Act Now to Integrate Your Security Data

Over the past five years, I’ve spoken with numerous companies in the IT and physical security industries about their concerns and their goals. Put simply, the physical security and IT functions traditionally have operated in siloes, leading to hesitation about integrating the two departments.

Speaking from personal experience with both functions, I can say with authority that early IT/security engagement pays dividends for an organisation. However, I consistently hear three key themes regarding the hesitation to integrate — all revolving around (you guessed it) data.

Integrate systems sooner, not later
The most common theme is the convergence of IT and security data. Interestingly, most of the individuals who have spoken with me (if not all) have had theories and concepts about why and how convergence should be approached, but very few have ventured beyond theories to implement an actual solution.

From workplace email to security devices and systems, today’s businesses have large IT and security system portfolios that generate huge amounts of unstructured data. This data, though intended to make our jobs easier and more effective, can easily become overwhelming. If companies don’t act soon to ensure that all their systems and technologies are integrated effectively, they face creating a data glut that will make it almost impossible to focus and act on critical information in a timely manner.

Imagine this: An employee badges in at the front door of a company’s London headquarters. Five minutes later, that same employee is shown logging into a secure computer terminal in Los Angeles. If, as at many organisations, the company’s IT and physical security teams function primarily as separate units, they may not catch the discrepancy (and possible breach) for days — a huge and potentially disastrous oversight.

IP data security
The second theme I hear about is data security, mainly associated with the IP enablement of traditional security systems — access control systems, video surveillance, etc. Many traditionalists fear IP-enabling their devices over the corporate network will expose them to threats. These people argue that the network is not secure. Others see IT as a threat to their department (if we allow IT to manage the infrastructure on which the security systems reside, we will no longer be in control).

Yet the truth is that poorly maintained, aging security networks — susceptible to viruses and uncontrollable bandwidth demands — are actually an even bigger threat to organisational security.

Cost of integration
The third theme offered by many traditionalists who avoid newer, more data-friendly technologies is the costs incurred by allowing IT to maintain business-critical applications. Most security departments are used to working with third parties, but this approach is not consistent with the business-critical applications already embraced by other departments.

To ensure consistency, IT (not a third-party security provider with limited company knowledge) should have primary responsibility for overall infrastructure: servers, networks, computer workstations, etc.

In my experience, early IT engagement can actually save companies money over the long term. Here’s how.

• Procurement: IT departments are often on preferred supplier terms with some of the world’s largest IT/technology companies. As a result, their buying power is much better than other departments, enabling them to slip into the role of system integrator.
• Leveraging infrastructure: Whether it means using the company network or virtual machines to host your business-critical applications, leveraging previous investments reduces expenditures and increases ROI.
• First-line support: Unlike most vendor service providers, corporate IT help desks typically operate 24/7 and can triage calls by resetting devices and guiding operators before escalating to an external service provider for a callout charge. If you think about it, this is no different from how your company email, CRM systems (such as Salesforce), and other business applications operate.

The solution and bridge is PSIM
To integrate and optimise security and operational efforts along these lines, one solution that agencies and organisations worldwide are increasingly embracing is physical security information management (PSIM) software.

As organisations invest in increasingly complex IT solutions to manage and reduce risk for employees, visitors, customers, and material assets, PSIM promises to play a central role — unifying and integrating platforms and systems and helping to maximise investments in security and operational solutions. This will push the industry closer to more effective risk management strategies that help agencies and organisations assess, prioritise, and manage risks and needs with a holistic view of the enterprise to improve operations and adapt and respond to ever-changing threats.

Looking ahead to the next 11 months, it is clear that PSIM will serve as a critical tool for organisations and agencies struggling to bridge the gap between their physical and IT security solutions.