Big companies are starting to bring together â€“ “converge” in the lingo â€“ the physical security and IT security functions. A good place to get a handle on that trend is research by Honeywell, as reported by SecurityInfoWatch.com. It found, reports InfoWatch editor Geoff Kohl, that “52 percent of the companies surveyed had a formal relationship between IT and physical security when it came to compliance and audits, and 11 percent combined those functions directly.”
The Honeywell report is entitled “Enterprise Threat Management and Security Convergence: A Benchmarking Study.” It included more than 50 chief information officers, chief security officers and chief information/security officers in U.S.-based global companies with revenues of between $1 billion and $100 billion.
While “not every company at this level,” Kohl writes, “had convergence mechanisms in place, some of the companies had gone so far as to fully integrate the information security and physical security concerns. According to the Honeywell research, 10 percent of the firms ran the two functions ‘as one entity’ within the company.”
Security/IT concerns include not only access by unauthorized outsiders, like hackers, to corporate systems, but internal employees at given levels with corporate-wide log-in clearance. Noted is the example of a former chief financial officer now working in another part of an organization. He or she likely shouldn’t have the same data access, or even physical access to given rooms, as before. There is also the example of an employee badged into a building in Texas and then logged onto a company computer at its Michigan office.
Convergence at these levels is about bringing together a comprehensive security plan and coordinated identity management. These two tasks, the Kohl piece notes, are a relatively new area at companies, yet vital to overall security. Indeed, security is coming to have as much to do with computers as fences, gates and barriers. Both aspects, the perimeter and electronic internals, are vital to restricting unauthorized access to corporate functioning.