The IT manager's role in physical security integration
When I started my 10-year career in IT, it was common in smaller companies to see IT departments managing physical security. IT teams knew when new staff were onboarded and offboarded, and access control was just another task to add to their processes. While larger organizations had IT departments as well, they also may have leaned more on a facilities department or even dedicated physical security staff.
Since then, the worlds of physical security and IT have converged. While some of this system has stayed the same, there’s been one major change: regardless of who’s in charge of managing physical security, IT is involved by either owning the system or individual parts of it -- tasks like network or server provisioning, database management, backups and firmware upgrades. Enterprises are starting to understand this convergence and that they must take a more active role in security and where it fits in the organization’s overall strategy. Teams responsible for security -- both physical security and IT -- will face increased calls to work together and address their companies’ ever-evolving security needs.
Physical Security Integration Needs IT
Technology has driven much of the convergence between physical security and IT, and it will only grow from here. Projected to exceed 18 billion units by 2022, IoT devices have become the future of physical security. These devices and their upgrades are requiring more network resources than ever before. Each device also presents a new vulnerability for bad actors to exploit -- leaving your company potentially exposed.
It’s a problem companies know they need to address. Cisco’s recent research found that 94 percent of companies recognize they have further to go to implement effective security. While some responsibility will fall to physical security staff, IT managers need to consider their roles in fulfilling this need. Company leadership and strategy are targeting increased security, and if IT wants to stay ahead of the game, then managers will want to break down walls between them and physical security.
How IT Managers Support Physical Security
There’s a fine line between helping and overtaking, which can make both physical security and IT teams nervous about their jobs and responsibilities. But IT managers can lead the way by taking a few critical steps toward forming a healthy relationship with their physical security counterparts.
Explore Training Opportunities
The number of security devices with network needs is already tremendous and will only increase over time. IT managers not only must know about these devices but also understand a company’s security environment -- which can quickly overwhelm them.
Far more information is available online now than when I started investigating security. Most device manufacturers and integrators have produced training programs and how-to guides -- these should be your starting points for learning about security. Through research, you’ll learn why mantraps matter in a building, and how many cameras it takes to surveil an exterior, as well as learn how these devices consume space on your network.
If you haven’t done so already, you can introduce yourself to the physical security team and ask them about their chosen products and security environment. You’ll discover much more about the systems already running on your network, and you’ll build the groundwork for an important working relationship.
Create Policies with Physical Security Teams
When several remote cameras are scheduled for simultaneous upgrades, do you know the performance impact it’ll have on your network? Questions like this are why you should be establishing criteria for what devices you allow on your network and how you monitor network performance.
Communicating with the physical security team can help IT managers create better and more informed guidelines about the relationship between installed security devices and network usage. Good policymaking can lessen the fears some may have about IT taking on too much of the physical security team’s job. You’re able to outline how your teams interact and collaborate to successfully manage new devices and monitor performance.
Regularly Share Information with Physical Security
IT managers not only should know what’s happening on the network today but also what devices might be added in the future. Regularly sharing information between IT and physical security creates a stronger relationship and makes planning easier. When I managed an IT team, I would set up quarterly meetings with my physical security counterpart. We would exchange information about security throughout the company and determine what resources would be needed for upcoming projects.
This cadence was useful when my team was tasked with setting up new wireless access points. Since we were already running cable, I asked my physical security counterpart if they wanted to add camera coverage. They did, and we worked together to easily add their devices to our network.
Our IT team was also part of the planning process -- we got ahead of needs rather than getting looping into the process when it was too late. For example, if physical security wanted to add 10 new cameras to a building in the next budget cycle, I planned for IT to have the port capacity, bandwidth and storage to accommodate new cameras.
As companies get more serious about planning and implementing security measures, IT managers should take it upon themselves to learn about the security environment, create relationships with their physical security counterparts and regularly share information and plan together. This helps ensure physical security and IT are both meeting their goals and preparing for their company’s future security needs.
Andrew Gibson is a Solutions Engineering Consultant at STANLEY Security, a provider of integrated security solutions defining the future of the security industry. Gibson has more than a decade of experience working in the security space with a background in a variety of areas including physical security, IT infrastructure, IT operations and project management. In his role with STANLEY Security, Gibson works to design and implement SaaS-based security solutions that protect customers from a variety of security threats. Acting as an IT and technical liaison for SaaS solutions and implementations, Gibson helps customers successfully navigate the convergence of IT and physical security environments.