Much has been written over these past few years on the topic of convergence, and I would guess that, if you were to ask ten people in the security industry what convergence means, you’d get a like number of differing answers. So, when I sat down to write about technologies driving convergence, I really wanted to start off with a clear statement of what’s being driven and why.
I prefer to take the broad view and look at convergence as the blending and sharing of information across the enterprise for the greater good, enabled in large part by network technology and permitted, if not promoted, by the various stakeholders. This is not just about IT and security, or putting security on the corporate network — it embraces any department or system whose information can interact, inter-relate or affect the business.
Security can and should be a strong participant in the convergence process, and it goes way beyond putting video, access, control and intrusion on the network. Convergence will be a magnet for security for two main reasons: risk management and business value. At the end of the day, that’s what matters.
Risk management encompasses people, physical property and assets, and information. People need to be safe and productive, and their information and access — including that enabled by their mobile devices — must be secured. Of particular interest are those executives and employees traveling who are disconnected from the security coverage at home base. Technology from TranSecur, recently acquired by NC4, provides predictive intelligence, analyzing global situations and events for localized impacts. NC4 provides broad-based situational awareness, external, yet relevant to their customers.
Physical property and assets on corporate premises have always been a main focus of the Security Department, but supply chain integrity and the security of goods in transit — both inbound and outbound — have received less attention. Loss or damage to critical shipments affects operations, customer satisfaction, and, ultimately the bottom line. FreightWatch Intl., for example, has designed services to help monitor and control these risks.
When you combine externally-driven information with that generated by building systems, H.R., traditional security and other internal systems, the challenge becomes filtering, managing, and acting on it. Situational awareness aggregation systems, such as Immix from SureView Systems, have been designed to give security personnel the tools to meet such challenges. By looking at an organization’s operations as holistically as possible, i.e., in a converged way, the overall risk profile is reduced.
Now, extend the concept to information and network security. Secure networks and information are a must for every part of an organization, and physical security has a stake. Physical security requires a secure, robust network infrastructure; and the organization needs equipment, procedures and policies to prevent physical intrusions on the network.
Because of the myriad of threats which exist, “Defense in Depth” is a must. Two of the newer potentials for vulnerability exist in cloud services and BYOD (Bring Your Own Device). Both areas touch traditional security and the rest of the organization. While the cloud and BYOD bring enhanced utility, efficiency, capability and productivity, if left unmanaged or uncovered by inadequate policies, gaping holes in the organization’s armor may develop. Doors unsecured, networks compromised, building systems run amok... only a unified, converged approach can adequately mitigate these risks.
Risk matters to an organization’s management because it directly effects the organizational value to stakeholders. Reduction in risk not only improves margins by reducing expenses (loss, penalties, shipping, insurance, etc.) throughout, but it also integrates security into the fabric of the company’s operations.