas kept in the loop but gradually disengaged.
• Phase 3 — Cut Securitas monitoring. Incident review moved to our internal team with defined SLAs and a documented playbook.
• Phase 4 — Retention, redundancy, and off-site backup of Protect footage formalized. Policy reviewed with operations and safety leadership.

The program is running with better coverage, faster incident response, and lower operating cost. Six months in, we've used Protect's event search and AI detection to close incidents that would previously have required Securitas to pull footage and send it via email.

The recurring savings are only half the story. The real win is that physical security is now a platform we own and can extend — door events trigger camera bookmarks, the muster system reads UniFi Access to verify who's in the building during an alarm, and new cameras or readers can be deployed in hours, not a change-order cycle with a third party.

A few things I'd tell another mid-market shop thinking about the same move:

• The licensing trap is real — third-party VMS contracts often bundle software you can't operate without the monitoring portion. Price the unbundle carefully and plan for the replacement workflow, not just the replacement hardware.
• Ops-floor UX matters more than operator UX — the people who need fast camera access are the maintenance and production crews, not the security operator. Design for the floor first.
• Network segmentation is non-negotiable — surveillance traffic on the business VLAN is how you end up in a security whitepaper for the wrong reasons.
• Document your retention + chain-of-custody policy before you cut the existing vendor. Do not improvise on the day someone needs footage from three weeks ago.