Leaders in the Security Convergence: An Exclusive Security Dealer Roundtable

Oct. 27, 2008
Panelists discuss: How convergence offers the ability to leverage technology for more effective security.

Susan Brady : Discuss the trends in convergence and the benefits it offers as far as operational efficiencies, cost savings and improved security.

Michael Godfrey, CTO at Visual Defence: There are a number of trends within the security convergence space, each of which contributes to operational efficiencies, cost savings and improved security.

Obviously, foremost among them is technology convergence . The ability to integrate IP technologies with existing analog components—for instance, adding IP cameras to an existing installation of analog cameras and having them work as one system—provides customers with a cost-effective transition to digital infrastructure.

There has also been an increase in the demand for vendor convergence , an open architecture approach that allows customers the freedom and flexibility to choose vendors with the best-of-breed solution to meet their particular needs and/or tie one or more vendors into a single converged security solution.

The growing prevalence of systems convergence is another trend to note. Systems convergence is a comprehensive approach to security management that gives customers the ability to customize a solution that will provide a single point of management (one GUI) for a limitless number of subsystems including video, access control, fire alarm, and building management.

Another trend with significant cost-savings implications is applications and tenant convergence , a far-reaching enterprise solution that gives customers faster return-on-investment by using existing security assets for multiple applications like security, marketing and operations. Tenant convergence is the ability of multiple tenants to access a single system. For example, a retail store may use existing security cameras for marketing purposes to count the number of people who stop at a display.

One of the largest benefits of convergence is the en hanced ability to handle risk mitigation and control: provide operators all relevant risk information within a central system, creating fast, intelligent event response by reducing the risk and time associated with gathering and interpreting data from individual systems.

David Ting, CTO and co-founder, Imprivata: Increasingly, corporations are asking how to leverage all their security resources in order to protect their corporate assets – personnel, physical property, intellectual property, data and brand assets. Well-publicized data breaches where customer information was lost—and all of the resulting bad publicity and impact on the brand—are causing the CIO, CSO or CRO of an organization to reexamine how best to control and track access to IT assets.

Convergence offers a way for real-time information from the physical access system to be used in the decision to grant or deny a user access to either the network or to remote access. The ability to obtain the location and status of a cardholder's badge allows the IT system to add location awareness and employee status to the network access policy. This in turn allows an IT administrator, for example, to ensure that someone logging onto the computer network is actually in the building or in some cases within a specific work area such as the server room. Checking the cardholder's badge status allows the IT system to deny a user from logging onto the network or gaining access through the remote access VPN port once physical access privileges are revoked. This instant lockout ensures that all IT resources used by an employee can be quickly secured on termination of employment. Convergence of logical and physical events also allows for the creation of a single access report for all cardholders that records the timeline for all IT access from the physical access event of badging into a building to the logical access event of logging onto a computer or launching an application. This type of report is invaluable for demonstrating compliance and for investigation of improper access.

Christian McMillan, director of business development, Fault Tolerant Servers, NEC Corporation of America: As security progresses from an analog to a digital world, the system increases in complexity, but needs to be managed as one entity. Completely separate reporting structures and a lack of overlapping knowledge for physical and IT security staff in many companies will take some effort to overcome, but companies can recognize real benefits by converging IT security with physical security functions. Door to desktop initiatives allow a simplified IT structure, where fault tolerant servers can support the entire system, saving companies money via a streamlined operational process, limited downtime, and reduced IT administration costs. These fault-tolerant, high-availability servers can also support the more complex systems and software necessary to provide better ongoing security as well as after-the-fact detection and assessment of suspicious or malicious activity.

Steve Goldberg, president & CEO, Vidient Systems: It is not uncommon to view Internet technology as a productivity tool. The IT security market is a perfect example of this benefit. As the use of networking and the Internet has grown an individual corporate IT manager could no longer, first hand, track and assess the validity of specific users and/or data traffic. IT security technology, e.g. firewalls, intrusion detection systems, virus detection, and the like, has leveraged the skill of the corporate IT ‘human' resources and provided exponential improvement in data security. In the case of physical security, there is no reason not to expect that technology cannot produce the same productivity gain. Wireless communications, improved video processing and storage, data networking, multifactor access control, and video analytics and content analysis are new technologies ready and waiting to be leveraged in the physical security market. The convergence of IT and physical security is part of a natural consolidation of corporate resources. One security group with a common set of objectives, a centrally managed security infrastructure, and highly leveraged workers brings cost savings and improved security.

Brady: Are there unique problems dealers should be aware of when deploying integrated systems on the network?

Godfrey: Dealers must have an understanding of the overall network design when deploying integrated systems on the network. They need to have a good sense of bandwidth available, existing network security issues, IP addressing schemes, limitations in regards to IP addressing and the number of TCP Ports, any issues with network address translation (NAT), public versus private, and firewalls.

Dealers must also have an understanding of whose network it is. Does security have a dedicated network or are they working off the IT network? Dealers need to know who is responsible for the network, and understand the rules and internal IT polices associated with the network.

Dealers will need to confirm network validation prior to installation. They must ensure the network is adequate to support the security application to be deployed.

Ting: Not all customers are ready for working with a converged solution. This can be due to any number of reasons, ranging from having physical access systems that are not IP capable to having closed solutions that can't be integrated with IT access control systems. There are also IT organizations that are in various states of deploying identity management solutions and are not yet ready to tackle implementing converged solutions.

McMillan: Dealers need to understand that to deploy integrated systems, their workforce needs to be fairly diverse. Integrators should actively recruit employees with knowledge from both worlds in order to offer a comprehensive solution. The more forward thinking security solutions integrators are already educating their staff on the technology side, building expertise in TCP/IP and network administration to round out their offering.

Goldberg: Two historically different groups, IT security and physical security, bring with them years of unique jargon, business methods, personal relationships, and variations of similar technology. Successful integration will require solid early-stage systems engineering where product interfaces, common management tools, shared communication links, and appropriate computer processing resources are all considered prior to actual deployment. Additionally, cross training of management, maintenance, and support staff will be key to a seamless integration.

Brady: Danny Forrest, president of Houston, TX-based, Advantage Security Integration, Ltd, states this month in the “Profile of Proficiency” article that there is a perception problem with the way potential clients view the security industry as just being able to supply one end of the total picture, whereas the IT guys are perceived as being able to do it “all.” Can you comment on that thought and also give Security Dealer readers advice on overcoming this perception?

Godfrey: I thoroughly agree with Danny that this is a common notion. The issue is that neither side fully understands the other. Typically, the IT guys completely customize systems whereas the security guys are accustomed to working with a product out of the box. The security bunch still have a way to go in terms of understanding the intricacies of networks and the effects that running their applications on them will have. The IT group, however, doesn't have the full understanding of the breadth of physical security requirements.

Ting: Convergence is pushing both IT and physical security integrators to become more aware of what is happening across the divide. We really haven't seen one side be favored over another side—in fact, we've seen both sides move more towards the middle—but sometimes the best way to combat a perception like that is to proactively show your capabilities in that area or to show how well you work with companies that are known for success in that field.

We have seen numerous physical access integrators take on the challenge to become more aware of IT security issues and take steps to add that technical expertise to their organizations. This has taken the form of either adding additional personnel who are from IT security or training in-house personnel on IT security issues. Increasingly, we are also seeing far more integrators building out in-house test facilities for evaluating IT products such as IP cameras, IT access control systems, identity management products, etc.

We are also seeing strategic partnerships being set up between IT and physical security integrators, where each partner stays focused on their specific area of expertise and leverages the strengths of their counterparts for joint sales and deployment. This is often a good way to go, as you don't need to spend the additional time and effort educating the industry on new capabilities—you are instead able to point to your partner's success and vice versa.

McMillan: The market is growing and changing, and the key to success is really education. The IT vendors have made convergence a reality in the security space, and the smart security dealers will embrace this change as an opportunity to broaden their reach. The companies that step up, innovate within the model and publicly embrace these new technological advances - whether they are IT integrators or security integrators - will be the next generation of leaders in the market.

Goldberg: There is really no arguing that, sooner or later, Internet technology will find its way into almost every aspect of corporate life. The physical security plant is not the first segment in industry to experience the Internet revolution and it will not be the last. My best recommendation is that the physical security industry not be defensive about not having the “right tools for the job” but to take the high ground. Clearly, the IT guys cannot “do it all,” given the complexity and the dynamic nature of the physical security problem. The physical security industry has decades of unique experience that must be leveraged. In other industries, partnerships are formed for this very reason. Perhaps, in this case the expression, “If you can't beat'em, join'em” might well be the way to proceed.