Security Technology Executive editor Steve Lasky recently caught up with current ASIS International President Raymond T. O’Hara, CPP, to discuss issues impacting the security end-user.
Here’s a look at what he had to say:
If you had to highlight two of the most critical issues facing an enterprise-level security director today, what would they be and why?
O’Hara: The two most critical issues facing today’s enterprise-level security director are globalization and virtualization — for the simple reason that businesses operate in a 24/7 global economy. Organizations of all sizes across the spectrum of vertical industry sectors are conducting business in emerging markets around the world. Even the smallest of companies with its domestic customer base finds itself sourcing products globally. The world has grown smaller and the economy more volatile. Organizations are challenged to do more with less, especially within the security function.
Rapid technological advancements have made it possible for organizations to access and communicate information 24/7 from virtually anywhere in the world. For the assembly plant in Des Moines waiting for product from its factory in China, critical status updates are virtually a click away at any point in time from any place in the world.
Globalization and virtualization are a reflection of rapid advancements in technology that are propelling businesses forward. Cloud computing, social media, and various tablets and hand-held devices with advanced software are just a few of the technologies and tools that support and enable these advancements — each of which poses risk to the organization. Enterprise-level security directors are in position to strategically examine and analyze these critical issues and their potential impact on the business.
We have been talking about the converging roles of security directors for almost a decade now. How crucial is this converged approach to security and risk mitigation?
The convergence of traditional and logical security roles and functions is not only crucial, it is imperative for organizations to be competitive in today’s global marketplace. Increased incidents of complex and unpredictable security-related risks such as terrorism, data breaches, Internet viruses, theft, extortion and fraud require companies to develop a comprehensive approach to protect the enterprise.
Several factors — both internal and external — are driving the continual evolution of security convergence. A rapid expansion of the enterprise ecosystem as a whole is one of the main drivers. Enterprises are becoming more complex to compete effectively and efficiently in a global economy. Outsourcing to a third party, which has become common business practice for many companies, adds another layer of organization and additional security risks in most instances.
Secondly, the greatest portion of value is shifting from physical to information-based and intangible assets. This brings about an even greater need to integrate traditional and logical information security throughout the entire enterprise.
With regard to technology, the blurring of functional boundaries of physical — or traditional security — and logical security persists. This trend was first seen in the area of access control technologies, which leveraged the network and merged the physical and logical aspects of security. The rapid advancement of IP technology has introduced new efficiencies in video and other traditional physical security and building operating management systems.
New regulations have certainly driven convergence, but one of the most significant factors impacting this trend is the continuing pressure to reduce cost. Convergence offers organizations new levels of effectiveness and efficiency in security operations. Globalization and virtualization both exist and thrive in a converged world and optimize new business opportunities for organizations.