Home » Identity & Access » Access Control

The Architect: How to Design a Secure Facility

Imagine being able to layer security into your building the way you do the plumbing or wiring. Genzyme's Dave Kent doesn't have to imagine it-he got to do it.

By Scott Berinato

Page 3

"It's going to be something else," project manager Gordon Brailsford says with a fair bit of pride. "I've been told not to be surprised if Hollywood calls to shoot movies here."

"The building is going to attract attention," Kent says, pondering the security risk posed by a Hollywood crew skulking around at all hours or by a corporate function hosted in the atrium. As with the glass exterior, one man's gorgeous aesthetic statement is another's risk management question.Foundation Kent was director of corporate security at BBN Technologies eight years ago when Genzyme, then an adolescent biotech company specializing in developing drugs for rare genetic diseases, hired him (he has since added vice president to his card). Not long before Kent was hired, some intellectual property had gone missing at Genzyme.

Kent has a security professional's linebacker mentality, but it's as if he's playing touch football. Which isn't necessarily a bad thing. In fact, none of the clichÃ©s about security guys fits Kent, save the fact that he owns a black leather jacket and on the bookshelf in his office are volumes such as The World's Most Dangerous Places and Germs. In the context of his role at Genzyme, both are reference books. Flawless Consulting is for professional development. He is tall, quiet and affable in such a way that, after he disciplines you for some boneheaded security gaffe, you just might want to thank him.

He'd never say it, but he probably wasn't surprised by the intellectual property theft. Upon arrival, Kent found a company with 13 different access systems and dozens of people authorized to give out access credentials. So, first off, he eliminated 12 of those systems in favor of one, which provided some dramatic ROI and quickly validated why he was hired in the first place.

But Kent took the job with grander ambitions. He took the job because, as he says, "this is much more fun than an old company where the walls are up already." He knew Genzyme was growing, and he wanted to broadly affect its growth. He wanted security to be integrated into every aspect of that growthhiring, partnering and building. His plan was no less ambitious than to get every employee thinking about security intrinsically. He wanted security to be, as he puts it, "the ugly little tugboat that turns the Queen Mary."

That wasn't easy, but it also wasn't impossible. After all, Genzyme hired Kent because of a major security breach. Clearly, the company would invest in preventing another such disaster (stealing intellectual property from a biotech company is like stealing money from a bank, only worse; ideas about how to cure rare diseases aren't replaced as easily as cash). Then again, security awareness has a half-life. The further an incident recedes into the past, the harder to keep executives' collective attention.