When the term “convergence” became a buzzword in the security industry, we all saw it plastered across tradeshow banners and in bold magazine ads, but it pretty much disappeared after just a few years. After all, “cloud” is the hot new buzzword these days.
Lately, a remarkable number of people have told me that convergence “is over” or “has come and gone.” One person said, “Convergence arrived a long time ago.” More than one has advanced the idea that we should drop the word “convergence” altogether, as it lacks clarity and refers to too many things.
If statements about convergence being passé cause security practitioners to stop thinking about security convergence — not just the word, but the actions and concepts it is intended to embrace — then organizational security will be taking a big step backward. Instead of dropping the term, let’s clarify what is meant by convergence, as I would have to agree that “the word” has only gotten us so far down the path.
There are two types of security convergence, and here’s a news flash: Neither one is anywhere near the end of its evolution. Many of us are still missing out on the tremendous value that convergence has to offer.
The first type of security convergence is technology convergence, which impacts electronic physical security systems, and is the result of the more general information technology convergence. IT convergence is everywhere, not just in security. Back in the ’90s, IT convergence was touted as “voice, data and video all on the same cable.” But it did not stop there.
Before long, we had voice, data and video interacting with each other. The first stage of IT convergence, same cable, was a big cost-saver; however, outside of cost savings, it did not impact customer value. The second stage, interaction, is where tremendous customer value has been and continues to be created. Second-stage convergence requires innumerable standards to be developed and deployed. It also requires evolving the cable and wireless communications infrastructure with enough bandwidth to support the high level of data throughput, as well as the interactions among systems and devices.
These days, what we used to call a mere telephone is a class of devices that includes iPods, Droids and Kindles. Consider the level of customer interaction with The Daily — the first iPad-only newspaper. It is so radically different from any previous newspaper interaction that it defies comparison. That typifies the benefits that should result from full convergence.
Where does security technology convergence stand? The security industry is still trying to get its “same cable” act together, and has hardly scratched the surface on “interaction.”
For more insight into some of the “same cable” problems, download the report “Convergent Security Risks in Physical Security Systems and IT Infrastructures” from the Alliance for Enterprise Security Risk Management (AESRM) at www.aesrm.org.
The second type of security convergence is organizational convergence, which involves eliminating organizational silos that keep security functions walled off from the rest of the organization in critical ways, and in particular between IT security and physical security. For example, consider information protection. Physical security protects information; IT security protects information. But to the organization, it is all “information protection,” and that is the business focus.
Few organizations have an overall “information protection” plan that is focused on the critical information assets and includes physical, electronic (IT) and human knowledge aspects. Instead, most companies have separate physical security, IT security, privacy protection and other plans — they are rarely synchronized, and they are often not covered by a single change management process to update security planning where assets require protection from more than one area.