In the world of information technology, there's data and computer security and then there's the overlay of actual physical security -- which encompasses such low-tech items as doors and gates as well as the high-tech access control cards, biometrics and identity systems that secure them.
As the realms of IT and physical security converge, value-added resellers (VARs) face challenges in understanding, marketing and implementing physical security technology.
The corporate physical security market has grown over the past few years mostly due to exploding demand for mobile computing. Notebook computers, which outsold desktops in 2007, require physical security measures that integrate with IT, said Charles King, principal analyst for Pund-IT Inc. The first safeguard is to prevent someone from walking into your facility and walking out with your laptop or PDA -- that's where physical security measures come in.
Demand for physical security technology sky-rocketed following 9/11, when the U.S. government issued Homeland Security Presidential Directive 12, said Guy Vancollie, director of marketing at security vendor CoreStreet in Cambridge, Mass. The directive created a standard for security regulations, bringing physical security to the forefront of company policies and triggering the need for a melding of IT and physical security services, Vancollie said.
Products such as smart cards, electronic locking systems, biometrics, networked cameras and IP-based surveillance are leading services opportunities in integrated IT and physical security.
Joe Heinzen, president of e-Convergence Solutions, said networks have grown sophisticated enough to manage voice and video along with data, leading to the current growth of intelligent analytics and IP-based surveillance.
"At least 70% of the issues you run into in a network are coming from the inside, from the employees themselves," Heinzen said. As a result, physical security is watching over IT -- and integration of the two becomes necessary.
Computer and data locking systems are a big piece of the market. "Computer theft is still the No. 1 cause of data breaches," said Jason Roberts, marketing manager of security device manufacturer PC Guardian, based in San Rafael, Calif. Ben Kayfetz, president of PC Guardian VAR Security Solutions, said that security workers in an organization rely more and more on the IT department. It seems unavoidable that IT and physical security departments work together to protect data, employees and facility access.
New products, such as CoreStreet's Card-Connected Access Control, fuse both realms. The Card-Connected smart cards communicate with an organization's physical access control system and electronic locks through digitally signed data, to monitor both identity and access management.
Many VARs are eager to integrate IT and physical security. "IT VARs are seeing that there is money to be made in physical security," said Chris Laibe, CEO of inFRONT, an access control reseller for Corestreet. But for the channel to successfully converge, IT and physical security VARs must first understand both technologies and markets, Laibe said.
"It is predominantly an education issue," Heinzen said. There is not enough information available for IT VARs about emerging physical security technologies such as intelligent analytics, he said. One solution, he said, would be to integrate management of physical and IT security, but leave the knowledge of specific technologies to separate staffs.
Not all parties agree that any convergence is really necessary, and it remains debatable whether the current integration has been successful. Solution providers face a major challenge on the question of who manages corporate physical security -- is it IT, operations or security staff? Maybe a risk management department? While some VARs see a merging between chief information officers and chief security officers, many companies still manage IT and physical security separately. And that can mean a different sales approach.
"IT and physical security are two fundamentally different disciplines that require completely different approaches," said Andrew Plato, president and principal consultant of Anitian Enterprise Security. Plato said that while physical security protects a well-defined location, hardware or set of employees, IT security depends on an always-changing, unstable environment of networks, connections and data applications. Though convergence between IT and physical segments is possible, he said, the advantages may not be significant.
Vendors and VARs alike feel that shared knowledge between IT and physical security groups will boost the success of convergence. By swapping technical knowledge, management of IT and physical security could then integrate under one protected roof.