The security industry is abuzz with talk of convergence: the melding of physical security with IT security. Security threats now come in many forms; the intruder at the door and the intruder sailing in over the Internet must both be kept out. Many security experts and IT leaders are finding that the pairing of physical security with IT security makes for a more formidable defense system. But what are the factors pushing this paradigm shift, and how can organizations gain from it?
Various Theories on Convergence
Theories abound about what is driving the move toward converging physical and IT security. Some trace its origins to the 9-11 tragedy, which made security a top priority.
Others say convergence is growing out of the development of new technologies, like the smart card. Embedded with an integrated circuit chip, this card provides not only memory capacity, but computational capability as well. Its ability to hold more and varied types of information makes its use for access control attractive to both IT and physical security. A 2004 report by the SANS Institute shows that the cards are gaining in use, particularly among large organizations. The report notes that smart card use is expected to grow from 14 million cards in 2002 to 36 million cards in 2006, a compound annual growth rate of 27 percent.
Another idea of a convergence driver centers on statutory requirements in certain industries, such as government, financial services and healthcare. The requirements are spelled out in regulations such as HIPAA (the Health Insurance Portability and Accountability Act of 1996) and Sarbanes-Oxley or PIPEDA (Personal Information Protection and Electronic Documents Act). These requirements mandate a certain level of data protection and privacy, and since data and privacy can be affected by a breach of physical or IT security, organizational leaders are finding it necessary to consider both avenues.
How Far Along Are We?
All the talk about convergence is definitely driving the introduction of new security products that allow easier network integration and enable more efficient sharing of data. Manufacturers recognize that nearly all facilities now incorporate extensive IT infrastructures, and in response have begun to release more products that use Internet protocol (IP) to communicate between devices. These products can operate on the same networks that companies use to run their business.
Opinions on the adoption of this technology are extremely varied. Some industry insiders say IP-based security products are just now beginning to be specified by customers and still represent only a small fraction of their business. Others say the need to network security systems into various aspects of a company's existing IT infrastructure is a heavily requested item. Growing interest in security-IT convergence also puts more emphasis on using open standards in product design. An open system can incorporate any component that is designed according to industry standards. This is important because it enables interoperability and integration with other systems.
The convergence movement, in fact, has prompted a group of security companies to form the Open Security Exchange, a group that plans to define best practices and promote vendor-neutral specifications for integrating security devices and services onto a company's IT network.
How Organizations Gain from Convergence
Higher levels of security, easier sharing of information and greater management efficiency are just a few of the reasons convergence is becoming an attractive option for many companies. One of the biggest boons to convergence has been the availability of DVR systems. The systems bring new capabilities not feasible with analog VCR monitoring, among them new management uses, remote video monitoring and networking capabilities.