Physical and IT security teams merge

Published 25 October 2006

Guards on patrol are now instructed to keep an eye out for open wireless networks and passwords written on sticky pads; $1.1 billion spent each year on bringing the two cultures together, but problems remain; integrating building and network access an emerging trend

Nevermind the steretypical assessment of security guards as mindless bohemoths and IT security professionals as skinny, bowtied gurus. The division of labor between them is narrowing, experts say, as companies become wise to lingering IT security threats on office premises. Laptops are left open and on at night, passwords are jotted down on sticky pads, and wireless hubs are left open for anyone to use. IT managers can address these problems with employee training and sternly written letters, but only consistent canvassing can ensure their directions are being taken seriously. That is where the guards come in. Many companies are now briefing their security personnel to be on the look-out for such breaches. So much so, in fact, that companies spent about $1.1 billion last year on projects to meld physical and computer security, up from $506 million the previous year.

Not that it has been easy. One problem is a lack of common language between guards and IT professionals. “IP”, for instance, means intellectual property to security officials but information protocol to IT managers. Jealousy is an issue as well, especially when the guards learn that their salaries are below those of IT security personnel. “One of the things I failed to anticipate is, that [situation] created a morale issue between the two groups,” Howard Schmidt of Microsoft said of his own attempt at security cooperation. “It became an us-versus-them thing, instead of a big-happy-family thing.”

Naturally, a number of vendors and integrators now offer solutions of their own. Cisco Systems recently announced a partnership with Swedish Assa Abloy AB, a Swedish lock maker, to help companies combine the two kinds of security more easily; and Lexington, Massachusetts-based Imprivata Inc has its own partnership with Tyco International, S2 Security, and Lenel Systems International. “Both partnerships will let companies integrate physical gateways, like doors and turnstiles, with the systems employees use to access the corporate network,” the Wall Street Journal reported. Imprivata’s system, for instance, deals harshly with those who neglect to swipe their badge when entering the building: They are barred from the company network. That is rough, but no doubt nobody ever forgets a second time.

-read more in Vauhini Vara’s Wall Street Journal report (sub. req.)