It's true that the people who control building access from security desks and those securing computer networks both watch traffic and walk perimeters to safeguard an organization's assets. But now, technology, tighter security controls, federal regulations and potential cost benefits are bringing the two traditionally separate worlds together--and the convergence is driving industry alliances that may have seemed unusual in the past.
Oracle, for example, has partnered with Honeywell and Lenel to make its identity and access-manager software work with the physical access systems sold by those companies. A similar announcement from Novell and Honeywell is expected in coming weeks.
"It used to be the guns, gates and guards versus the bit chasers and the hacker trackers," said Howard Schmidt, president of the Information Systems Security Association, an international group of IT security professionals. "Technology has fundamentally changed the way all those groups do business. We're much more united today than in the past."
Unifying technologies includeand that tie into the same systems used to grant network access, said Schmidt, a security consultant who has served as cybersecurity adviser to the White House and ksecurity executive at Microsoft and eBay.
"We're seeing the technologies that used to be restricted to physical space--the cameras, the alarm systems, the card readers--all of which were unique to a hard-wired analog environment, moving into an IP-based digital system," Schmidt said. The Internet Protocol, or IP, is used to connect computers on modern networks.
Software can, such as somebody sneaking into a building behind another person who just swiped a security badge. Also, a can replace multiple access systems and passwords. One badge, or smart card, could be used to enter buildings, log on to networks and buy lunch in the campus cafeteria.
Removing security silos
"It is all about removing the silos around security," said Wynn White, vice president of security and management products at Oracle. Many software applications already let users sign on with a single password--the integration of physical and logical security takes that several steps further, he said.
Through integration, organizations will get a better view of their overall security, said Geoffrey Turner, an analyst at Forrester Research. "You now are able to follow through in securing both tangible and intangible assets," he said. Ultimately, this should provide, as well.
One benefit: instead of discovering that an employee who left a company months ago still has an e-mail address or building access, access to all resources can be severed with a single action, White said.
Aside from technology and demand for tighter controls, the convergence is being driven by regulation., issued in 2004, includes a requirement for automated and secure user credentialing at federal agencies. As a result, the government is leading the move, but the private sector is close behind, according to Turner.
"This is a real trend; there is a sense of inevitability about it, but it is slower than everyone thinks," Turner said. "The private sector has some breathing space. But they need to watch the government."
The next two years will be important in bringing together the security disciplines, Turner said. Companies such as networking giant Cisco Systems, along with software makers Microsoft, Novell, Sun and Oracle will play a key role, he said. They will partner with the likes of HID Global and Honeywell, makers of physical access systems, he said.
"I can hear the elephants dancing, and I know there are a lot of discussions going on," Turner said. "But we were anticipating more partnership announcements between companies this first quarter than we've actually seen."