Computerworld - DALLAS – There is a growing need for companies to unify the management of IT and physical security functions, despite the challenges involved in doing so, said users and analysts at the ASIS International 2004 trade show here last week.
A closer integration of the two functions can yield significant cost benefits and improve an organization's ability to detect and respond to problems, said Lew Wagner, chief information security officer at Clarian Health in Indianapolis.
"You have enhanced responsiveness [to security incidents] because you don't have to worry about cross-coordinating your efforts," Wagner said.
The increased awareness and information sharing that are enabled by a more integrated security operation also help cut costs by eliminating duplicate efforts, he said.
Underscoring the trend, Alexandria, Va.-based ASIS International and the International Information Systems Security Certification Consortium, known as (ISC)2, last week announced that they have agreed to mutually endorse each other's professional certifications. ASIS administers the Certified Protection Professional credential, which is largely for physical security practitioners, while (ISC)2 administers the popular CISSP program for IT workers.
Driving the need for unified security management is the increasing use of IT in physical security products and services, said Greg Holliday, regional director of security at Crescent Real Estate Equities Ltd. in Dallas.
"The biggest trend here at the show is how computers and IT as a whole are improving the delivery of security services," Holliday said.
Improvements in computer memory, storage, networking and processing capabilities have made technologies such as physical access control and video monitoring more powerful than ever before, said Glenn Sandford, vice president of Whelan SFI, a provider of physical security services in Columbia, Md.
"The traditional security folks are very challenged by the rapid pace of information technology being used in physical security products and services," said Ray Bernard, principal consultant at Ray Bernard Consulting Services in Lake Forest, Calif.
Companies also increasingly view IT and physical security as part of a broader set of operational-risk management issues that need unified oversight, said Steve Hunt, an analyst at Forrester Research Inc. in Cambridge, Mass. That trend is further blurring the traditional lines that have existed between the two functions, he said.
Areas such as user provisioning, access control and access monitoring in particular can benefit from the integration, Bernard said.
Another example is smart cards that use identity information in an integrated directory server to control both facility and network access, Wagner said. "Just imagine the number of keys you wouldn't have to worry about losing or tracking down,"he noted.
But companies have to be "careful in defining the touch points between IT and physical security," Sandford said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
