Smytka: One of the things end users might do is get to know the IT professionals in their organizations. Moving to IP technologies is clearly going to involve the IT organization. The better the working relationship is, the more easily technology can be implemented. This will also get the IT professionals in the organization up to speed on the requirements of the security organization; so, as they plan for future IT expansion, the IP needs for the security organization are included.
Thompson: The transition to IP has already occurred in most security management systems connecting controllers to workstations, and workstations to each other â€¦. What remains is an IP connection to the reader. The benefits of IP-based readers lie in the integration of controller functionsâ€”putting the access decision at the door. The key for end-user preparation is to develop a long-term plan among their security staff and IT staff to manage applications, bandwidth, and support.
ST&D: Do you view enterprise-wide security as more than simply technology solutions? If so, how?
Adams: Enterprise-wide security is absolutely more than a simple technology solution. As the title indicates, enterprise-wide security is really the entire culture of business operations. Security technology has to integrate with the entire corporation; otherwise it's not meeting the new needs of the company and would be no different than their past practices. Enterprise-wide security platforms now play a vital role in ensuring higher business efficiency levels, while at the same time providing safer work environments. Some examples of this scenario would include video audits, employee level to production level data, unmanned delivery services, and other such uses.
Clark: Yes, definitely. First, technology has dramatically reduced but will never eliminate the human component in security. So the screening and training of security personnel remains critical to the system integrity.
Second, routine security standards can become lax over periods when there is no apparent risk, and that makes the system vulnerable. Examples include an employee who allows an innocent-looking non-employee through the door, failure to display photo ID badges properly, lax visitor logging, failure to change passwords on computer systems; and many others.
Peterson: A comprehensive enterprise-wide security program consists of a balanced mixture of people, policies, procedures and technology tools. It is easy to focus solely on technology solutions, without first considering what problems are being solved by technology; what risks does the technology present; does the technology fit the unique environment and culture of the enterprise; etc. Often the mistake is made to find a problem for a shiny new technology to solve. The responsible course of action is to define the business problem, and only then to identify which technology tools may be used as part of the total solution.
Smytka: GE Security views enterprise-wide security as much more than technology solutions. It is a holistic approach of combining logical and physical access systems and their associated processes. For example, consider the new-hire process for an organization with enterprise-wide security. The establishment of a user account for the new hire is linked to the new hire gaining access to facilities within the organization. As the role of an employee changes within an organization, logical access and physical access parameters may change (the employee may need to access more sensitive information or areas within the organization). Having the two systemsâ€”logical access and physical accessâ€”linked can improve data accuracy and reduce duplication of data within the organization and thereby reduce overall administrative costs.
ST&D: Do you see security convergence as a technology â€œbuzzwordâ€ or an evolving approach to enterprise-risk management?
Clark: Both. â€œConvergenceâ€ has become an abused attention-getter in security marketing, but real convergence remains one of the key elements of change in the industry.
Kosaka: Buzzwords are the descriptive forms of the applications or solutions. A word or phrase would not become the buzzword if it wasn't important. â€œConvergenceâ€ is another term that emphasizes the need for industry cooperation and standardization. For convergence to take place, product interfaces will need to evolve from proprietary to cooperative open standards. In the end, convergence will lead to more applications solutions and open the door for applications outside of the security community.