Best practices for unified security

When considering deployment of a converged physical and IT security system, enterprises should consider advice from industry experts

*Have a clear, strategic plan — including goals and expectations for deployment — developed with broad participation from multiple constituencies.

*Develop a clear set of corporate policies — monitoring, privacy, response, archiving, and so on — to guide your deployment.

*Have an enterprisewide process in place, not just the technology, to handle identity and credential management.

*Clearly define the process for how the IT security and physical security teams will work together on incident response.

*Make conscious trade-offs between user convenience and authentication strength, matching the level of security with the level of risk. Use multifactor authentication where possible.

*Use your chosen authentication methods, such as smart cards, across as many applications as possible to get the maximum cost leverage.

*Centralize credential management and identity provisioning. Link the identity management system to your HR systems.

*Make sure all new physical security infrastructure complies with standards and IP protocols.

*Build a long-term business case for deployment, and structure long-term vendor contracts, including maintenance and upgrades.