The Convergence of Physical Security & IT

The convergence of physical security technology and information technology, and its impact on security and IT departments.

Security Systems and Networks

Two decades ago there were no corporate PC networks. Physical security functions were performed by separate equipment systems, each functioning independently - access control (mainly used for parking), alarm monitoring and CCTV cameras.

For the most part the access control systems and alarm systems ran unattended - there was no PC or terminal to interact with. Access control programs were managed by the personnel department and alarm notification went to an off-site alarm monitoring company or security guard service. Management information systems (MIS) departments had little or no interaction with security. Thus when PC networking was introduced to physical security systems, it was done independently of MIS concerns.

In the general corporate realm, PCs first proliferated as non-networked computers, which were rarely under MIS management. As network applications such as e-mail matured, corporate PCs were put onto the corporate network and moved under the umbrella of MIS (now IT) departments. Security systems were installed by vendors who were contractually responsible for keeping the systems fully functional on a constant basis. The vendors preferred installing and maintaining the security networks themselves, so they would have complete control over that for which they were held responsible.

For most security departments, the initial attempt at involving the MIS department in security system issues occurred when the first computer-based security systems were being purchased. Usually, the security department personnel were unfamiliar with the terminology in the computer portions of the specifications, so they asked MIS to review them and comment.

In most such circumstances, the computer portions of the specifications contained errors or omissions that were unacceptable (and sometimes shocking) to MIS, which out of concern often reacted by trying to hijack the approval process, at least for the computer-related aspects of the purchase.

Due to the technology language barriers and MIS's unfamiliarity with the typically small requirements of security system computers at that time, more often than not MIS and security would clash over issues involving the computerized system. When that happened, both security and the vendors regretted having invited MIS to the table.

For many organizations this initial experience served to make security gun-shy about involving MIS in security system projects. The non-involvement of MIS/IT continued until recent times. With the emergence of enterprise-class security systems that could interconnect multiple facilities in different cities and even different countries, interconnections had to rely upon corporate- and Telco (telephone company)-based wide-area networks (WANs).

The expansion of video camera usage beyond security and into the domain of corporate operations meant that there were valid business cases for connecting security networks to corporate networks, even for local-area networked (LAN) systems. Putting a security network over the corporate network backbone, or connecting the security network to the business network, meant that IT had to be involved.

Security & Business Internetworking Scenarios

Several factors will determine what internetworking issues will have to be dealt with in security projects. These factors include the size of the security network, the nature of the security system functions that are being networked, and the nature of the business network that will host security network connections.

There is a wide range of possible internetworking scenarios for any facility. The picture is simplest when there is a single security LAN and a single business LAN, with no internetworking between them, as shown in Figure 1. A slightly more complex model involves a single security LAN and single business LAN with internetworking.

This content continues onto the next page...