Today we check in with you from Seattle, where we have just wrapped up the Wednesday portion of the SecureWorld Expo conference. Security Technology & Design Editor Steve Lasky and I made our way out here to be a part of the security convergence portion of this mobile conference series.
If you're in the world of physical security - the world of gates, guns and guards - the SecureWorld Expo might not have blinked onto your radar screen until recently. That's partly because this is a fairly new expo series (it certainly doesn't have the years of history that a show like ASIS or the ISC shows have), but also because it really is being driven by the IT side of the world.
In fact, easily nine out of every 10 persons here at the conference come from the "geek" side of the business rather than the "guard" side. That's really no surprise, since most of the conference tracks are decidedly IT security focused on such topics as network user identity management, web-based risks, network access control and a variety of stuff that is - at its core - just what you do, but based on the Internet.
SecureWorld Expo brought on the Convergence track, which is put together by ST&D magazine and sponsored by a few companies that known convergence well - Bosch, IPIX and HID. As many of our attendees shared, the convergence track at an IT security conference made sense because physical and IT security staffs are starting to work together in the "real world" - so why not get them together at a conference, too?
That was the goal, and it works, as Steve and the folks at SecureWorld are keenly aware.
In our first session of the morning, Steve and I headed up to room 408 of Bellevue, Washington's Meydenbauer Center (the offices of Microsoft are close by to us, and Microsoft's CISO Karen Worstell was the day's keynote speaker) and were joined by panelists from The Municipal Court of Seattle, the City of Vancouver, as well as industry convergence consultants Ray Bernard, PSP (a contributor to both ST&D and to SecurityInfoWatch.com) and Fred Zagurski, CPP, who knows his way around a converged system quite well, too.
Russ McRee, who is on the IT end of the stick at the Municipal Court of Seattle as the "information security architect", explains what happened for convergence at his operations:
"We were asking, 'Can we share technology? Can we convince them that at least there is room for cooperation?' We were wondering whether a single leader could successfully guide both disciplines," says McRee, whose IT department was facing up with a very police centric, inmate-focused security department.
"And then we had some incidents where intruders came in and were attacking us from the public kiosks, trying to create attacks on the system," McRee continues. "What we found was that we had no written standard of what happens when people violate both physical and IT security standards, so we started to work together to develop those standards. Now that we've done that, everybody knows the others concerns and knows how to get in touch when they have questions or concerns."
In the Q&A of our first session, we heard from audience attendees who had developed IT and physical security projects that had convergence written all over them. One that was specifically mentioned was an entirely wireless-driven management system for a correctional facility that pushed out access control info, inmate data and other management controls directly to PDAs of staff members walking the halls. We heard from companies that "converged" missions only when they realized that it was going to take a collaborative effort to secure their server rooms, and from others who had simply started talking when the physical security staff asked the IT staff about putting IP-based cameras out on the network.