IT departments and physical security departments at corporations must learn to work together and coordinate their efforts, because computer security and conventional security are getting increasingly and irreversibly intertwined, speakers at a security conference said this week.
Manufacturers of both IT and physical security products also need to pay attention to this trend or risk losing deals, and they particularly need to avoid squabbling with one another over technology standards and product interoperability, speakers said at General Electric's GE Security Conference & Workshop.
As physical and computer security fuse, customers will be looking for integrators and manufacturers that can deliver cohesive security platforms, they said.
"We don't know whose turf is going to be taken away from whom, but what we do know is, the convergence of these two areas is inevitable," said Jeffrey Kessler, a financial analyst at Lehman Brothers. "The convergence of IT and physical security functions is a given at this point in time."
At Lehman, the heads of security are IT savvy and work closely with the IT department, a collaboration that is yielding a pilot biometrics program for controlling physical access to facilities of the New York-based financial services company, Kessler said. "We're doing this because these [security] guys understand IT and they're able to work with the IT guys," he said.
A common thread that unites IT and conventional security personnel is information management, said Francis Taylor, GE's chief security officer (CSO).
"Since the IT revolution began, security and investigations and law enforcement are all in the same business: the business of information, of managing information to take action that prevents bad things from happening," Taylor said.
Consequently, one of the first things he did when he was appointed GE's CSO was to reach out to the IT department, because lack of cooperation and communication between the two groups in a company can have detrimental effects, Taylor said.
"I invited our IT security leader to my office shortly after coming on board, and she said: 'Why am I here?' I said: 'Because as chief security officer, I recognize that within our company you and I must be partners,'" he said.
"It's not a turf battle. It's not something I'm trying to take away from the IT group. But our company rides and lives on IT security, and if our programs aren't congruent, the company suffers," Taylor added.