by Brad Wilson, CPP

The security industry is abuzz with talk of convergence: the melding of physical security with IT security. Security threats now come in many forms; the intruder at the door and the intruder sailing in over the Internet. Security experts and IT leaders alike have found that the pairing of physical security with IT security makes for a more formidable defense system. But what are the factors pushing this paradigm shift, and how can organizations gain from it?

Various Theories on Convergence

Theories about about what is driving the move toward converging physical and IT security. Some trace its origins to the 9-11 tragedy, which made security a top priority.
Others say convergence has grown because of the development of new technologies, like the smart card. Embedded with an integrated circuit chip, this card provides not only memory capacity, but computational capability as well. Its ability to hold more and varied types of information makes its use for access control attractive for both IT and physical security. A 2004 report by the SANS Institute notes that smart card use is expected to grow from 14 million cards in 2002 to 36 million cards in 2006, a compound annual growth rate of 27 percent.

Convergence is also being driven by new statutory requirements such as the Health Insurance Portability and Accountability Act, Sarbanes-Oxley and the Personal Information Protection and Electronic Documents Act. These requirements mandate higher levels of data protection and privacy, and since data and privacy can be compromised by breaches of physical or IT security, companies are finding it necessary to consider both avenues.

How Far Along Are We?

All the talk about convergence is definitely driving the introduction of new security products that allow easier network integration and enable more efficient sharing of data. Manufacturers recognize that nearly all facilities now incorporate extensive IT infrastructures, and in response have begun to develop products that use Internet protocol (IP) to communicate between devices and can operate on the same networks that companies use to run their business.

The interest in security convergence also focuses more emphasis on the use of open standards in product design. An open system can incorporate any component designed to industry standards. This is important because it enables interoperability and integration with other systems.

The convergence movement, in fact, has prompted a group of security companies to form the Open Security Exchange, a organization that plans to define best practices and promote vendor-neutral specifications for integrating security devices and services onto a company's IT network.

How Organizations Benefit from Convergence

Higher levels of security, easier sharing of information and greater management efficiency are just a few of the reasons convergence is gaining momentum. One of the biggest boons to convergence has been the availability of DVR systems, which offer new capabilities not feasible with analog VCR monitoring, among them new and enhanced management uses, remote video monitoring and networking capabilities. Multi-site corporations find digital video especially appealing because it allows for remote, centralized monitoring. Using a standard Web browser, security officers can log into the system via a secure IP address to view reports as well as live or recorded digital video from anywhere in the world, opening up many possibilities for streamlined staffing and cost, time and travel savings.

Another factor that makes IT and physical security convergence attractive is the ability to share information in ways not previously possible. The perfect example is an organization that links the Human Resources function to security via the corporate network. When an employee is terminated, security automatically receives a data transmission from HR that immediately deactivates the employee's building access card to any number of office locations, eliminating numerous clerical functions, saving time and enhancing security because the card deactivation occurs instantly throughout the organization. On the flip side, that same organization can just as easily provide new employees immediate access to some or all of its locations and promoted employees access to areas that were previously off limits.

Converged security can also restrict or deny the printing of sensitive or proprietary company documents. Integrated security systems can require that an employee's access card showing the appropriate security clearance be inserted into a printer before printing is allowed.

Where to Begin

A skilled security systems integrator can be invaluable in supplying both the technical knowledge and security expertise to make a convergence project successful. In selecting an integrator, look for one with plenty of high-tech talent on their team and a history of handling IT and physical security convergence projects. Ask about their staff's experience as well. An integrator who knows how to speak the IT language will likely have staff with certified experience in networking, databases and operating systems.