Convergence: The Semantics Trap
Steve Hunt spells out three meanings of "convergence" and notes that cooperation is the one that matters most.
By Steve Hunt
March 01, 2010 — CSO —
George Campbell has so much to contribute to our industry that I hate to see him fall into such a common trap as he did in The Myth of Convergence.
The trap was set by the Networkworld article he was commenting on: Debate rages over converging physical and IT security. That article, while an interesting survey of a wide range of thinking about the role of technology in physical security, made a simple but unfortunate mistake. Mr. Campbell made the same one.
Convergence, as it has been used in the physical security industry for the last decade, indeed how I used it when I introduced it in my keynote address at the 2000 ASIS Emerging Trends conference, is an expression that has three distinct meanings based on its context.
Also see To Security Convergence (And Back)
There are three types of convergence relevant to physical security. The first and highest level is the convergence of physical security with IT—with the computers, software and networks of IT. This is what many of those interviewed in the NetworkWorld article were talking about. Physical security vendors and end users are more and more interested in using systems built on the technologies and best practices of IT. For example, recording video as meta-tagged, searchable data, rather than on analog video tapes.
The next level of convergence brings together physical security with IT security. The NetworkWorld article mixed that in as well. Here we are talking about how the "stuff" of security—IT and physical event logs, video, alarms, output from environmental sensors, etc - is actually data that can be correlated and analyzed and turned into information useful for risk management. A popular new niche of this type in physical security today is PSIM, physical security information management. Of course, IT security has already been doing this sort of thing for at least a decade.
The third level of convergence is the convergence of physical security people and processes with IT security people and processes. Here is where tempers flare. There are of course countless personal and political challenges facing any organization attempting to bring the two security teams together under single management. I should have called it security collaboration back then. Maybe that would have avoided the train wrecks so many of us have witnessed when companies try to merge the two groups.
(Editor's note: We've been dissecting this issue for many years; see Campbell's discussion with Bill Spernow of the cultural challenges in 2003's Cyber Security Versus Physical Security: Smackdown!, which remains entirely relevant today.)
convergence
- Survival Guide: Overcoming the Obstacles to Effective Risk Management
- Utility Mandate: Software Security for the Smart Grid
- Risk-driven Compliance and Security Management
- CyberAttacks ... Are you protected or prepared to pay?
- Bringing Together Security and Usability
- Simplifying Risk Management: Is Your Company Measuring Up?
- The Escalating Risk of the Insecure Web
- Security Protection via the Cloud
- Maximize Security Coverage, Minimize Costs
- Preventing Data Breaches: A SaaS Approach To Secure Unstructured Data
- Pillars of Enterprise Protection: Protecting the Infrastructure
- Proactive Intelligence-Gathering for Enterprise Protection
CSO Corporate Partners
