An Alternate View

It's better to seek convergence project BY PROJECT, says consultant Steve Hunt

By Todd Datz

April 15, 2005 — CSO — Steve Hunt, former head of security research at Giga Information Group and Forrester Research, has thought a lot about the convergence of the physical and IT security worlds. He recently helped launch 4A International, a security consultancy that aims to help clients with convergence strategies.

Hunt told CSO Senior Editor Todd Datz why he believes convergence works best when companies bring people together one project at a time.CSO:What are the major challenges of converging?

Steve Hunt: Convergence is a fuzzy conceptit's a label we're using to identify those projects that require the cooperation or participation of security and technology groups that previously didn't work together much. It could be the convergence of IT security people, processes and technologies with corporate security processes and technologies. It could also mean the convergence of physical security technologies with IT, such as using identity management software to manage badges. The fundamental question that you ask before launching any security project, is: What's the value that business hopes to gain from the convergence project? Convergence is only a project, a tactical task that may require the efforts and technologies of two groups not under the same umbrella. It just means some people and technologies on one side need to interact with those on the other side. You don't have to merge the departments to the get the value of a convergence project. Is permanently converging different lines a bad idea?

Converged departments are generally a failure. There's cultural tension, social tension, management challenges and a failure to achieve the efficiencies you are hoping to achieve. However, companies that keep the divisions separate and work on tasks together are successful at achieving operational efficiencies and synergies.

But converging teams on a temporary basis still brings management challenges.

There will still be numerous obstacles. Take a one-card systemthe plastic ID badge used to get into a building and into your computer. To deploy that, the team will have to enlist the help of IT experts in public-key infrastructure, directory services, and desktop and client operations. On the physical side, it will have to engage the access control team, the guard or reception desk team, the visitor management team. Also, someone has to design the card.

There should be a clear delineation of tasks among the group because, for sure, the corporate security people who know access control will not fully understand the technology of the card's smart chip. Corporate security will understand the nature of access control, and they can design an IT badge better than the IT people. The great challenge is to make sure everyone knows what their job is.

• Print