printer friendly version

The growing trend for security convergence

Growing numbers of organisations are recognising the natural economies of scale and operational efficiencies available when physical security teams work with similar, complementary IT security groups.

Historically, physical security vendors sold their products only to physical security departments, sometimes known as the corporate security, campus security, or simply facilities departments.

Meanwhile, IT security vendors targeted IT security departments, the CIO, and the occasional business unit manager. The two markets have always been almost entirely segregated. But now the lines of demarcation are blurring, and customers are inviting vendors from both sides to work together.

Security is no longer performed quietly in the basement of the building, away from the cares of business managers. Now, security plays an instrumental role in compliance with regulations, protection of personal information, and enabling many business processes. Therefore, business managers are looking for ways to have better security while also cutting costs and finding economies of scale. One way that this can be achieved is by converging IT security with overlapping corporate or physical security functions:

* Consolidate credentials for IT and physical access onto a single card. A smartcard can serve as an ID badge for building access and can also store IT credentials like passwords and digital certificates. Standardising on a single card may save costs and improve security.

* Connect the processes for granting and revoking building and IT access. Linking the processes for managing employees' IT access rights with those for managing their building access will get people productive quicker and will improve security by ensuring that all necessary revocations take place when appropriate.

* Correlate security events across the physical and IT realms. Security event management systems, presently used to monitor and respond to IT-related events, should incorporate events from physical security systems. An alert should trigger if, for example, the VPN (virtual private network) signals an employee logging in remotely while the badging system indicates that he is inside the corporate office.

* Unify the auditing of physical and IT rights and events. By assessing authentication and authorisation processes and controls across IT and physical facilities, organisations will find many opportunities for improved efficiencies and security.

End-user organisations can save money by streamlining historically disparate security projects. It is predicted that the convergence market will grow rapidly during the next five years as enterprise risk management points more companies to greater security efficiencies and effectiveness.

Share this article:

Further reading: