Converged security pays dividends

By David Ting, Network World
June 14, 2007 04:33 PM ET

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Security convergence — integrating building- and IT-access systems -— is supposed to make life easier for everyone: IT, building security staff and employees coming into the office each day.

But two big questions loom:

* Will security convergence force employees to change their routines and learn entirely new ways to work, thereby lessening productivity before it can be improved?

* Can security convergence be used by organizations to enforce policies that have been unenforceable previously and therefore not truly effective?

Related Content

Benefits of converged physical/logical security

•	Allows for instant user lockout from physical facilities and network IT assets; eliminates latency between badge revocation and IT deprovisioning.
•	Provides two trusted sources for authentication to the network.
•	Enables location-based authentication, ensuring specific users accessing network resources in an office have actually entered the building; Prohibits remote VPN access if that person is already in the building.
•	Enforces antipassback/tailgating policy.
•	Improves auditing and compliance reporting by enabling consolidated reports for physical, network and remote access.
•	Promotes subtle changes to employee behavior that increases overall security.
•	Strengthens ability for companies to enforce poorly followed security policies.

Click to see:

Regarding the first big question, it has been assumed that combining physical and logical systems will add more mundane or complicated processes to the lives of users and existing building-security staff, or at least involve changing daily routines.

That’s a death knell because of people’s resistance to change, which already has rendered many security advances irrelevant. So, it is incumbent on vendors to deliver systems that are not just functionally useful but also behaviorally digestible. Processes have to be very similar to what employees are doing already.

Subtle behavioral changes will be forced by the shift to a converged system, but the changes should build on familiar technologies and processes rather than require a complete reeducation. Done correctly, convergence takes advantage of existing physical and IT infrastructure and technologies.

For instance, if employees flash badges at door sensors when they enter a building, requiring them to do something similar to get into applications will be better received than would be forcing them to punch in a new number at the gate every day and then remember a password that changes daily to gain access to the resources they need.

To accomplish this change in the least disruptive way, physical and IT security systems are best integrated at the system level, merging them with minimal disruption. Using existing security infrastructure minimizes reinvestment requirements and extends the ROI of that infrastructure.

Employees may still need to learn some new procedures. However, extending physical-security technologies, such as ID badges, for use with IT security to protect logical assets, such as data, application and networks, can result in stronger overall security that’s established via nonintrusive means.