by Dan Dunkel - President, New Era Associates
Published in Today's Systems Integrator
My friend Bob Hayes (not the famous football star of the 1960’s – 70’s Dallas Cowboys) is executive director of the CSO Executive Council (www.csoexecutivecouncil.com ). I mention this for two reasons, one is that if you have not visited the Web site, please do yourself the favor. The Council produces timely and informative research (I purchased the “Measures and Metrics” and “Security Careers” reports) and tracks best practices in the security industry. The CSO Emeritus faculty (About Us) reads like a Who’s Who list of American business.
Bob has a wealth of experience and global contacts, understands the issues facing security today, and dislikes everything about the word “convergence” applied to security because he feels it misses the mark from the executive and management perspectives. I agree, at least as far as half the definition is concerned. I feel “convergence” is important from a technical perspective in positioning the security industry for the future, but agree that it does not describe the management/executive dynamic unfolding. This represents a dual opportunity for security integrators.
The American Heritage dictionary describes one aspect of “Convergence” as: the process of coming together or the state of having come together toward a common point. (Think of two separate streams merging into a river.) In this context “convergence” is about technology. It is the process of taking traditional physical security solutions (guards and guns, surveillance, access, etc.) and merging those processes with open and standard IT infrastructures to deploy globally (or at least across the enterprise) to improve productivity and cost effectiveness. As a result, more innovation quickly follows in the form of digital technologies and open source software, accelerating time to market and new product developments. The end game is that the entire security industry is being quickly elevated in importance and visibility as it is integrated across the overall business operation. This means new responsibilities for security professionals and new competition from IT, internally and across the entire industry sector.
What “convergence” does not imply (to Bob’s point) is the merging of the actual management functions (and departments) between the physical security and Information Technology (IT) groups. Yet the interesting dynamic is that as technology provides the platform (springboard, if you will) to elevate security as a discipline at the CEO and board of director level, management visibility (Read: politics) is highlighted. In this capacity, the “new” security executive has the opportunity to influence security policy across the enterprise, in many cases for the first time. This requires new skill sets. Executives must understand the overall corporate business model and how technology can leverage the security process (cost effectively) in each area. They must understand executive collaboration, negotiation, influence, setting priorities and corporate politics. The new security executive is not interested in turf battles with IT, but has a clear understanding of what the CEO and board expects from a working relationship between the two organizations. The “new” security executive understands departmental thinking is outdated and takes a holistic approach to how security adds value to the corporate bottom line.
The new security executive/manager also knows history and is not surprised or offended that the CIO, or technical counterpart, is making a political play for more responsibility as they see the security function take on added importance. The technical group has been through its own elevation from “geek speaking” outcast to “business enabler” during the decade of the 1990’s. They have been through the process and they like where they ended up. The key attribute for the security manager/executive is partnership with IT. In this regard it is no different than the advice to the security integrator to team with IT integrator partners to combine mutual skill sets. In the corporate case, security needs to be a “customer” of IT, no different than the engineering or finance department depending upon IT services to perform their jobs. There is no reason for a turf war unless security insists on living in the past world of stand-alone silos and proprietary product mentalities. In that case, the IT department should position itself for added security responsibilities. Why should security be the only department to ignore leading edge technology? Look around.
Into this political scene steps an astute security integrator: a businessperson that has already partnered with an IT counterpart and understands the issues and opportunities security convergence provides. Just as mutual education has worked for their business model, the integrator extends his/her “converged” knowledge to the security manager/executive and their IT contacts. They provide the business rationale to get together and discuss combined resources, they EDUCATE. They act as consultants and position their business solutions as a “unique” value added partner in the convergence process. They use change (convergence) and its impact on corporate reporting structures to their advantage by bringing some clarity to the confusion. They act as a bridge. In larger companies they meet with executives to serve as a conduit for the message to line management. Just as “convergence” has elevated the discipline of security, it also elevates the security sales profession. The new security executive partners with IT to leverage the strengths of security. How can you be a bridge in that process and establish unique business value for your firm? The “convergence” tide lifts all boats. Are you up for the task?