The increasingly popular idea of the convergence between the worlds of physical security and information security was introduced in the last article in this series.
In this article, we look at the IT department and how it should prepare to handle the challenges that arise in a converging security world.
Each company is, of course, unique in the way it is set up and structured and will therefore have to deal with different issues and challenges when converging all security systems and processes onto one platform. Naturally, very few, if any, will be converting all their systems to a common platform in one swoop so it is critical that security managers ensure any new implementations or upgrades to existing systems are done in accordance with a recognised standard, such as the Enterprise Building Integration standard from Honeywell. This adherence will allow for easy integration into a converged platform at a later date.
When it comes to IT security and its integration, there are critical issues the security manager must examine and clarify before any meaningful integration can occur.
There must be one single security authority for the company. In the IT world this may be a business application such as SAP or a directory service where each person's details and permissions are stored. Integration can only occur if this source is accessible by systems needing to check and verify identities with 100% reliability.
These systems also assist in implementing a reduced sign-on process, requiring fewer security checks without risking unauthorised access.
A common infrastructure
The ideal in terms of cost, skills and maintenance efficiency is to have all security systems running over the corporate network. In reality, using a common infrastructure could have negative consequences on operations if images and video transmission is not controlled - security processes involving transmitting large amounts of surveillance video are likely to cause bandwidth congestion. In this case a separate security network may be appropriate.
The real bandwidth utilisation and transmission requirements of a company must be identified and measured in the consulting process before any methodology or product decisions are made.
Business processes defined
All security processes relating to the IT environment must be defined, if they are not already. These include issues such as how to provision or deprovision users, to how to access the server room, through to the location and availability of data should a server crash or be stolen. Defined processes can be transformed into best practices, which will be easier to integrate with other best practice security processes from other areas of the company.
When examining the technology that is or should be used in IT security, it is important to determine their future roadmaps. Will the systems be supported well into the future or are they about to become obsolete? Are different versions of the same product backwards and forwards compatible? Is the technology employed based on common protocols and standards?
By insisting on only standards-based technology with a future roadmap, companies will ensure their IT systems can be incorporated into corporate security management systems. Moreover, staff will be able to more easily control and support these products with their existing skill sets.
The above issues are all hygiene factors to smooth the process of integrating IT into a common security management platform. With a common user interface the security manager is able to oversee all security operations more efficiently than ever before. Furthermore, complex engineering processes will become easier to manage and improve when their component parts subscribe to common standards.
Converging an organisation's security infrastructure requires considerable effort and management buy-in to move from a silo to an integrated approach. The process is fraught with challenges if the requirements and problems each area within the company faces are not dealt with in advance. With the appropriate planning and best practice implementation, however, security convergence delivers unbeatable cost and efficiency benefits in the long term.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.