New research out from Honeywell Labs looks at the convergence of security operations, and the lesson for firms is that converged security can create business benefits.

In the research, titled "Enterprise Threat Management and Security Convergence: A Benchmarking Study," researchers surveyed more than 50 CIOs, CSOs and CISOs from U.S.-based global companies that have revenues of between $1 billion and $100 billion.

The respondents were high-level employees at the types of companies where you would expect to see a fairly strong element of convergence, said Honeywell's Marketing Manager Peter Fehl, who was one of the drivers of the research. However, Fehl said he was somewhat surprised by the numbers, which indicated that only 63 percent of the companies had some sort of "formal convergence mechanism".

And although not every company at this level had convergence mechanisms in place, some of the companies had gone so far as to fully integrate the information security and physical security concerns. According to the Honeywell research, 10 percent of the firms ran the two functions "as one entity" within the company.

Ivan Hurtt, the product marketing manager for Identity and Security Solutions at Novell, said that regulations like HIPAA and Sarbanes-Oxley had made many companies very aware of the importance of converged security.

"Take for example, an employee who was a CFO, but who is now working in a different aspect in the organization," said Hurtt, whose company has worked with Honeywell to deliver converged, role-based access control for network and physical facility users. "You may need to now restrict what data he or she has access to, and maybe even restrict what rooms or offices that person can access now."

Hurtt added that converging security could tell a company if global rules were being broken, such as if a company employee badged into a building in Texas and then logged onto a company computer located at the Michigan office. Converging at that level, said Hurtt, was about bring together a comprehensive security plan and coordinated identity management. Those two tasks, said Fehl and Hurtt, are a relatively new task at companies, and yet are tasks that are vital to convergence.