These days, physical security is blending with IT in ways never before thought possible. Corporate computer networks, once strictly the bastion of IT departments, now play host to a wide variety of security functions.
While IP-based equipment can lead to security improvements, this brave new world also requires the cooperation of two often very different areas of an organization: the security department and the IT department. Several longtime security integrators were asked to discuss the best approaches for the physical security department planning a jump onto the corporate network.
The Ground Rules
First of all, the two departments need to establish an atmosphere of trust and mutual respect in order to work well together. When initiating a project to place security functions on the corporate network, the security department can get off to a good start with IT by showing early on that they understand IT issues.
“You have to prove your competence,” said Jim Coleman, president of Atlanta-based Operational Security Systems Inc., who has more than 30 years of experience as a security integrator. “You have to show that you are comfortable and knowledgeable in working with IT technology and networks.”
This could be difficult for some security department staff members who may come from a law enforcement rather than a technical background, and who may not have a high level of networking knowledge and experience. That's where a highly skilled security systems integrator can be a true asset. The integrator can supply both the technical knowledge and security expertise needed to ensure that everyone is on the same page.
“Once (the IT staffers) know your team knows how to ‘play' in their space—in other words, that you know what you're talking about regarding networking issues—then things go a lot smoother,” Coleman said.
Brad Wilson, a longtime security integrator and president of RFI Communications & Security Systems in San Jose , agreed. “The first concern (IT staffers) have is, ‘Who are you? What do you know about networks? What do you want to put on my network?'”
Wilson noted their suspicion is not surprising considering all the various functions—from enterprise applications to IP-addressable video—competing these days for space on a company's network. “It's like you've got this multi-lane freeway, and who gets the commuter lane?” he said.
IT departments are understandably cautious because they are responsible for keeping the network running smoothly. “They want to make sure your equipment will adapt well to their environment,” Wilson said. “If you can show early on that you understand their environment and are sensitive to their concerns, you can put the IT people at ease. This will make for more productive meetings from the beginning because you've established credibility.”
Bill Savage, a seasoned integrator and president of Security Control Systems, emphasized the consequences of neglecting to lay down a foundation of credibility at the start. “I think we have all had experience with what happens when the IT department doesn't buy into the project,” he said. “The IT department can place so many different hurdles that must be overcome that it can stand in the way of the effectiveness of the system. On the other hand, if you have your facts and figures (bandwidth requirements, data and network security provisions, etc.) covered, the IT team can help make the project an efficient success.”
Another thing to consider when approaching IT is having certified professionals on the security team. There are numerous industry-recognized credentials that help to demonstrate knowledge. Among these are Microsoft Certified Professional, Microsoft Certified Systems Engineer and Cisco Certified Network Administrator. Other certifications, such as Certified Protection Professional and Physical Security Professional, awarded by industry associations, also help to demonstrate competency. A four-year degree in computer engineering or a related field also says something about ability.