Cisco's Rick Geiger on Converging Physical and IT Security

How security professionals can work together to broaden their impact

- Integration with IT systems - The job responsibility and location of each employee should correspond to a role. The role should determine most of the appropriate permissions for network and application access, building access, and access to high-security locations. Without integration, privileges and permissions are often assigned individually and tracked manually, creating a considerable administrative burden. When an employee's responsibilities change or employment is terminated, the human resources system can automatically trigger a change in the employee's privileges and permissions. The result is enhanced control with more consistent business policy enforcement.

- Event correlation and investigation - An incident occurs. Data is available immediately. Surveillance video is used efficiently. Access control entry and exit transactions are identified. IT transactions from point-of-sale or other application systems are identified as well. Records are retrieved for persons of interest. Confidential data is protected until regulatory and legal requirements are met, and it is made available at a forensic quality suitable for legal submission. The result is a faster response to, and resolution of, events, with enhanced productivity, all of which lowers the cost of security while reducing the financial and operational disruption to the business.

- Business continuity and emergency preparedness - Plans are created for recovery from fires, hurricanes, tornados, earthquakes, and other disasters. Collaboration is required to ensure that IT and physical security issues are an integral part of the plans. Code requirements dictate emergency exit requirements for fires or other emergencies. In the event of an attack, is the facility locked down? What implication does a lockdown have for the corporate network? What access, both physical and network, is provided to first responders? Do the disaster recovery backup facilities provide both IT and physical security capabilities? Greater collaboration ensures greater efficiency and organization.

The convergence of a business' security systems is not one-dimensional. It's more than just using an access control credential for computer login. It is an opportunity. An opportunity to be ambitious and to evolve business security in a collaborative, multilayered fashion that incorporates access control, video surveillance, IP networking, and more into one powerful security infrastructure. Convergence is an opportunity for applying IT technology and processes to physical security, and applying physical security planning, analysis, and event response to IT. It creates an opportunity to use the strengths of two teams to forge one coordinated unit that protects all areas of a business.

But most of all, convergence is an opportunity for physical security and IT to work together for the betterment of both departments, and, in turn, for the betterment of the businesses they are enlisted to protect.

About the author: Rick Geiger is the director of engineering for Cisco Systems’ CSIBU. Prior to joining Cisco, Rick was the vice president of engineering for GE Security, and before GE was the vice president of engineering with Interlogix. He was also CTO of Itron, responsible for developing wide-area wireless networks for utility telemetry and SCADA systems, and is a senior member of IEEE.