A New Day for Business Security

Converging IT and physical security at the impetus of tighter controls, more compliance


It might not seem as if a building security guard and a network administrator have much in common. But they do--and the distinction between the two is blurring more every day.

It's true that the people who control building access from security desks and those securing computer networks both watch traffic and walk perimeters to safeguard an organization's assets. But now, technology, tighter security controls, federal regulations and potential cost benefits are bringing the two traditionally separate worlds together--and the convergence is driving industry alliances that may have seemed unusual in the past.

Oracle, for example, has partnered with Honeywell and Lenel to make its identity and access-manager software work with the physical access systems sold by those companies. A similar announcement from Novell and Honeywell is expected in coming weeks.

"It used to be the guns, gates and guards versus the bit chasers and the hacker trackers," said Howard Schmidt, president of the Information Systems Security Association, an international group of IT security professionals. "Technology has fundamentally changed the way all those groups do business. We're much more united today than in the past."

Unifying technologies include network-connected surveillance cameras and mechanisms to control building access that tie into the same systems used to grant network access, said Schmidt, a security consultant who has served as cybersecurity adviser to the White House and ksecurity executive at Microsoft and eBay.

"We're seeing the technologies that used to be restricted to physical space--the cameras, the alarm systems, the card readers--all of which were unique to a hard-wired analog environment, moving into an IP-based digital system," Schmidt said. The Internet Protocol, or IP, is used to connect computers on modern networks.

Software can catch what the human eye might not, such as somebody sneaking into a building behind another person who just swiped a security badge. Also, a single system for credentials can replace multiple access systems and passwords. One badge, or smart card, could be used to enter buildings, log on to networks and buy lunch in the campus cafeteria.

Removing security silos

"It is all about removing the silos around security," said Wynn White, vice president of security and management products at Oracle. Many software applications already let users sign on with a single password--the integration of physical and logical security takes that several steps further, he said.

Through integration, organizations will get a better view of their overall security, said Geoffrey Turner, an analyst at Forrester Research. "You now are able to follow through in securing both tangible and intangible assets," he said. Ultimately, this should provide more security for employees, as well.

One benefit: instead of discovering that an employee who left a company months ago still has an e-mail address or building access, access to all resources can be severed with a single action, White said.

Aside from technology and demand for tighter controls, the convergence is being driven by regulation. Homeland Security Presidential Directive 12, issued in 2004, includes a requirement for automated and secure user credentialing at federal agencies. As a result, the government is leading the move, but the private sector is close behind, according to Turner.

This content continues onto the next page...