We live in a converged world; our personal data and our business data are frequently comingled. Companies have a BYOD policy that permits you to use your personal device on a company network. Frequently, there is little distinction between work time and personal time, and employees are permitted to multi-task in business environments to improve productivity and quality of life. We use our phones and laptops as our personal information vault to conduct our banking transactions, serve as ID cards, boarding passes and virtually anything that requires electronic authorization. Enterprises realize tremendous benefits from this convergence as well as some serious downsides, but the trend is irreversible.
The security industry, on the other hand, has come kicking and screaming into the converged world. Physical security and cyber security professionals interact when they have to but typically the worlds remain apart. However, the data, the electrons and virtually all their respective systems share exactly the same networks, without the benefit of correlating the information flows to provide better surveillance, domain awareness and security for the enterprise. For example, we all use access control systems in some form or another – receptionists at a desk, security officers at a door, card readers, biometrics, or all of the above. The original approach: a dumb panel and a single PC basically decided who can get in a door. It worked, but was unintelligent – it could not recognize anomalies nor could it provide real domain awareness. In today’s security environment, enterprise security leaders need more than to control who comes and goes, they need to know who is attempting or accessing areas that they may not have legitimate reason to do so. They need to correlate an employee’s access to a building in one geographic location with the same employee’s sign-on to their computer from another geographic location to detect a potential unauthorized entry.