by Dan Dunkel - President, New Era Associates
Published in Today's Systems Integrator
The 9/11 attacks really did change the future direction of security. I won't dignify Bin Laden with a quote, but al Qaeda has a stated purpose to crash our economy as well as cause mass casualties. Perhaps the reason that security convergence did not take off immediately after 9/11 is because corporate executives understood that the traditional silo approach to physical security will not scale and that expecting the IT department to control all things "security" is not the answer either. In this confused state, who is responsible? The CIO, CSO, CISO, CRO? The good news is there is a Chief in there somewhere! Currently, the physical security department is operating outside of its comfort zone by being asked to sell enterprise R.O.I. (return on investment) at the executive level and also understand and communicate the specific issues of information technology. At the same time the IT department is accepting additional responsibility for physical security operations that with which it has little or no experience. It appears that neither organization has the expertise to pull the broader enterprise risk vision into focus.
From the executive perspective the security convergence strategy is simply following the same path that every other department in the corporation, from finance to engineering, has already traveled. Deploy solutions across an open infrastructure to improve employee productivity and generate a positive R.O.I. That is the easy part, yet converging physical security applications with IT still faces too much vendor resistance? Securing a global supply chain is another issue entirely. While the business process leverages numerous partnerships across the globe for a competitive advantage, the problem is in most cases security (physical and logical) was a supply chain afterthought. Moving forward, the challenge is to embed security into the business strategy on the front end.
The stage is set for the "new" security executive to lead on these critical issues. The underlying problem is finding someone with the ability to collaborate and communicate effectively across multiple constituencies. This position may require a hybrid of physical security and IT experience, operational understanding, political tact and a dose of sales and marketing acumen. This individual needs to be effective across organizations, internal and external to the company, and have the skills to communicate the vision (in simple English) to multiple levels of line, middle management and executives. The key is this position needs to be a peer with the CIO, CFO and other executive staff members. The threat today to the corporation, its shareholders, business partners and customers is too critical to limit security's exposure.
My point is that I believe in the near future security will become "job one" with an executive reporting directly to the CEO. Organizational charts and titles will differ by industry, but this security executive position will evolve, gaining exposure, credibility and power. Securing supply chains with "trusted partners" will be driven down stream to companies of all sizes. These companies (your customers) will look to you for solutions that integrate into the infrastructures of these major multinational organizations where IP is the network of choice and data strategies have lifecycles that span several storage technologies. The sales and support skills of physical security and IT integrators will need to be upgraded as expectations rise. The security organization will become a much more demanding customer. Quickly deploying IP security solutions that scale will be expected. The good news is that the revenue opportunities expand along with the responsibilities. The old saying " It takes money to make money" applies here. If you don't have the skill sets today hire them and pay for them. The same executive skills of collaboration and communication will extend to your organization if you hope to succeed. Embracing change and creating new support structures around IP security convergence are your entry requirements. You'll be glad you made the commitment. Enterprise security will be the growth industry of the next twenty years.
Get after it!