Trends 2005: security convergence gets real

October 2005 Integrated Solutions

Growing numbers of organisations are recognising the natural economies of scale and operational efficiencies available when physical security teams work with similar, complementary IT security groups.

In 2005, companies in Europe and North America will increase spending nearly threefold on projects that combine traditional physical security controls with IT security. That is, locks, cameras, entry systems, and even guard desks will be upgraded to work with the same computing systems that control computer and network sign-on, identity management, and security incident management. Consequently, IT security vendors will rush to merge or find partnerships with their physical security brethren to respond to the new opportunities.

Why 'converge' security?

Historically, physical security vendors sold their products only to physical security departments, sometimes known as the corporate security, campus security, or simply facilities departments.

Meanwhile, IT security vendors targeted IT security departments, the CIO, and the occasional business unit manager. The two markets have always been almost entirely segregated. But now the lines of demarcation are blurring, and customers are inviting vendors from both sides to work together.

The convergence of physical and logical security is not a fad

Security is no longer performed quietly in the basement of the building, away from the cares of business managers. Now, security plays an instrumental role in compliance with regulations, protection of personal information, and enabling many business processes. Therefore, business managers are looking for ways to have better security while also cutting costs and finding economies of scale. One way that this can be achieved is by converging IT security with overlapping corporate or physical security functions.

* Consolidate credentials for IT and physical access onto a single card. A smartcard can serve as an ID badge for building access and can also store IT credentials like passwords and digital certificates. Standardising on a single card may save costs and improve security.

* Connect the processes for granting and revoking building and IT access. Linking the processes for managing employees' IT access rights with those for managing their building access will get people productive quicker and will improve security by ensuring that all necessary revocations take place when appropriate.

* Correlate security events across the physical and IT realms. Security event management systems, presently used to monitor and respond to IT-related events, should incorporate events from physical security systems. An alert should trigger if, for example, the VPN signals an employee logging in remotely while the badging system indicates that he is inside the corporate office.

* Unify the auditing of physical and IT rights and events. By assessing authentication and authorisation processes and controls across IT and physical facilities, organisations will find many opportunities for improved efficiencies and security. For example, Forrester recently performed an audit that showed ways in which one company could streamline processes of employee and visitor badging by integrating existing identity management systems. It also indicated that the company could save money on cameras by aligning intruder detection processes with the IT incident response procedures.

Watch for sudden growth during the next 12 months

The market, currently described as the convergence of physical and logical security, is beginning to take off. Forrester expects private-sector spending to top $300 million in 2005. Europe will lead in per-capita adoption with projected spending of more than 37 million Euros. Total spending on convergence projects in the public and private sectors in North America and Europe will exceed $1,1 billion in 2005.

These numbers may be conservative

Some public sources project much higher spending by government agencies and port authorities.

Although 2005 budgets have been announced or allocated for massive government convergence projects, Forrester does not expect actual spending to exceed this forecast because of political factors and the complexity of the proposed projects.

Disaster planning is another area of natural convergence. But because disaster recovery best practices have long called for IT systems and physical system backup, Forrester did not calculate disaster-recovery-related spending in this forecast.

Furthermore, the spectre of regulations affecting IT security certainly could cross over and converge with physical security. After all, it will only take a few large audit firms to start including physical security checks in their audits to transform the nature of security management. If that happens, spending could as much as triple over these forecasted numbers.

Convergence projects improve efficiency and security

The reasons for the sudden rise over the estimated $500 million total sales of 2004 include the large European Union-funded border, law enforcement, and homeland security projects, especially in Eastern Europe, as well as the availability of US Homeland Security funding. Additionally, early adoption of multifunction smartcards as a single card for physical and logical access and the emergence of new convergence technologies from companies like CoreStreet and NetBotz have added to the sales rise. Companies like Honeywell, Siemens, and others have contributed to the increase with technologies involving large-scale system integration consisting of authentication, administration, and audit processes.

Additional factors contributing to the rise in 2004 sales includes:

* Standardisation. The convergence think tank Open Security Exchange is growing in prominence as a standards discussion group. • Entry-point technology. Fingerprint, hand geometry, and facial recognition biometric readers at large campus entry points, airports, borders, and other ports are becoming increasingly common.

* Surveillance. IP-based network cameras from Axis Communications, Panasonic, and Sony Electronics and enhanced video systems from vendors like Extreme CCTV, NICE Systems, and ObjectVideo, continue to grow.

* Integration. There are new possibilities of integration between camera and access control systems, such as consoles that display video of physical or logical access events along with event log details of that event: Archival searches of access events along with video images are also becoming available.

* Security event management. Vendors ArcSight, eSecurity, and others are following Computer Associates' lead in converting their event monitoring consoles, which were originally designed for IT security events but can now correlate physical access events.

Vendors and system integrators will adapt slowly at first

According to a recent ranking by Wachovia Capital Markets, large physical security system integrators like Computer Sciences Corporation (CSC), Lockheed Martin and Northrop Grumman collectively account for 39% of the market share for US federal government system integration projects. But none of these firms have turned their relationships with IT security vendors into significant convergence strategies.

Conversely, other top system integrators like Accenture, BearingPoint, SAIC, and Unisys have active relationships with IT vendors and are talking about the convergence of IT and physical security as a focus of their respective security practices. While none of these firms articulates a clear vision on their websites regarding convergence, they nonetheless are sensitive to the challenges and opportunities of merging corporate and IT security projects in the private sector, in some cases partnering with convergence experts ActivCard and Daon.

Honeywell and Siemens are the most mature large integrators in terms of convergence strategy - they have combined IP cameras, access control, security event monitoring and identity management in their comprehensive systems architectures. Tyco Fire and Security combines several product and service brands, such as ADT, American Dynamics and Software House, to pull together some basic convergence projects without any formal convergence strategy or significant IT partnerships.

Lenel Systems International is focused on products rather than integration. Forrester's conversations with Lenel reveal almost no awareness on its part of the opportunities of convergence with IT security.

Convergence projects mean money

End-user organisations can save money by streamlining historically disparate security projects, while vendors can capitalise on new spending.

* Firms with interest in improving operational efficiency may now comfortably explore convergence projects.

• Smartcards function as a platform for multiple uses: corporate ID badges, building access, computer and network access, and more.

* New technologies open up new opportunities for efficient identity and privilege management, security monitoring, and trouble detection.

* A team comprised of members from the two security groups should coordinate their efforts in complying with common standards and regulations.

* Convergence extends beyond products. Organisations can develop joint awareness and training workshops addressing common security concerns: social engineering, proper document and data disposal, workplace harassment policies (including e-mail and Web use), and more.

* The convergence market will grow rapidly during the next five years as enterprise risk management points more companies to greater security efficiencies and effectiveness.

* Vendors of physical or logical security controls ought to investigate trends and seek out convergence applications for their respective technologies.

Note: The most successful convergence projects allow the respective physical and IT security departments to retain their autonomy. In other words, convergence happens best as discrete projects, not as a converged security organisation encompassing corporate and IT departments. See the 10 December, 2003, Planning Assumption 'Trends 2004: Limited Convergence of IT Security and Corporate Security'.

Reference: Forrester Research 2005.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A customised solution for backup power
August 2019, Specialised Battery Systems , News, Integrated Solutions
Specialised Battery Systems designed and implemented a bespoke solution for Stallion Security Electronics to deploy at almost any site.

Augmented security with drones
August 2019, Drone Guards , Editor's Choice, Integrated Solutions
Drone Guards is moving into an untapped market of using drones to secure residential estates and other high-value assets such as mines, farms and commercial properties.

10 things to consider when shopping for a VMS
August 2019, Genetec , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Today’s video management systems (VMS) provide a wide range of tools and capabilities that help make security personnel more efficient by allowing them to focus on what really matters.

Residential security – caveat emptor
August 2019, Stafix , Integrated Solutions, Security Services & Risk Management
When it comes to improving your property’s security, make sure you take all the options into account as you build a layered approach to keeping people safe and assets secured.

End-to-end security solutions for residential estates
August 2019, Elvey Security Technologies , Integrated Solutions, Residential Estate (Industry), Products
While there are a multitude of security options available for residential estate body corporates, unfortunately the solutions are not always able to integrate seamlessly, resulting in a hotchpotch of disparate systems.

Integrated residential estate surveillance
August 2019, Forbatt SA , Integrated Solutions, CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
Integrated solutions bring the best-of-breed out of each technology to give personnel all the tools they need for access control management and security.

From fog to foxes
August 2019, Axis Communications SA , Perimeter Security, Alarms & Intruder Detection, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
What makes radar devices so valuable is the fact that they can provide a high range of accurate data while barely relying on external factors, such as weather or light.

Communications management within your security platform
August 2019, Genetec , Integrated Solutions, Residential Estate (Industry)
In the physical security industry, communications management systems, such as intercom solutions, are becoming an integral part of developing effective and comprehensive security strategies.

The hidden claws of proof of concept
August 2019 , Editor's Choice, Integrated Solutions
Proof of concept is a proven methodology for testing new technologies, but it isn’t perfect, and it can be more of a hindrance than a help.

Local manufacturing – challenges and opportunities
August 2019, Centurion Systems, Technoswitch, ZYTEQ Fire , Integrated Solutions
Local companies manufacture a diverse range of products for the security industry, and although they face challenges, there are opportunities out there too.