What is the future of physical security as adoption of IP and Ethernet interfaces become more pervasive? Many of you are implementing IP technologies at an astronomical pace. In addition, new solutions are now utilizing IT security systems and information to expand your recognition and response capabilities. In a nutshell, the future of physical security hardware and software is moving towards a convergence with both the IT infrastructure (networks, servers and telecommunications) and IT security devices, IDs and policies. What does this mean for you and your staff? Will you be gobbled up into the IT department? Or will you become part of some new merged or converged entity whose role is entirely security – IT and physical?
I don’t think so. A complete blending of the IT department and physical security, access and life-safety will not happen. The two organizations core functions just do not fit together as tightly as that of IT and the old telecommunications group. Think back to the not too distant past, when those two were separate. The telecommunications group dealt with all things involving telephony and telephony based circuits, including voice circuits, PBX’s, 9.6kb lines for mainframes, x.25 networks, and fractional T-1/T-1 lines for the IT department’s bridges/routers. What caused these two to merge, blend and converge?
First was the decentralization of computing resources (away from the glass house of the mainframe) and into the bright world of LAN based distributed servers. Put the server as close to the user as possible to decrease response time and increase flexibility, while off-loading more of the operational costs directly to the user organizations. This required more circuits, more control over the circuits and faster response to ever changing circuit needs.
Next came the paradigm shifting killer application: Voice Over IP (VoIP). VoIP was first implemented as trunk line convergence. Link an enterprise’s inter-PBX trunk lines over the existing data network telecom circuits and bypass long distance charges. Next was the expansion of VoIP to the handset and office desk. As this propagated, the differences in skill sets of the IT LAN engineers and voice engineers blended. IT LAN people needed to learn and understand telephony circuit based communications; they moved into understanding telephony and vice a versa for the telecommunications engineers. The two core functions of these organizations were closely related and not extremely different that the cross pollination of knowledge sets was too difficult.
Now, look at IT and the world of physical security (IP video, access control, life-safety and so forth). The core functions are extremely different and much more complicated to make a full merging/converging as viable as telecommunications and IT.
However, take a look at some trends within the IT world with regards to cyber security. What is happening is the IT security group is being separated out of the core IT group and moved into a functional group under a lead security manager/officer. This is to ensure and limit the possibility of conflict of interest and accountability with regards to Information Security (InfoSec) within the digital world of a LAN/MAN/WAN. These InfoSec groups have a defined role of protecting and preserving the digital information of the enterprise. The physical security organization has a defined role of protecting and preserving the physical property and employees (human life) of the enterprise. Where and how these two come together is in the blended use of knowledge and resources. As more and more IP based surveillance is used, the video (live streams, stored and stored stream retrieval), smartcard use to gain access to buildings, campuses and just to use a computer is going to rely heavily on the enterprises data network.
This sharing or converging of the physical security tools and equipment adds to the potential for a greater ROI (elimination of multiple closed systems). In addition, as the physical systems become more IP open and integrated into the security framework of the network infrastructure, new innovative security (physical and IT) applications will emerge.
In the end, the core competencies of physical security personnel do not easily translate into the core competencies of the InfoSec personnel. What does translate or merge is the core job role of physical security and InfoSec personnel: to preserve and protect. Sometimes to preserve and protect an enterprise’s digital information, a locked door and a camera is just as powerful as a complex password and a random number generator. These two fit together into a common team with a shared goal, just not necessarily in overlapping dual roles like in Telecom/IT. The future of the security organization – physical and IT – can be found in the past, just with a slight twist.