“They’re so hard to work with!”
“It’s like they’re speaking a foreign language.”
“I want to work with them, but I just
don’t know how.”
“When I talk to them, I just don’t feel
like they’re taking me seriously.”
With the new convergence movement making its way through the security industry, there will probably be a time in the future where you, the security director, will need to work with the corporate IT department to deploy a new security solution. Hopefully, when you think about doing this, none of the thoughts above creep into your mind. But if one or two of them do, this article should help you to become more comfortable dealing with the corporate IT department.
Respecting Both Sides
When people think of an IT department, some stereotypes might come to mind: The young- to middle-aged men with pocket protectors, or maybe well-dressed guys in suits. Either way, you probably see them as people who guard the “mysterious company network” with the fervor of a bodyguard or a bouncer. The network that they are charged with protecting is what’s responsible for your company making money on a day-to-day basis. It could also be responsible for handling payroll, HR, Quality Assurance and Customer Service.
How many of us have been in a store or on the phone with technical support and been frustrated because their “network is down?” Losing business because of network failure is something that is not tolerated by companies or consumers. In this economic climate, not being able to do business because of network issues might mean that your customers will go to your competitors.
Thinking about all the things that could ride on a corporate network, is it really any surprise then, that an IT department would be so protective? Add to that the fact that if something did happen to the network, it would almost certainly be construed as the fault of the IT department — if for no other reason than for the fact that it is their job to manage it.
As a security director, you are undoubtedly aware of some of the new technology available. Whether you look at the access control market, the CCTV market or the intercom market, you will find a variety of devices that reside on a network. Perhaps you are even looking at the security systems in some of your facilities and realize it may be time for an upgrade. You can probably use some of this new technology — but it uses IP as its main form of transport.
That’s right, Internet Protocol. Whether you’re intimately familiar with it, or you’ve just heard about it, it’s obvious that in some way, shape or form, it requires a computer network to function. Thus, the security department must interface with the IT department to get it to function. This might strike fear in your heart, but let’s step back for a moment. The IT department ultimately has many of the same goals that the security director does — safety, security, privacy of information and ensuring that basic, day-to-day activities run smoothly.
If we start from the point of view that the security director and the IT director both have the same core set of desires, they should be able to work together effectively. The security director wants to know as much as possible about the employees and the visitors that populate the facility on a daily basis — those records are kept in access control databases, or perhaps with CCTV. An IT director will do much the same thing, but with a different set of tools. The IT department establishes rules for what activities will be allowed on the network — perhaps surfing the Web from a company computer is allowed, but installing a program is not. Much the same way, security professionals may institute procedures that enable company employees to come and go during business hours, but not during off-hours. Ultimately, both of these examples are procedures that are in place for the protection of the company or the business.
Working Together
The truth is, the IT and security professional are very similar in some ways, but vastly different in others. Communicating and working through those differences is key. If you are unable, or worse, unwilling to communicate your wants and needs, you may find that the IT department is reluctant to devote resources to your project. For example, putting 10 new IP cameras on your company network and recording them in a remote location may help security improve efficiency — getting the IT department to see that may not be so easy. Even if IT concedes that the cameras can help the organization, they may feel that there are not enough resources to accomplish the task. They may have questions — very technical questions that you may not know the answer to. Remember that it is acceptable to say that you don’t know the answer — just know how to find it.
The manufacturers themselves can be a resource. If you’re looking at installing a camera from Camera Company X and your IT director wants to know about bandwidth consumption, go back to the manufacturer to find out the answer. If you are unsure of the technology you need, but you know what you want to accomplish, an independent consultant can potentially solve the problems. An independent consultant works with you to determine what technology would be best, and they can handle IT meetings and any questions that could arise. A third option could be to use your security integrator, who often knows your current system very well and could advise you about equipment upgrades or replacement. You may want to consult as many people as possible — the more you ask, the more you’ll know.
The Security Network
Consultants and integrators often recommend an entirely separate, independent network for security devices. The idea is that by entirely segregating the security traffic, security will not have to interface with the IT department. In some cases, this is true; however, in most cases, the IT department is responsible for any and all networks in the facility. In these cases, if security built its own little network, the security director may be disappointed to know that it still falls under the management of the IT department. Be sure to ask how your company handles separate networks before making a decision to install an entirely new network.
When the IT department is responsible for a security network, many times they want to provide any devices that are common networks in general. For example, a network video management server will be placed on the network, and IT will want to additionally include on the network the operating system, the anti-virus software and all the peripherals. IT may want a qualified security integrator to install and maintain and Video Management Software, but the machine would remain as IT’s responsibility.
How does this help you? In the budget, for one, as there are times when those servers and any related computer hardware such as routers, switches and cabling could come out of the IT budget instead of security’s. Additionally, IT may maintain and troubleshoot this equipment on a hardware level, lowering the cost of any ongoing maintenance agreements that the security department might have with an integrator. Further, if there is a minor issue such as a lack of network connectivity or some computer hardware issue, a local IT professional can often respond to the issue much faster than a security integrator can. Ask the IT department about budgets and purchasing responsibilities before making purchasing commitments.
Don’t Be Afraid to Ask
Security does not want to give the IT department advice on running a network — and the IT department surely does not want to tell you how to run a security department. Both jobs are obviously different, and they both require experience that the other department doesn’t have.
When speaking with the IT department, if you don’t understand something, just say so. There’s no shame in not knowing, and at that point you can feel free to find the answers IT needs. If IT uses an acronym or an expression you are unfamiliar with, tell them. A security project that is going to reside on a network may take a long time to envision, design and build. Along the way there will be questions — and not knowing should not be a problem. Not wanting to know is what would be a problem. If you don’t address a security issue that concerns you and the department, someone else will — and you may not be so happy with the result.
Remember, in the long run, when a project is installed and finished, everyone still has to work together. We are all on the same team, with similar goals and desires — to complete a project in a reasonable amount of time and within a budget. If this can be accomplished, it will only be by working together.
Robert E. LaBella Jr. is a consultant at Aggleton and Associates Inc., a security consulting and systems design firm in the New York Metro area. During his career, Mr. LaBella has both designed and managed projects requiring larg- scale integration. He can be reached at [email protected].