Converged security pays dividends

Converged security systems can help your organisation, argues David Ting

Security convergence -- integrating building- and IT-access systems --- is supposed to make life easier for everyone: IT, building security staff and employees coming into the office each day.

But two big questions loom:

  • Will security convergence force employees to change their routines and learn entirely new ways to work, thereby lessening productivity before it can be improved?
  • Can security convergence be used by organizations to enforce policies that have been unenforceable previously and therefore not truly effective?
Regarding the first big question, it has been assumed that combining physical and logical systems will add more mundane or complicated processes to the lives of users and existing building-security staff, or at least involve changing daily routines.

That's a death knell because of people's resistance to change, which already has rendered many security advances irrelevant. So, it is incumbent on vendors to deliver systems that are not just functionally useful but also behaviorally digestible. Processes have to be very similar to what employees are doing already.

Subtle behavioral changes will be forced by the shift to a converged system, but the changes should build on familiar technologies and processes rather than require a complete re-education. Done correctly, convergence takes advantage of existing physical and IT infrastructure and technologies.

For instance, if employees flash badges at door sensors when they enter a building, requiring them to do something similar to get into applications will be better received than would be forcing them to punch in a new number at the gate every day and then remember a password that changes daily to gain access to the resources they need.

To accomplish this change in the least disruptive way, physical and IT security systems are best integrated at the system level, merging them with minimal disruption. Using existing security infrastructure minimizes reinvestment requirements and extends the ROI of that infrastructure.

Employees may still need to learn some new procedures. However, extending physical-security technologies, such as ID badges, for use with IT security to protect logical assets, such as data, application and networks, can result in stronger overall security that's established via nonintrusive means.

Regarding the second big question about whether security convergence can help organizations enforce policies that have been unenforceable -- in short, the answer is yes.

Many technology chiefs have put organizationwide security policies in place to try to eliminate bad behavior, only to find these policies difficult to enforce.

Converged security systems can help. Take, tailgating, for instance, when one employee follows another into the building without signing in or badging in. Unless the organization has deployed burdensome (and expensive) turnstile or man-trap systems, which are disruptive to the entry and exit of employees, there is little that can be done to enforce antitailgating policy.

In the absence of turnstiles, it may be socially awkward for an employee not to hold the door open for the next person. If building access were tied to employee access to network resources, on the other hand, staff would be more inclined to badge in each day, strengthening physical security while also better protecting access to information assets.

In addition, converging physical and IT security systems can lead to one access and authentication policy per employee. That's particularly handy in the case of termination, forced or voluntary. Handing in an ID badge addresses both building and IT access.

There will be no worries about former employees retaining logons or passwords they can use to access company files. That again improves security as it enforces existing policies.

With enabling technologies now catching up with the theoretical concept of converged security, more organizations are discussing the effects on employee behavior -- how it will, could and should change -- and the trade-offs involved. It's commonly believed that you must change behavior drastically to improve security, but that's no longer true. In many cases, subtly changing employee behavior in relation to converged security can transform into widespread acceptance and a commitment to tighter security overall.

David Ting is founder and CTO of Imprivata. He can be reached at dting@imprivata.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

David Ting

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?