Are your IT security and physical security teams working well together?

Share this article:

The lesson? No matter how bulletproof your IT security is, how up-to-date your patches and hotfixes, if someone can walk in and take a laptop your data and your network are not safe. The problem, then, becomes not only a matter of physical or network security, but how well these two work together. A converged security strategy considers both IT and physical security.

IT and physical security have traditionally existed as separate departments and separate cost centers. However, as budgets tighten and risks increase, many companies are integrating the two in order to better achieve the shared goal of both departments — protecting the enterprise.

Why is convergence a trend now? First, there's pressure from customers, regulations and the media to tighten up security gaps. From the millions of veterans and their relatives to the nearly 200,000 HP employees in a Fidelity plan whose data was lost, it's easy to find examples of embarrassing and costly losses that might have been prevented by better integration between IT and physical security departments. In 2006, a few of the many incidents of laptop theft resulted in the release of personal information from more than 540,000 N.Y. state workers, 4,600 ROTC scholarship applicants, 13,000 Washington, D.C. ING retirement plan participants, 2,500 Equifax employees, and 17,000 patients of Mount St. Mary's Hospital in Buffalo, N.Y. An average of nearly one incident of data theft is added each day to Attrition.org, a database that keeps track of such events.

Thankfully, both the physical security industry and the IT industry seem to be welcoming the convergence of their industries with open arms. Dramatic improvements in physical security are being driven by innovation formerly reserved for IT.

IT giants like Cisco, IBM, Oracle, EMC and HP are allotting massive budgets to entering the physical security space and are using their roots in computing to improve security. Technologies like enterprise platforms, centralized management, search engines and networking are being applied to the physical security world. Meanwhile, physical security companies are developing smart security systems that treat surveillance video as data, and that integrate easily within existing IT networks. These smart surveillance systems increase overall security by integrating with applications like access control, transaction systems, external data sources like watch lists, as well as analytics, from face recognition to motion and character recognition.

Smart physical security systems are leveraging IT security lessons to dramatically improve overall security. The best physical security systems conform to industry-leading information security baselines and pose equal or lesser risk than alternative appliances or workstations on the market. The architecture of these products enforces strict avoidance of components or applications that present security risks and constant utilization of proprietary protocols that maximize the difficulty of intruder access. Today's systems generally require only one open port for network communication.

In the near future, I think we'll all be looking back at when convergence was a buzz word and wondering why IT and physical security were ever thought of as separate. In the meantime, IT and security managers already have a selection of products that address both needs, and work together to protect all enterprise assets to improve operations and management, and dramatically increase system and personnel efficiency.

- Tim Ross is the co-founder and EVP of 3VR Security.

Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you ...

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.