One of the biggest industry trends over the last decade as more and more security devices have been brought onto the corporate network, is the convergence of physical security with IT. Increasingly, physical security managers have had to work with their IT departments on the purchase and installation of security equipment, because many of these devices have a significant impact on an organization’s IT backbone.
These two sides of the house not always played well together. While the physical security executive wants to have all of the tools possible at his or her disposal to mitigate risks, the IT manager has to be concerned about how these devices interface with the network and the additional resources that will have to be devoted to bringing them online.
I recently spoke with Julian Lovelock, vice president of marketing at HID Global Identity Assurance, about trends in the convergence of physical and logical access and he believes that it just makes good business sense for workers to have a credential that not only provides secure access to a facility, but to data as well. "It’s a pretty logical extension to offer our customers an end-to-end solution that secures access to not just buildings, but computer systems as well," he says.
Though he feels the common access card (CAC) is the "poster child" for the manifestation of convergence for many people, Lovelock says that in a broader sense, convergence is about these two sides – IT and physical security – coming together to address security concerns throughout the enterprise. "Already you’re seeing convergence in terms of the planning and deployment of these systems with the IT department being heavily involved, where they weren’t five years ago," he says. "If you look at user management or identity management within an organization, increasingly the physical access control systems are relying on access directories which are the prerogative of the IT department – for the primary definition of a user."
When it comes to vertical markets that have been fast to embrace convergence, Lovelock says that that federal government is one of biggest with its issuance of nearly four million PIV cards, followed by healthcare facilities and the high-tech industry - both of which have their own unique circumstances that encourage convergence. Currently, Lovelock says there are three things driving the desire for converged solutions: Cost savings, end-user acceptance and compliance.
Barriers to Conquer
Despite an increased desire for convergence in specific markets, some integrators are still lagging in their knowledge of IT systems. Lovelock says that while most of the larger security integrators are comfortable working on installations that require a high degree of IT competence, many smaller integration firms have no interest in delving into the IT realm.
Perhaps the biggest obstacle to convergence, be it in access control, video surveillance or any other realm of security, is getting the physical security and IT department to merge their budgets for a common cause.
"You still see two different organizations within an end-user in terms of the physical access control guys and the IT security guys," Lovelock says. "As I’ve said, they are increasingly working together, but it’s really only in the more innovative companies - many of whom have a CISO position or a CSO position into which both of these teams report - that you see a willingness to pool budgets for a converged solution. It takes somebody within that organization that has a purview across both groups to drive that."
The challenge for organizations and the security industry as a whole is clear: Security cannot function separate from IT, nor can IT function separately from security. End-users and integrators have to realize that security departments and the tools they use no longer work in individual silos. This is easier said than done in an era of shrinking budgets and being asked to do more with less, but the goal of every department within an organization should be the same – to enable success.