Wells Fargo bank offered $100,000 in November to catch a thief who stole the Social Security numbers and account information of thousands of bank customers. While the crime sounds like something that a clever hacker might pull, in this case the crook did his work the old-fashioned way - he broke into a consultant's office and walked off with his computer.

This story, which had a happy ending for the bank and its customers, points to the need for IT security professionals to pay attention to the "guns and dogs" physical security that surrounds their networks. No amount of firewalls, encryption or access lists can stop a criminal who gets into a server room.

"IT guys really have to think about what's protecting their data. How much of that is Cisco or Microsoft or IBM, and how much of that is Pinkerton or Brinks?" says Phil Libin, president of CoreStreet, a vendor that makes equipment to control access to buildings and networks.

Once intruders with know-how are left alone with machines, the game is pretty much over. "I can have a hard drive out of a computer within 5 minutes," says Bill Farwell, head of the digital forensics practice at Deloitte Touche. Keeping data thieves away from your machines is key and requires learning more about securing hardware, rooms, buildings and campuses, he says.

Interest in this convergence of corporate security is growing. At a fall Computer Security Institute conference, a session on general security trends was booked in a room with seats for about 20. About 120 people showed up eager to discuss physical security, says session moderator Terri Curran, information security officer for the Center for Digital Forensic Studies and former chief security officer at Gillette. Government regulations on privacy in healthcare and accountability in financial institutions are spurring this interest. Protecting data is no longer a business-by-business decision; it can be the law.

One hurdle to leap is that people in charge of building security and those in charge of IT security come from different cultures. Many traditional security chiefs are retired cops who apply their knowledge of personal safety to a business. IT security people worry more about who can break into a network electronically, Curran says.