At the recent Securing New Ground conference in New York, there was much discussion on the topic of convergence between physical security and IT. Several comments were made during the conference that provided ample food for thought.
The "C" Word
I noted that everyone was so sensitive to overusing the word convergence that they almost always apologized for using it and would often substitute "the C-word" in lieu of actually saying it. The second thing I noticed was that while everyone was talking about convergence -- and clearly this is still the hottest buzzword in the industry -- there was virtually no consensus on what convergence actually means.
Some stated that convergence between physical security and IT was simply the use of networks and IP for communication between physical security devices. Others contended that convergence had more to do with the integration of physical access control and logical access control. For example, if you don't badge into the building, you can't sign onto your computer.
While opinions vary, the fact is that roles are changing as more and more physical security devices are being designed to make use of the networks that IT professionals are responsible for maintaining. And as physical security practitioners and the IT community are increasingly thrust into the others' domains, the relationship between them has been somewhat strained. In some instances that relationship has deteriorated to such a point where it would be fair to call it adversarial.
Asking More of the IT Professional?
Much of the IT community has been reluctant to work with physical security integrators or practitioners due to their lack of understanding of how networks operate. IT professionals have also been reluctant to take on the additional responsibility of physical security because the historic role of the IT manager has been to keep the network safe from undesirable influences, both from inside and outside, while ensuring the integrity of the data necessary for their company's core business practices. While most physical security devices are now designed to make use of the IT network, many of these devices have a dramatic, and not always positive, impact on the overall performance of the network for which the IT managers are then held accountable. Some IT professionals would argue that they are already overworked and underappreciated-why saddle them with even more responsibility?
Security: From Reluctance to Cooperation
Similarly, security practitioners have been reluctant to share network space with the IT group. A common practice of security integrators is to build private or even "standalone" networks for physical security in an effort to have total control over the reliability of the communication and functionality of the physical security equipment. Security practitioners express concern that network downtime for maintenance or upgrades would leave them vulnerable and unable to fulfill their duties.
Despite their reluctance, security integrators are finding that they must become more knowledgeable about the IT space and work with the IT groups in order to remain competitive in the marketplace. Many structured cabling and data contractors are now bundling physical security as an additional offering in direct competition with the security contractor.
As these trends continue, we are now starting to see the physical security and IT communities truly starting to work together as they become better educated about their counterpart's respective roles, responsibilities, and methodology.
I would define convergence between physical security and IT as two distinct groups working together for the protection of the assets their organization needs to be productive and efficient. With e-commerce dominating the global economy, it is easy to see how information is the asset that IT professionals are asked to protect. What everyone is now starting to understand is that the physical security professional has the same goals as IT.