by Dan Dunkel - President, New Era Associates
Published in Security Magazine - January, 2006
According to InformationWeek’s Outlook 2006 issue (January 2) updating security procedures, tools, and services is the third highest priority for IT organizations in the year ahead. Right below optimizing business processes and reducing the costs of IT operations. While the first two priorities underscore the requirement for streamlined IT infrastructures built on open systems and standards, it is the focus on security that interests me from the standpoint of convergence and partnering.
The point of this article is that partnering needs to evolve around security convergence both inside the corporation and within the vendor community. It involves cooperation between both the internal buying entities (CSO / CIO groups) and the external selling community (physical security & IT vendors) to achieve the full potential of security convergence.
An interesting trend dovetailing the IT priority list is that IT security professionals are gaining in corporate clout. The 2005 Global Information Security Workforce Study, sponsored by (ISC) 2, states two interesting facts, (1) the information security profession grew at a 9% annual rate (1.9M worldwide), and (2) the dialogue between corporate executives and IT security professionals has evolved from technical security discussions to risk management strategies. This political positioning opens an opportunity for creative security practitioners to partner with their IT peers to create an enterprise security and risk management strategy. In short, everybody with a corporate security responsibility has skin in the game now. This includes both corporate players and industry vendors.
The corporate team needs to deploy security “convergence” solutions strategically across the enterprise while combining the skill sets of the company’s physical security and IT groups. Corporate security policy and risk management strategies now involve software solutions and IT networks to an ever-increasing degree. Therefore, it is incumbent upon the vendor community to provide leading edge security solutions and services deployable across the IT infrastructure. This requires an interoperability and standards approach foreign to some physical security vendors today. The business reality dictates that convergence will require partnering between physical security and IT vendors to provide mutual experience, solutions, and services to enterprise customers.
In the final analysis, customers expect vendors to work together for their benefit. Just as the CEO expects the security and IT groups to cooperate for the benefit of the company, employees, and stakeholders. Security convergence provides a means to that end.