Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Integrating the enterprise

March 2010 Integrated Solutions

Hi-Tech Security Solutions asked Paul Wenborn, technical director of innoVIZION, and Neil Cameron GM of Johnson Controls Systems Service South Africa, a few questions on the role of security in the enterprise.

Hi-Tech Security Solutions: Is security in the enterprise impacting traditionally


non-security functions, such as HR, IT or finance? What effect is it having?

Paul Wenborn: With a global focus on corporate governance and specifically governance, risk, and compliance (GRC), all aspects of an organisation are directly or indirectly impacted by heightened security policies and procedures. These new business requirements demand that non-security functions (HR/IT/ Finance/Facility/Wellness and even Production, Logistics, etc,) become directly accountable for identity management and policy enforcement.

If one applies basic real-life business processes scenarios to this data it could mean that a person/contractor’s access to site or a specific area is dependent on multiple people in an organisation providing an holistic framework for a process driven solution.

Neil Cameron: Traditionally, separate security focus areas – ie, people, data and assets – are converging and this is creating greater awareness among all line functions within the business. For instance, the security profile assigned to any staff member will depend on that person’s role and responsibility within the organisation. Among others, it will determine the level of access this person has to organisational data.

However, since data can also be physically removed (a primary concern of the IT manager), physical access to the premises needs restricted and standard security around data – eg, firewalls and passwords – needs to be driven throughout the organisation. Similarly, assets such as company laptops and mobiles need to be protected.

While 95% of organisations still run disparate systems for HR, IT and other functions, a single integrated security policy is being enabled through the implementation of an enterprise layer of information. Thus, an integrated enterprise strength version of security is coming into being.

Hi-Tech Security Solutions: Have security managers realised their need to serve the business? Do they view themselves as part of the operational processes necessary to enable the business to function properly and make a profit?

Paul Wenborn: In an integrated solutions environment, a better term for security managers should be security compliance managers. Security compliance managers with the necessary skills can have a unique perspective on an organisation’s physical/logical/policy/statutory and industry specific compliance requirements. This perspective is often overlooked and is of critical value when input of functional/system requirements to the mapping of business processes is required.

Ignoring security managers input as key stakeholders on an integrated identity and people management security solution project can result in significant requirements being excluded from the scope and have a direct impact on the bottom line and performance of a business.

Neil Cameron: Security personnel in most organisations traditionally focused on physical security. Many are becoming more IT aware and literate, and also more aligned with the goals of the business. However, security managers that are appointed at an executive level in larger organisations (eg, financial services) certainly have a greater understanding of how security impacts business risk, governance and compliance issues.

Hi-Tech Security Solutions: Where are the drivers of change in the security function coming from in business?

Paul Wenborn: Technology, governance and integration are the three main drivers of change for the security function while business process optimisation (BPO) is the key driver from businesses that are looking towards integrated solutions that enhance productivity and automate manual and regulatory processes such as HSE enforcement.

Neil Cameron: Convergence of the various business functions, driven by integration of the administration of these functions on a single technology platform is certainly playing a role. There is also the increased accountability and responsibility at a board level – as described in King III – for executives and directors to implement suitable security measures to protect the business and its shareholders, ensure that corporate governance policies are met and that business risk is mitigated.

Hi-Tech Security Solutions: Has the security function migrated, or is it in the process of migrating to board level?

Paul Wenborn: No, not the security function as such, however our general experience in the industry is that security normally forms part of the risk management function that in some instances, depending on the company size is represented at board level. However, security has evolved and has a vital role to play in contributing to a company’s strategic planning.

Neil Cameron: Security, or lack thereof, can impact the bottom line of a business and affect core business, so it certainly merits board level inputs and attention. It has become a key component of the controls of a business that facilitate risk mitigation and corporate governance. For example, the creation and implementation of a suitable health and safety policy is an important element of a comprehensive security solution and will directly influence staff wellness and operational efficiency, affecting the organisation’s risk profile.

Hi-Tech Security Solutions: What about the alternative? Are other functions, such as risk management evolving to integrate security functions, leaving traditional security officers with shrinking empires?

Paul Wenborn: Once again, our experience is that in most corporate organisations security is already part of the risk management function. The acronym SHERQ has been around for many years which incorporate the security function. Integrated identity and access management solutions that form part of a larger integrated people management solution (IPMS) have definitely created a perception and practice of merging functions and job titles.

In our experience the traditional security empire can grow or shrink dependent on individual competencies – this could either mean a larger portfolio for the security manager taking on risk control or security being added to the risk manager’s portfolio.

In either scenario the individual is generally swamped with multiple responsibilities and without an integrated process driven access and identity management solution (both physical & logical) whereby various disparate systems are seamlessly integrated and then crafted to work as a single entity, the security/risk officer will be inundated with administrative tasks instead of enforcing and enhancing policy utilising the information provided by the solution.

Neil Cameron: The empire of the security manager is not dwindling; it is becoming more significant. It is today a key part of business rather than a grudge spend. Because security addresses such a wide range of issues – physical assets, data and personnel – I believe that while security policy and IT execution will become more of a board-level issue, the function itself will not be usurped by related functions, but remain a subset of those functions requiring some oversight.

Hi-Tech Security Solutions: What about the influence of technology? Will IT and its technicians usurp the work previously done by security technicians?

Paul Wenborn: The pace of technology has significantly influenced the market. ICT companies added physical access control as a logical extension to their existing integrated identity management (IIM) solutions. IT staff are tech savvy and can quickly gain the necessary skills required and due to their IT background are technically proficient at fault finding 'from the scanner to the database'.

This has placed a large onus and significant challenge on traditional access control companies and security technicians. Companies will increasingly be looking to single-point-of-contact vendors to partner with and add value to their overall HR/IT and security strategies and goals.

Neil Cameron: Technology is undoubtedly an increasingly important part of implementing security on a number of levels – ie, access, CCTV monitoring, reporting, integration into building management systems, etc. However, the field of enterprise security implementation is wider than IT alone as security systems often need to integrate to electrical or mechanical (eg, airconditioning) systems. While it is not impossible that the IT technician will skill up to also manage security technologies, security is becoming more complex and specialist maintenance may be required.

Hi-Tech Security Solutions: What should security managers and personnel do to ensure they are an integral part of their corporations’ going forward?

Paul Wenborn: Security personnel should position themselves to add value through the effective application of technology to enhance delivery and enforcement of company policies and procedures while ensuring compliance with governmental and regulatory authorities. A zero incident safety record and effectively managed people management systems can have a significant positive impact to many companies where Safety First cultures are promulgated.

Neil Cameron: It is important that organisations keep up with changes in this field – and these changes are rapid at present – in order to add value to the organisation. Security managers should ensure they are utilising the latest systems, functionality and technology to accurately align security to business needs – and adequately protect the company against new threats. Ox-wagon technology will only negatively impact perception about the security function.

Hi-Tech Security Solutions: How should the security function expand to become an integral function of the enterprise?

Paul Wenborn: Knowledge is the key – this does not necessarily mean becoming a subject matter expert on integrated security solutions, but of vital importance is to understand the business requirements and unique needs of the various individual stakeholders in your organisation and be able to translate that into meaningful input during a facilitated blueprinting process.

The focus should be on functioning as a security compliance manager vs. a technical expert on a moving target of technology that continuously changes. Rather partner with a company/systems integrator who adds value to your business processes and facilitates delivery of the process using technology as an enabler as opposed to a company punting a technology (features and benefits) to solve people-related process issues.

A sustainable solution is 90% to do with proper up-front blueprinting, systems integration and process optimisation and 10% about hanging a reader on a wall.

Neil Cameron: The security function is already growing. It is also receiving more air-time at a strategic level. The security function in business needs to lead change rather than being pulled along by change. The function is evolving and so must security staff. Upskilling personnel, becoming more aware of the role of technology in enabling security, and developing a vocabulary that will allow board-level communication and interaction are crucial.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Digitising security solutions with AI and smart integration
Regal Security Distributors SA Technews Publishing Integrated Solutions
The Regal Projects Team’s decades of experience and commitment to integration have brought the digital security guard to life as a trusted force for safer, smarter living.

Read more...
Smart cities and the role of video security
Surveillance Integrated Solutions
As cities around the world continue to embrace smart technology, including IoT that not only connects to people, but also the surrounding activity, the integration of advanced video security systems is crucial to ensure safety and efficiency in environments.

Read more...
Surveillance to unjam the traffic
Integrated Solutions Transport (Industry)
Traffic is a challenge that affects urban areas across Africa. The city of Johannesburg, South Africa’s most populous city, experiences severe traffic resulting from a confluence of issues, including power outages, faulty traffic lights, and infrastructure theft.

Read more...
The benefits of offsite control rooms
Astrosec Surveillance Integrated Solutions
As the security landscape grows more intricate, control rooms – the crucial hub of security operations – need to adapt. With escalating costs, mounting threats, and a heightened demand for immediate responses, many organisations are reassessing the operations of their control rooms.

Read more...
edgE:Tower video analytics integrated with SEON
Surveillance Integrated Solutions AI & Data Analytics
Sentronics has announced a new integration between its edgE:Tower advanced AI-driven video analytics solution and SEON, a Central Monitoring Software (CMS) platform. This integration enhances real-time situational awareness and automated threat detection for control rooms.

Read more...
Security industry embraces mobile credentials, biometrics and AI
AI & Data Analytics Access Control & Identity Management Integrated Solutions
As organisations navigate an increasingly complex threat landscape, security leaders are making strategic shifts toward unified platforms and emerging technologies, according to the newly released 2025 State of Security and Identity Report from HID.

Read more...
Insurance provider uses Net2 For access management
Paxton Access Control & Identity Management Integrated Solutions Healthcare (Industry)
BestMed selected Paxton Net2 for its access control requirements because of its simplicity of installation and ease of navigation for end users, as well as the 5-year warranty.

Read more...
The power of knowing your client
Ideco Biometrics Access Control & Identity Management Integrated Solutions
One of the most effective ways to combat the threat of fraud, identity theft, and financial crime threats is through a robust Know Your Client (KYC) process, which safeguards both businesses and clients.

Read more...
Managing identities for 20 years
Ideco Biometrics Technews Publishing SMART Security Solutions Access Control & Identity Management Integrated Solutions IoT & Automation
Many companies are now more aware of the risks associated with unauthorised access to locations and sensitive data and are investing in advanced identity authentication technologies to mitigate these threats.

Read more...
Cost-effective and reliable remote connectivity
Agriculture (Industry) Integrated Solutions Infrastructure
Companies that operate in hard-to-connect areas now have access to reliable connectivity due to a collaboration between MTN South Africa, Vox and Tarana technology.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.