Trends 2005: security convergence gets real

October 2005 Integrated Solutions

Growing numbers of organisations are recognising the natural economies of scale and operational efficiencies available when physical security teams work with similar, complementary IT security groups.

In 2005, companies in Europe and North America will increase spending nearly threefold on projects that combine traditional physical security controls with IT security. That is, locks, cameras, entry systems, and even guard desks will be upgraded to work with the same computing systems that control computer and network sign-on, identity management, and security incident management. Consequently, IT security vendors will rush to merge or find partnerships with their physical security brethren to respond to the new opportunities.

Why 'converge' security?

Historically, physical security vendors sold their products only to physical security departments, sometimes known as the corporate security, campus security, or simply facilities departments.

Meanwhile, IT security vendors targeted IT security departments, the CIO, and the occasional business unit manager. The two markets have always been almost entirely segregated. But now the lines of demarcation are blurring, and customers are inviting vendors from both sides to work together.

The convergence of physical and logical security is not a fad

Security is no longer performed quietly in the basement of the building, away from the cares of business managers. Now, security plays an instrumental role in compliance with regulations, protection of personal information, and enabling many business processes. Therefore, business managers are looking for ways to have better security while also cutting costs and finding economies of scale. One way that this can be achieved is by converging IT security with overlapping corporate or physical security functions.

* Consolidate credentials for IT and physical access onto a single card. A smartcard can serve as an ID badge for building access and can also store IT credentials like passwords and digital certificates. Standardising on a single card may save costs and improve security.

* Connect the processes for granting and revoking building and IT access. Linking the processes for managing employees' IT access rights with those for managing their building access will get people productive quicker and will improve security by ensuring that all necessary revocations take place when appropriate.

* Correlate security events across the physical and IT realms. Security event management systems, presently used to monitor and respond to IT-related events, should incorporate events from physical security systems. An alert should trigger if, for example, the VPN signals an employee logging in remotely while the badging system indicates that he is inside the corporate office.

* Unify the auditing of physical and IT rights and events. By assessing authentication and authorisation processes and controls across IT and physical facilities, organisations will find many opportunities for improved efficiencies and security. For example, Forrester recently performed an audit that showed ways in which one company could streamline processes of employee and visitor badging by integrating existing identity management systems. It also indicated that the company could save money on cameras by aligning intruder detection processes with the IT incident response procedures.

Watch for sudden growth during the next 12 months

The market, currently described as the convergence of physical and logical security, is beginning to take off. Forrester expects private-sector spending to top $300 million in 2005. Europe will lead in per-capita adoption with projected spending of more than 37 million Euros. Total spending on convergence projects in the public and private sectors in North America and Europe will exceed $1,1 billion in 2005.

These numbers may be conservative

Some public sources project much higher spending by government agencies and port authorities.

Although 2005 budgets have been announced or allocated for massive government convergence projects, Forrester does not expect actual spending to exceed this forecast because of political factors and the complexity of the proposed projects.

Disaster planning is another area of natural convergence. But because disaster recovery best practices have long called for IT systems and physical system backup, Forrester did not calculate disaster-recovery-related spending in this forecast.

Furthermore, the spectre of regulations affecting IT security certainly could cross over and converge with physical security. After all, it will only take a few large audit firms to start including physical security checks in their audits to transform the nature of security management. If that happens, spending could as much as triple over these forecasted numbers.

Convergence projects improve efficiency and security

The reasons for the sudden rise over the estimated $500 million total sales of 2004 include the large European Union-funded border, law enforcement, and homeland security projects, especially in Eastern Europe, as well as the availability of US Homeland Security funding. Additionally, early adoption of multifunction smartcards as a single card for physical and logical access and the emergence of new convergence technologies from companies like CoreStreet and NetBotz have added to the sales rise. Companies like Honeywell, Siemens, and others have contributed to the increase with technologies involving large-scale system integration consisting of authentication, administration, and audit processes.

Additional factors contributing to the rise in 2004 sales includes:

* Standardisation. The convergence think tank Open Security Exchange is growing in prominence as a standards discussion group. • Entry-point technology. Fingerprint, hand geometry, and facial recognition biometric readers at large campus entry points, airports, borders, and other ports are becoming increasingly common.

* Surveillance. IP-based network cameras from Axis Communications, Panasonic, and Sony Electronics and enhanced video systems from vendors like Extreme CCTV, NICE Systems, and ObjectVideo, continue to grow.

* Integration. There are new possibilities of integration between camera and access control systems, such as consoles that display video of physical or logical access events along with event log details of that event: Archival searches of access events along with video images are also becoming available.

* Security event management. Vendors ArcSight, eSecurity, and others are following Computer Associates' lead in converting their event monitoring consoles, which were originally designed for IT security events but can now correlate physical access events.

Vendors and system integrators will adapt slowly at first

According to a recent ranking by Wachovia Capital Markets, large physical security system integrators like Computer Sciences Corporation (CSC), Lockheed Martin and Northrop Grumman collectively account for 39% of the market share for US federal government system integration projects. But none of these firms have turned their relationships with IT security vendors into significant convergence strategies.

Conversely, other top system integrators like Accenture, BearingPoint, SAIC, and Unisys have active relationships with IT vendors and are talking about the convergence of IT and physical security as a focus of their respective security practices. While none of these firms articulates a clear vision on their websites regarding convergence, they nonetheless are sensitive to the challenges and opportunities of merging corporate and IT security projects in the private sector, in some cases partnering with convergence experts ActivCard and Daon.

Honeywell and Siemens are the most mature large integrators in terms of convergence strategy - they have combined IP cameras, access control, security event monitoring and identity management in their comprehensive systems architectures. Tyco Fire and Security combines several product and service brands, such as ADT, American Dynamics and Software House, to pull together some basic convergence projects without any formal convergence strategy or significant IT partnerships.

Lenel Systems International is focused on products rather than integration. Forrester's conversations with Lenel reveal almost no awareness on its part of the opportunities of convergence with IT security.

Convergence projects mean money

End-user organisations can save money by streamlining historically disparate security projects, while vendors can capitalise on new spending.

* Firms with interest in improving operational efficiency may now comfortably explore convergence projects.

• Smartcards function as a platform for multiple uses: corporate ID badges, building access, computer and network access, and more.

* New technologies open up new opportunities for efficient identity and privilege management, security monitoring, and trouble detection.

* A team comprised of members from the two security groups should coordinate their efforts in complying with common standards and regulations.

* Convergence extends beyond products. Organisations can develop joint awareness and training workshops addressing common security concerns: social engineering, proper document and data disposal, workplace harassment policies (including e-mail and Web use), and more.

* The convergence market will grow rapidly during the next five years as enterprise risk management points more companies to greater security efficiencies and effectiveness.

* Vendors of physical or logical security controls ought to investigate trends and seek out convergence applications for their respective technologies.

Note: The most successful convergence projects allow the respective physical and IT security departments to retain their autonomy. In other words, convergence happens best as discrete projects, not as a converged security organisation encompassing corporate and IT departments. See the 10 December, 2003, Planning Assumption 'Trends 2004: Limited Convergence of IT Security and Corporate Security'.

Reference: Forrester Research 2005.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Intelligent analytics and the brains to match
September 2019, Bosch Building Technologies , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
What if the brains behind our security cameras could be trained to improve their cognitive ability to pay attention, learn, and problem-solve according to specific rules and situations?

Read more...
AI-powered autonomous Drone-in-a-Box
September 2019 , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Organisations in the mining, energy and industrial, oil and gas, ports and terminals sectors can optimise security and business operations, whilst reducing risks and operational costs

Read more...
A platform approach to innovation and value
September 2019, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure
Moving to the platform model of doing business holds tremendous advantages for end users and smaller developers, but also for the whole technology supply chain.

Read more...
Open does not always mean easy integration
September 2019, VERACITECH, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Customers who opt for best-of-breed solutions will have to rely on their integrators to develop customised integrated solutions for them.

Read more...
Video analytics and AI
September 2019, Axis Communications SA, Dallmeier Electronic Southern Africa , Hikvision South Africa, Technews Publishing, Dahua Technology South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Artificial intelligence has the potential to deliver real benefits in the world of video analytics and many companies are already delivering customer benefits.

Read more...
Cloudy with a chance of AI
September 2019 , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
One local company has developed an AI solution that can be added to existing surveillance installations, offering 24-hour intelligence.

Read more...
Integration insights
September 2019, Gijima Electronic and Security Systems (GESS), Technews Publishing, neaMetrics , Integrated Solutions
The security industry would be a vastly different place if installers and integrators were not able to make a range of different products work together.

Read more...
Video and audio analytics
September 2019, Wisenet CCTV - Hanwha Techwin , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Viewing many monitors and cameras simultaneously can lead to an increased probability of missing critical situations due to viewing fatigue. Analytics has the answer.

Read more...
Enhance video analytics with Augmented Vision
September 2019, IDEMIA , Technews Publishing , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Augmented Vision is a video analytics application from IDEMIA designed to enhance security in public and private places.

Read more...
A tangible return on investment
September 2019, Bidvest Protea Coin, Technews Publishing , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
The key to a successful security solution for any environment is the strategy and processes that define what you need, where, when, how and why.

Read more...