The lesson? No matter how bulletproof your IT security is, how up-to-date your patches and hotfixes, if someone can walk in and take a laptop your data and your network are not safe. The problem, then, becomes not only a matter of physical or network security, but how well these two work together. A converged security strategy considers both IT and physical security.
IT and physical security have traditionally existed as separate departments and separate cost centers. However, as budgets tighten and risks increase, many companies are integrating the two in order to better achieve the shared goal of both departments — protecting the enterprise.
Why is convergence a trend now? First, there's pressure from customers, regulations and the media to tighten up security gaps. From the millions of veterans and their relatives to the nearly 200,000 HP employees in a Fidelity plan whose data was lost, it's easy to find examples of embarrassing and costly losses that might have been prevented by better integration between IT and physical security departments. In 2006, a few of the many incidents of laptop theft resulted in the release of personal information from more than 540,000 N.Y. state workers, 4,600 ROTC scholarship applicants, 13,000 Washington, D.C. ING retirement plan participants, 2,500 Equifax employees, and 17,000 patients of Mount St. Mary's Hospital in Buffalo, N.Y. An average of nearly one incident of data theft is added each day to Attrition.org, a database that keeps track of such events.
Thankfully, both the physical security industry and the IT industry seem to be welcoming the convergence of their industries with open arms. Dramatic improvements in physical security are being driven by innovation formerly reserved for IT.
IT giants like Cisco, IBM, Oracle, EMC and HP are allotting massive budgets to entering the physical security space and are using their roots in computing to improve security. Technologies like enterprise platforms, centralized management, search engines and networking are being applied to the physical security world. Meanwhile, physical security companies are developing smart security systems that treat surveillance video as data, and that integrate easily within existing IT networks. These smart surveillance systems increase overall security by integrating with applications like access control, transaction systems, external data sources like watch lists, as well as analytics, from face recognition to motion and character recognition.
Smart physical security systems are leveraging IT security lessons to dramatically improve overall security. The best physical security systems conform to industry-leading information security baselines and pose equal or lesser risk than alternative appliances or workstations on the market. The architecture of these products enforces strict avoidance of components or applications that present security risks and constant utilization of proprietary protocols that maximize the difficulty of intruder access. Today's systems generally require only one open port for network communication.
In the near future, I think we'll all be looking back at when convergence was a buzz word and wondering why IT and physical security were ever thought of as separate. In the meantime, IT and security managers already have a selection of products that address both needs, and work together to protect all enterprise assets to improve operations and management, and dramatically increase system and personnel efficiency.
- Tim Ross is the co-founder and EVP of 3VR Security.