The term convergence is being heard more and more among security professionals these days. And while it might sound like just another “buzzword” about something that will happen in the future, anyone with responsibility for physical or IT security needs to understand what convergence is all about and stay informed—because the future is now.
A rapidly growing trend
In a nutshell, convergence refers to the growing realization that physical and IT security are two sides of the same coin. Effectively securing an organization in today’s world requires protecting both physical and information assets. So instead of separate departments independently working on these two aspects of  security, these areas are being increasingly melded into a single department. (Even if the departments aren't actually combined, the need to more closely work together still remains.)
At the same time, driven by the new threats of a post-9/11 world and the expanding legions of “hackers” solely focused on penetrating the organization’s IT network and stealing critical data, security as an organizational function has grown dramatically in importance. So it’s little wonder that more and more organizations are creating a new “C-level” position—the Chief Security Officer.
“We see convergence as the single most important shift taking place in the security industry,” says RFI president, Brad Wilson. “Our clients are recognizing the need to integrate physical and IT security, and are looking for answers on how to effectively accomplish this integration as quickly as possible.”
What is driving convergence?
The convergence of IT and physical security is being driven primarily by the following factors:
Common threats. While many security tools are focused on either physical or IT security, threats aren't that cooperative. An organization's data can be compromised by someone hacking into the network from the outside, or by an employee entering a restricted area inside the facility and stealing files. Attackers will survey both physical and IT safeguards and look for the most vulnerable point of entry. So should you.
 New technologies. Recent technological advances in security can address both physical and IT security needs. To illustrate, in the final analysis a great deal of the security function, whether physical or IT, comes down to controlling access. To protect IT assets an organization will install a physical access control system for server rooms, as well as an identity management system that requires employees to log in to access the network. So it makes sense to think these issues through holistically. A technology that can effectively cover both these needs is the "smart card." A smart card can be programmed to allow an employee physical access to the building, as well as the ability to log into the computer system.
Cost efficiencies. Integrating physical and IT security can be very attractive from a cost control standpoint. As illustrated above, employing the same technology for multiple uses, such as physical and network access control, is more cost-efficient than dedicating separate technologies for each need.
Compliance issues. In many industries, including government, healthcare and financial services, organizations are required to assure a specified level of privacy and data security. Since data can be compromised through breaches of either physical or IT security, both areas must be addressed to ensure compliance requirements are met. And in the case of a compliance audit, the organization will likely need to show that both physical and IT security measures are in place and integrated.
A change in thinking
This melding of physical and IT security requires a fundamental change in thinking for many managers charged with organizational security. Simply put, managers should now approach security issues and projects from a holistic standpoint; for example, by actively looking for and employing technologies such as smart cards that address both physical and IT security needs.
This area is of such importance that we will continue to address its various aspects in future issues of the Integrator. In the meantime, if you are looking for assistance in this area, contact your RFI representative for a physical/IT security audit and specific recommendations.
|
