IT departments are no strangers to turf wars, but is the one shaping up between those overseeing computer networks and those in charge of physical security about to get really ugly?
Unlike past tussles between say, voice and data communications teams, the contest between IT security and those involved in everything from fire alarms to video surveillance to door-lock access controls tends to involve people who might never have had any reason to cross each other's paths.
Converging physical and logical security: A good idea or not?
"It typically takes a C-level executive to force these organizations to work together," says Tom Flynn, director of marketing in North America for smart-card maker Gemalto. "The fact is there are different entities in a corporation for physical and logical security… We see turf wars happening."
Merging physical and logical security is seen by advocates as a cost-saving step and a natural evolution for facilities maintenance and guard operations, where door-access equipment and video cameras are increasingly IP-enabled, and a smart card-based badge could be used by employees to access both buildings and computers. But resistance to convergence runs deep among traditional physical security managers, who are wary of IT departments taking control. And even IT security experts voice concerns that it's risky, with some strongly opposed to the idea of physical security operations, such as video surveillance streams, riding on the same IP corporate network as the rest of the business.
"Physical security has been about closed systems, but with the move to IP-based systems and connecting campuses there's the need to have the IT and security department involved," says Steve Russo, director of security and privacy technology at IBM's global technology services group. He says there can be advantages in integrating physical security with logical and transactional systems to give management a better picture of what's occurring, especially in retailing. And although network capacity is a concern, it's possible to share an IP network for logical and physical security, he suggests.
"Is there a risk associated with combining it? Absolutely," Russo acknowledges. But he adds: "The logical-security people are looking at threats to the environment. And where we see the interesting spark is that they can take information about physical events and turn it into operational use."
But there's often a cultural rift existing between the physical security department for facilities management, with their isolated closed networks, and the IT department with its systems administrators and security specialists trying to keep scores of Internet-accessing computers and applications running safely.
"With IP-based access control, the 'turf wars' tend to be marginalized once the IT folks realize that a system like ISONAS' PowerNet reader is actually a network appliance," says Steve Rice, Vice President of Sales and Marketing for Colorado based ISONAS Security Systems. "It demands little in the way of network capacity, resources to install and can be supported like any other IP device. The benefits of integrated video, access control and/or other building control systems include a combination of additional detailed information available from a set of closely integrated functionalities (ex. have a picture of personnel involved in an entry event plus network confirmation of the credential information timed exactly to the video feed) as well as the simplicity of dividing what functionality to integrate on a customer by customer basis. This is due to the relative ease of integration with a true network software-based system. So the physical security requirements are met with a minimum of IT resource."
These differences in viewpoint are often heard in the physical-logical security convergence debates. But one of the most ardent advocates for convergence might be Ray O'Hara, executive vice president of international operations, consulting and investigations at Andrews International, which is in the traditional physical security business of "guns, gates and guards," as he puts it.
"The traditional security person and the cyber-security side are both hands-on and doing things for the betterment of the organization," says O'Hara, who recently became president of the board of directors of ASIS International, an organization for security professionals.
But today the physical-security technologies are evolving to the point where "the traditional people need help from the IT people," O'Hara says. There is often discord and mistrust between the physical and logical security divisions. But that needs to be overcome by possibly combining reporting structures so they can more easily collaborate or by setting up a "risk council" to have regular discussions with business managers, he suggests.
IBM's Russo says protocol issues point to the need for standardized compression techniques and transport in physical-security equipment, as well as standard XML-based definitions so that important meta-data can be shared. "Physical security is transitional right now," Russo says, pointing to both the Physical Security Interoperability Alliance and OASIS as organizations trying to further interoperability standards that would add convergence and make it worthwhile.
But to date, Flynn says he is only aware of a handful of large enterprises in the oil-and-gas industry, such as Chevron and Exxon, and pharmaceutical giants such as Pfizer, that have adopted converged smart cards for physical and logical security.
Unlike past tussles between say, voice and data communications teams, the contest between IT security and those involved in everything from fire alarms to video surveillance to door-lock access controls tends to involve people who might never have had any reason to cross each other's paths.
Converging physical and logical security: A good idea or not?
"It typically takes a C-level executive to force these organizations to work together," says Tom Flynn, director of marketing in North America for smart-card maker Gemalto. "The fact is there are different entities in a corporation for physical and logical security… We see turf wars happening."
Merging physical and logical security is seen by advocates as a cost-saving step and a natural evolution for facilities maintenance and guard operations, where door-access equipment and video cameras are increasingly IP-enabled, and a smart card-based badge could be used by employees to access both buildings and computers. But resistance to convergence runs deep among traditional physical security managers, who are wary of IT departments taking control. And even IT security experts voice concerns that it's risky, with some strongly opposed to the idea of physical security operations, such as video surveillance streams, riding on the same IP corporate network as the rest of the business.
"Physical security has been about closed systems, but with the move to IP-based systems and connecting campuses there's the need to have the IT and security department involved," says Steve Russo, director of security and privacy technology at IBM's global technology services group. He says there can be advantages in integrating physical security with logical and transactional systems to give management a better picture of what's occurring, especially in retailing. And although network capacity is a concern, it's possible to share an IP network for logical and physical security, he suggests.
"Is there a risk associated with combining it? Absolutely," Russo acknowledges. But he adds: "The logical-security people are looking at threats to the environment. And where we see the interesting spark is that they can take information about physical events and turn it into operational use."
But there's often a cultural rift existing between the physical security department for facilities management, with their isolated closed networks, and the IT department with its systems administrators and security specialists trying to keep scores of Internet-accessing computers and applications running safely.
"With IP-based access control, the 'turf wars' tend to be marginalized once the IT folks realize that a system like ISONAS' PowerNet reader is actually a network appliance," says Steve Rice, Vice President of Sales and Marketing for Colorado based ISONAS Security Systems. "It demands little in the way of network capacity, resources to install and can be supported like any other IP device. The benefits of integrated video, access control and/or other building control systems include a combination of additional detailed information available from a set of closely integrated functionalities (ex. have a picture of personnel involved in an entry event plus network confirmation of the credential information timed exactly to the video feed) as well as the simplicity of dividing what functionality to integrate on a customer by customer basis. This is due to the relative ease of integration with a true network software-based system. So the physical security requirements are met with a minimum of IT resource."
These differences in viewpoint are often heard in the physical-logical security convergence debates. But one of the most ardent advocates for convergence might be Ray O'Hara, executive vice president of international operations, consulting and investigations at Andrews International, which is in the traditional physical security business of "guns, gates and guards," as he puts it.
"The traditional security person and the cyber-security side are both hands-on and doing things for the betterment of the organization," says O'Hara, who recently became president of the board of directors of ASIS International, an organization for security professionals.
But today the physical-security technologies are evolving to the point where "the traditional people need help from the IT people," O'Hara says. There is often discord and mistrust between the physical and logical security divisions. But that needs to be overcome by possibly combining reporting structures so they can more easily collaborate or by setting up a "risk council" to have regular discussions with business managers, he suggests.
IBM's Russo says protocol issues point to the need for standardized compression techniques and transport in physical-security equipment, as well as standard XML-based definitions so that important meta-data can be shared. "Physical security is transitional right now," Russo says, pointing to both the Physical Security Interoperability Alliance and OASIS as organizations trying to further interoperability standards that would add convergence and make it worthwhile.
But to date, Flynn says he is only aware of a handful of large enterprises in the oil-and-gas industry, such as Chevron and Exxon, and pharmaceutical giants such as Pfizer, that have adopted converged smart cards for physical and logical security.
No comments:
Post a Comment