As Dave Tyson, the CSO for the City of Vancouver, noted during the roundtable, part of what it takes for IT and physical security folks to talk is to stop thinking in terms of their disciplines and to speak a common language.
"The common language has to be business risk," he says. "For the most part, the physical security guys don't speak techie; they talk about gates, and access control and guards. The tech guys, on the other hand, are talking about malware, packets, frame rates, networking intrusion. They have to each lose their unique language and speak together in the common language of risk."
After a quick break to peruse the small, but vibrant exhibit hall, we were back at 11:15 with Ray Bernard to get his take on the world of convergence. Bernard's discussion illustrated two of the key points of convergence that all security persons should know:
1) It doesn't matter if the CSO comes from the IT or physical security side as long as they have leadership skills, can understand risk in a holistic manner and have the ability to sell the security program (IT or physical) to the company's executives.
2) You're going to face bandwidth issues as we move to IP-based video. During most times of the day, the security system is sending no data, maybe 30k to announce a door has been opened by employee X, but really nothing is being shipped over the network. Then you have an incident and bandwidth is blown out because everyone from the Grand Poobah to HR to public relations to the guards to the facility manager to the managers in the company's area affected by the incident is trying to access this video at once.
We headed out to lunch (or actually, to a roundtable discussion of high-level CISOs and CSOs where there really was no lunch), but we got some interesting takes on people's challenges.
Back from the lunch hour, the convergence track of SecureWorld saw a visit from Clara Conti, the CEO for IPIX Corporation. For those of you who still remember IPIX from its days as a virtual real estate tour, you're on the right track for this company, but they're doing so much more since Conti came aboard. The 360-view is now being coupled with higher-resolution cameras (2 megapixels now, and 3 megapixels are right around the corner) and has been used for some high-profile security events, including the last presidential inauguration.
Conti brought attendees up to speed on IP camera technology and video analytics and discussed issues such as approval of digital images for court. The session actually had a great discussion about what the "uncertified" nature of digital images means in terms of adding an extra legal step or two to the court process. It was clear from a number of people in the room, that IT personnel are willing to take security into their own hands to secure IT assets that are going unprotected. Whether this was an indication that some companies are developing IT security staff long before they even think of needing a physical security staff member, or whether it shows the continued disconnect between IT and physical security, it's hard to say. One thing's for sure - if IT starts to play with what are traditionally considered physical security devices, and if physical security staff want to put their devices on the network, then convergence will have to happen.
Tomorrow (Thursday) we're going to hear more on these subjects, check back for a report on Thursday's session in my weekly wrap-up e-newsletter that we send out on Fridays.