November 21, 2019
New York – Security teams often still work in silos – with physical and cyber staff working on disparate projects and with varied technologies. But the case for a converged approach is clear as systems increasingly become cloud-based, and the growth of IoT devices further merges the physical with the network.
However, a gap persists between the two sides. Closing it is imperative to a minimizing exposure and managing a truly holistic security program.
At ISC East this week, in a session titled Implementing converged security, a process – bringing it all together, industry expert panelists offered best practices for performing a converged gap assessment and presented ideas for fostering convergence in organizations.
The top priority is getting all stakeholders to the table, from manufacturers to integrators to contractors, said Ray Coulombe, founder and managing director of SecuritySpecifiers, who specifically mentioned that “contractors need to think more holistically.”
Moderator Pierre Bourgeix, CTO and founder of ESI Convergent, concurred.
“There needs to be an enhanced of mindset among contractors. But we all have to start taking responsibility. We are this much away from a world with major collapses,” he said, holding his fingers up to indicate there is little room left. “We have to take responsibility for defining security across infrastructure. We can’t just do this in a siloed way.”
A 2018 survey conducted by ASIS International and HID Global reported that physical security professionals say they work with their IT departments about 60 percent of the time and collaborate to establish security best practices. Still, with a 40 percent gap, there is still much ground to gain on convergence. Coulombe argues security is losing out by holding back on collaboration.
“What we have to move to is understanding that by interacting with other stakeholders, you can enhance security operations, in addition to creating new marketing opportunities,” he said.
Panelist Scott Gross, Security Manager with Con Edison, noted he is frequently asked to justify budget requests. Often doing that requires the input of multiple stakeholders in the process.
“When I go to my senior VP, they ask about the return on the investment for this money I am asking for. I say we are protecting our employees and critical infrastructure. But I also need integrators and manufacturers and consultants to go with me and explain why we need it.”