Home > Trends > IT managers taking over physical security

IT managers taking over physical security

A Fortune 500 senior executive told us that physical security in his organization is soon going to be run by IT professionals.  These IT professionals are not experts in physical security technologies, but they are expert in using software and hardware to achieve business objectives – far more rehearsed then their physical security brethren.  Add this story to a number of others we've collected from Global 3000 organizations and it's obvious that security is just another “application.”

Advertisements
Categories: Trends
  1. January 13, 2009 at 3:11 pm

    There is a whole lot more to physical security than just the electronic systems, e.g. access control and CCTV. Who is going to deal with things such as issuing brass keys, fixing doors that don’t lock properly, supervising the security guards, investigating security incidents, screening of mail and packages, destruction of sensitive documents, or the myriad of other things that go into the management of a complete physical security program?
    Even the administrative side of managing the electronic systems themselves can be labor intensive, requiring daily involvement in things such as the issuance and replacement of access cards, giving temporary access privileges to contractors, running activity reports, changing door unlock times for special events, producing video clips for incident investigation, and other such tasks.
    While it may make sense for the IT Department to support the security systems hardware and software, daily administration of these systems, as well as management of the overall physical security program is quite another matter. I think that most IT managers will run (not walk) away from this responsibility once they understand all the implications.

  2. January 14, 2009 at 7:24 am

    It’s no question that the younger generation has picked up (and can pick up)on technology quicker than the old dogs out there, but recall the fiction story in the movie 21. Kevin Spacey, Jim Sturgess and obvious old dog (maybe CPP) and loss prevention manager, Laurence Fishburne, does things the old fashioned way–with facial hardware not facial recognition software.
    The young IT folk, who are put in large roles and know it all, I think may become too big for their britches. They must learn the cost-effectiveness of physical security, along side IT security.

  3. January 14, 2009 at 7:49 am

    Having experienced both sides of the IT vs. Security management debate, I am clear you are vastly oversimplifying the topic. Both groups bring their own specialized expertise to the management of the security processes, but to imply that IT is better suited to lead would be a mistake.
    From my view, a new breed of leadership needs to emerge that will embody the breadth of the security experience–both physical and logical–and thus bridging the current divides. Anything less than this would leave organizations with unacceptable knowledge and operational gaps.
    Rather than inciting IT management into believing they are ready to lead physical security, I would suggest both groups work to become better versed in the others responsibilities and challenges. Let them begin the process of creating the next generation of security leadership.

  4. wondering
    January 14, 2009 at 8:15 am

    I could see this impacting video recording manufacturers and to a good extent some access manufacturers on how they design their products and find target markets. But Overall security should come from a hybrid approach…..otherwise you’ll end up with a state of the art software security solution, and some bloke will have an entry door with the hinges facing towards the outside allowing easy *Physical* access to the building. 🙂

  5. Anthony Brown
    January 14, 2009 at 4:16 pm

    I read with interest the comments posted and it seems that the sentiment of the participants is not accepting/embracing the inevitable. What we need to remember is that the IT industry has been built on process, accountability and management, with budgets that tower over that of physical/electronic security. An example would be if you think that a large firm may have 10000 p.c. login tokens that at one point cost $50 each and the firm would pay without question as the threat outweighed the cost, but tell them their physical access tokens are to cost $8.50, there may be a comment “who’s going to pay for this” and why are they so expensive.
    Also physical management of IT infrastructure is not dissimilar to security infrastructure with the replacement of a lock akin to the movement of a data outlet.
    I will agree though that the “physical” presence required to deliver face to face deterrents is an area that the IT industry will have significant issue with, but with evolution the next generation rarely looks like the past.

  6. Andrew Merrick
    January 15, 2009 at 12:51 pm

    Outsourcing in digital security is a common practice because it is so incredibly specific and ever changing. It is of the highest priority certainly, and therefore necessary.

  7. January 21, 2009 at 8:44 am

    Thanks, guys. I’m turning all this into a magazine column for Security Magazine.

  8. Andrew Merrick
    January 21, 2009 at 10:27 am

    Be sure to include a reference to this URL:
    http://www.justaskgemalto.com
    Here I think you will find the top digital security information out there.
    Good luck with your article.

  9. David Fowler
    January 23, 2009 at 8:18 am

    Steve,
    Often when I hear an IT person say they are taking over Physical Security what they really mean is the growing use of software that is used to help manage the systems. More often I hear organizations are putting a Risk Exec above both the IT Security and the Physical Security groups. As one Global Senior Physical Security exec of a fortune 100 company expressed it to me…”The IT department has no interest in talking about bomb blast coatings on our windows.”

  10. February 3, 2009 at 1:24 pm

    All of these comments are warranted and valid. However, it seems to me to be a sign of traditional physical security managers’ reluctance to embrace IT, IP and other digital technologies, either because they don’t understand it or they feel threatened by it.
    We have seen the gamut, and can vouch that in certain situations physical security may be BEST positioned as an IT function. It is not stated here what type of company the executive works for, or other mitigating circumstances. As Anthony stated, improved process, accountability and management would greatly benefit an industry dominated by law enforcement professionals who may not connect with their fellow business executives.
    I think the more likely path will be a hybrid partnership between physical security and IT, but in many cases IT may be the authoritative figure. Either way, physical security managers must embrace information technology or face inevitable irrelevance.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: