Much has been written over these past few years on the topic of convergence, and I would guess that, if you were to ask ten people in the security industry what convergence means, you’d get a like number of differing answers. So, when I sat down to write about technologies driving convergence, I really wanted to start off with a clear statement of what’s being driven and why.
I prefer to take the broad view and look at convergence as the blending and sharing of information across the enterprise for the greater good, enabled in large part by network technology and permitted, if not promoted, by the various stakeholders. This is not just about IT and security, or putting security on the corporate network — it embraces any department or system whose information can interact, inter-relate or affect the business.
Security can and should be a strong participant in the convergence process, and it goes way beyond putting video, access, control and intrusion on the network. Convergence will be a magnet for security for two main reasons: risk management and business value. At the end of the day, that’s what matters.
Risk management encompasses people, physical property and assets, and information. People need to be safe and productive, and their information and access — including that enabled by their mobile devices — must be secured. Of particular interest are those executives and employees traveling who are disconnected from the security coverage at home base. Technology from TranSecur, recently acquired by NC4, provides predictive intelligence, analyzing global situations and events for localized impacts. NC4 provides broad-based situational awareness, external, yet relevant to their customers.
Physical property and assets on corporate premises have always been a main focus of the Security Department, but supply chain integrity and the security of goods in transit — both inbound and outbound — have received less attention. Loss or damage to critical shipments affects operations, customer satisfaction, and, ultimately the bottom line. FreightWatch Intl., for example, has designed services to help monitor and control these risks.
When you combine externally-driven information with that generated by building systems, H.R., traditional security and other internal systems, the challenge becomes filtering, managing, and acting on it. Situational awareness aggregation systems, such as Immix from SureView Systems, have been designed to give security personnel the tools to meet such challenges. By looking at an organization’s operations as holistically as possible, i.e., in a converged way, the overall risk profile is reduced.
Now, extend the concept to information and network security. Secure networks and information are a must for every part of an organization, and physical security has a stake. Physical security requires a secure, robust network infrastructure; and the organization needs equipment, procedures and policies to prevent physical intrusions on the network.
Because of the myriad of threats which exist, “Defense in Depth” is a must. Two of the newer potentials for vulnerability exist in cloud services and BYOD (Bring Your Own Device). Both areas touch traditional security and the rest of the organization. While the cloud and BYOD bring enhanced utility, efficiency, capability and productivity, if left unmanaged or uncovered by inadequate policies, gaping holes in the organization’s armor may develop. Doors unsecured, networks compromised, building systems run amok... only a unified, converged approach can adequately mitigate these risks.
Risk matters to an organization’s management because it directly effects the organizational value to stakeholders. Reduction in risk not only improves margins by reducing expenses (loss, penalties, shipping, insurance, etc.) throughout, but it also integrates security into the fabric of the company’s operations.
Opportunities abound to add value — one of those is the interaction will building systems and connected equipment. Tools such as Honeywell’s Niagara and Tridium frameworks enable interconnection and management of building control, facility management, industrial automation, medical equipment, physical security, energy information systems, telecommunications systems and more. Making better use of the communications infrastructure through unified network management, proper provision of back-up power and intelligent use of processing and storage resources — both local and cloud-based — will reduce downtime, bottlenecks and costs.
Savvy retail and hospitality operations, for example, have learned that information from security devices can not only reduce loss, but enhance customer support and satisfaction. And, consider the value of marketing data such as traffic patterns, display effectiveness, or scene analysis, enabled by video analytics.
So what’s the problem? As I see it, not nearly enough attention has been given to really understanding and quantifying the ROI of fully integrating security into a converged environment. Some say it can’t be done, and that you just can’t quantify the impact of security — I couldn’t disagree more. Good models await creation, but they require serious thought and insight, reasonable assumptions, and sensitivity analysis. Paired with effective communication of results to management, it becomes a no brainer.
Ray Coulombe is Founder and Managing Director of SecuritySpecifiers.com, enabling interaction with specifiers in the physical security and ITS markets; and Principal Consultant for Gilwell Technology Services. Ray can be reached at [email protected], through LinkedIn at www.linkedin.com/in/raycoulombe or followed on Twitter @RayCoulombe.