Home > Security Topics > Deployment Strategies

Deployment Strategies: Blog

Get updated when new blog entries are added.

Subscribe to the Deployment Strategies: Blog RSS feed.

Feb 01, 2008

RSA Conference Europe 2007: Steve Hanna podcast

Photo - Steve Hanna Steve Hanna is co-chair of the Trusted Network Connect Work Group and a Distinguished Engineer for Juniper Networks. He presented Extending Network Access Control and participated in the TCG seminar, Implementing Trusted Computing: A Guide to Adding Trust and Security to Your Enterprise.

listen / download now (5:56)

Post a comment

Aug 10, 2007

Are We Asleep?

Tim Mather, Chief Security Strategist, RSA Conference

It appears that many of our information security colleagues are effectively asleep when it comes to the concept and reality of “convergence”. Many of us are also not “on the same page” as our physical security counterparts when it comes to “convergence”.

Post-September 11th, there was a heightened sense of awareness about the need to better fuse information and physical security. There was a lot of discussion about the need for such, and some companies even merged these two previously separate groups. The role of CSO became “in”. So where are we now, six years after the tragic events of September 11th?

On the information security “side” of the equation, convergence seems to have been forgotten. Indeed, in the trade press that covers information security in depth, it is relatively rare to see articles about convergence. And, when those articles do appear, many times they speak not to the convergence of physical security with information security, but to the integration of information or logical security capabilities.

However, on the physical security “side” of the equation, the situation could not be more different. I’m reminded of the old real estate adage: location, location, location. In the trade press that covers physical security in depth, the mantra is convergence, convergence, convergence. It is uncommon not to see articles about convergence. And, unlike their information security counterparts, these articles speak “loudly” about the need for, and benefits of, the convergence of physical security with information security.

Clearly, there are “cultural” differences that remain between the two formerly distinct professions. Physical security personnel rarely had an IT background and were most often from law enforcement. Physical security personnel were often derisively referred to as the “guns, gates, and guards” by information security professionals. Likewise, information security personnel often had little understanding or appreciation of physical security. If information security was ‘white collar,’ then physical security was viewed as ‘blue collar’. OK, let’s get over it. The fact is that we both need each other. It is hard for me, as an information security professional, to protect my data centers and other critical IT assets without physical security. Likewise, the days of old, when physical security assets were not on the network, and even if they were on the network, were hopelessly stove-piped, are over.

I suspect that part of the reason why information security professionals seem to have “forgotten” about convergence (i.e., physical security converging with information security – and not merely the integration of information or logical security capabilities) is that the perception remains that physical security needs information security a lot more than information security needs physical security. I think that perception is wrong. If you doubt me, then I invite you to join me next month at the ASIS International Conference in Las Vegas. Yes, that's right – an information security professional is attending a traditionally physical security conference – and I won’t be alone.

Home > Security Topics > Deployment Strategies

Deployment Strategies: Blog

Explore Deployment Strategies: