Trends 2005: security convergence gets real

Access & Identity Management Handbook 2005 Integrated Solutions

Growing numbers of organisations are recognising the natural economies of scale and operational efficiencies available when physical security teams work with similar, complementary IT security groups.

In 2005, companies in Europe and North America will increase spending nearly threefold on projects that combine traditional physical security controls with IT security. That is, locks, cameras, entry systems, and even guard desks will be upgraded to work with the same computing systems that control computer and network sign-on, identity management, and security incident management. Consequently, IT security vendors will rush to merge or find partnerships with their physical security brethren to respond to the new opportunities.

Why 'converge' security?

Historically, physical security vendors sold their products only to physical security departments, sometimes known as the corporate security, campus security, or simply facilities departments.

Meanwhile, IT security vendors targeted IT security departments, the CIO, and the occasional business unit manager. The two markets have always been almost entirely segregated. But now the lines of demarcation are blurring, and customers are inviting vendors from both sides to work together.

The convergence of physical and logical security is not a fad

Security is no longer performed quietly in the basement of the building, away from the cares of business managers. Now, security plays an instrumental role in compliance with regulations, protection of personal information, and enabling many business processes. Therefore, business managers are looking for ways to have better security while also cutting costs and finding economies of scale. One way that this can be achieved is by converging IT security with overlapping corporate or physical security functions.

* Consolidate credentials for IT and physical access onto a single card. A smartcard can serve as an ID badge for building access and can also store IT credentials like passwords and digital certificates. Standardising on a single card may save costs and improve security.

* Connect the processes for granting and revoking building and IT access. Linking the processes for managing employees' IT access rights with those for managing their building access will get people productive quicker and will improve security by ensuring that all necessary revocations take place when appropriate.

* Correlate security events across the physical and IT realms. Security event management systems, presently used to monitor and respond to IT-related events, should incorporate events from physical security systems. An alert should trigger if, for example, the VPN signals an employee logging in remotely while the badging system indicates that he is inside the corporate office.

* Unify the auditing of physical and IT rights and events. By assessing authentication and authorisation processes and controls across IT and physical facilities, organisations will find many opportunities for improved efficiencies and security. For example, Forrester recently performed an audit that showed ways in which one company could streamline processes of employee and visitor badging by integrating existing identity management systems. It also indicated that the company could save money on cameras by aligning intruder detection processes with the IT incident response procedures.

Watch for sudden growth during the next 12 months

The market, currently described as the convergence of physical and logical security, is beginning to take off. Forrester expects private-sector spending to top $300 million in 2005. Europe will lead in per-capita adoption with projected spending of more than 37 million Euros. Total spending on convergence projects in the public and private sectors in North America and Europe will exceed $1,1 billion in 2005.

These numbers may be conservative

Some public sources project much higher spending by government agencies and port authorities.

Although 2005 budgets have been announced or allocated for massive government convergence projects, Forrester does not expect actual spending to exceed this forecast because of political factors and the complexity of the proposed projects.

Disaster planning is another area of natural convergence. But because disaster recovery best practices have long called for IT systems and physical system backup, Forrester did not calculate disaster-recovery-related spending in this forecast.

Furthermore, the spectre of regulations affecting IT security certainly could cross over and converge with physical security. After all, it will only take a few large audit firms to start including physical security checks in their audits to transform the nature of security management. If that happens, spending could as much as triple over these forecasted numbers.

Convergence projects improve efficiency and security

The reasons for the sudden rise over the estimated $500 million total sales of 2004 include the large European Union-funded border, law enforcement, and homeland security projects, especially in Eastern Europe, as well as the availability of US Homeland Security funding. Additionally, early adoption of multifunction smartcards as a single card for physical and logical access and the emergence of new convergence technologies from companies like CoreStreet and NetBotz have added to the sales rise. Companies like Honeywell, Siemens, and others have contributed to the increase with technologies involving large-scale system integration consisting of authentication, administration, and audit processes.

Additional factors contributing to the rise in 2004 sales includes:

* Standardisation. The convergence think tank Open Security Exchange is growing in prominence as a standards discussion group. • Entry-point technology. Fingerprint, hand geometry, and facial recognition biometric readers at large campus entry points, airports, borders, and other ports are becoming increasingly common.

* Surveillance. IP-based network cameras from Axis Communications, Panasonic, and Sony Electronics and enhanced video systems from vendors like Extreme CCTV, NICE Systems, and ObjectVideo, continue to grow.

* Integration. There are new possibilities of integration between camera and access control systems, such as consoles that display video of physical or logical access events along with event log details of that event: Archival searches of access events along with video images are also becoming available.

* Security event management. Vendors ArcSight, eSecurity, and others are following Computer Associates' lead in converting their event monitoring consoles, which were originally designed for IT security events but can now correlate physical access events.

Vendors and system integrators will adapt slowly at first

According to a recent ranking by Wachovia Capital Markets, large physical security system integrators like Computer Sciences Corporation (CSC), Lockheed Martin and Northrop Grumman collectively account for 39% of the market share for US federal government system integration projects. But none of these firms have turned their relationships with IT security vendors into significant convergence strategies.

Conversely, other top system integrators like Accenture, BearingPoint, SAIC, and Unisys have active relationships with IT vendors and are talking about the convergence of IT and physical security as a focus of their respective security practices. While none of these firms articulates a clear vision on their websites regarding convergence, they nonetheless are sensitive to the challenges and opportunities of merging corporate and IT security projects in the private sector, in some cases partnering with convergence experts ActivCard and Daon.

Honeywell and Siemens are the most mature large integrators in terms of convergence strategy - they have combined IP cameras, access control, security event monitoring and identity management in their comprehensive systems architectures. Tyco Fire and Security combines several product and service brands, such as ADT, American Dynamics and Software House, to pull together some basic convergence projects without any formal convergence strategy or significant IT partnerships.

Lenel Systems International is focused on products rather than integration. Forrester's conversations with Lenel reveal almost no awareness on its part of the opportunities of convergence with IT security.

Convergence projects mean money

End-user organisations can save money by streamlining historically disparate security projects, while vendors can capitalise on new spending.

* Firms with interest in improving operational efficiency may now comfortably explore convergence projects.

• Smartcards function as a platform for multiple uses: corporate ID badges, building access, computer and network access, and more.

* New technologies open up new opportunities for efficient identity and privilege management, security monitoring, and trouble detection.

* A team comprised of members from the two security groups should coordinate their efforts in complying with common standards and regulations.

* Convergence extends beyond products. Organisations can develop joint awareness and training workshops addressing common security concerns: social engineering, proper document and data disposal, workplace harassment policies (including e-mail and Web use), and more.

* The convergence market will grow rapidly during the next five years as enterprise risk management points more companies to greater security efficiencies and effectiveness.

* Vendors of physical or logical security controls ought to investigate trends and seek out convergence applications for their respective technologies.

Note: The most successful convergence projects allow the respective physical and IT security departments to retain their autonomy. In other words, convergence happens best as discrete projects, not as a converged security organisation encompassing corporate and IT departments. See the 10 December, 2003, Planning Assumption 'Trends 2004: Limited Convergence of IT Security and Corporate Security'.

Reference: Forrester Research 2005.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Building a nervous system for smart cities
Issue 1 2020, Pinnacle Instruments SA , Integrated Solutions
Build a central nervous system for smart cities, by employing real-time situation reporting and analysis that unites the powers of cloud computing, AI, IoT and big data.

Read more...
The secret to 5G security? Turn the network into a sensor
Issue 1 2020 , Integrated Solutions
We are about to make the leap from being a civilisation that uses networks to one that runs on them in a fundamental and inextricable way.

Read more...
The move to services and RMR
Issue 1 2020, Merchant West, G4S South Africa, Technews Publishing , Integrated Solutions
Project work used to be the staple diet for system integrators, but that was before the services model changed the way businesses buy and use their security systems.

Read more...
Global security industry adopts servistisation models
Issue 1 2020 , Integrated Solutions
New as-a-service business models are gaining traction because they reduce capital expenditure and cost of ownership, finds Frost & Sullivan.

Read more...
Looking ahead with mobile access technologies
Access & Identity Management Handbook 2020, Technews Publishing, HID Global, dormakaba South Africa, Salto Systems Africa, Suprema, Gallagher , Access Control & Identity Management, Integrated Solutions
Given the broad use of smartphones around the world and the numerous technologies packed into these devices, it was only a matter of time before the access control industry developed technology that would ...

Read more...
Scalable access solution
Access & Identity Management Handbook 2020 , Access Control & Identity Management, Integrated Solutions
Bosch Building Technologies makes access management simple, scalable and always available with Access Management System 2.0.

Read more...
Securing perimeters of secure locations
November 2019, Axis Communications SA, Modular Communications, Hikvision South Africa, Nemtek Electric Fencing Products, Technews Publishing, Stafix , Government and Parastatal (Industry), Perimeter Security, Alarms & Intruder Detection, Integrated Solutions
Hi-Tech Security Solutions asked a number of companies offering perimeter security solutions for their insights into protecting the boundaries of national key points.

Read more...
The safe city and its need for interoperability
November 2019 , Integrated Solutions, CCTV, Surveillance & Remote Monitoring
Interoperability continues to present one of the greatest challenges, particularly with video management systems, video recording devices and cameras.

Read more...
Analytics-driven solutions for smart infrastructure
November 2019, Bosch Building Technologies , Integrated Solutions
Video analytics technology can bring intelligence to infrastructure by delivering solutions for traffic flow, improved safety, smart parking, and data collection.

Read more...
A platform approach to innovation and value
CCTV Handbook 2019, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure
Moving to the platform model of doing business holds tremendous advantages for end users and smaller developers, but also for the whole technology supply chain.

Read more...