Rising role of IT
17 December 2018
Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day operations, says Luc Merredew.
Physical security professionals have long suspected a shift toward increased involvement of the IT department in physical access control and this is supported with recent research from a survey¹ of IT professionals, which indicates that IT departments are more involved than ever in an organiation’s physical access control decisions and implementation.
According to the survey, a slight majority (55%) reported IT as primarily responsible or having shared responsibility for access control within their organisation. IT leaders are tasked with spearheading not only the protection of their company’s network, and cybersecurity- related initiatives, but also those set forth by the physical security department to protect employees, visitors and assets from internal and external threats. The study finds that the IT department will increasingly play a role in physical security to influence technology decisions (76%) through the integration of access control within the ecosystem (72%), by implementing access control technology (59%), and through the management of access control systems (39%).
According to 85% of survey respondents, IT leaders are also increasingly responsible for physical security budgeting decisions. The numbers speak to a trend to a more collaborative approach to access control and physical security solutions. Questions of connectivity, cloud-based vs. on-premise hosting, and capital investment vs. operating expense are common in this organisational environment.
While a majority of respondents’ organisations (67%) have a dedicated physical security team or person in place, 55% reported that IT was at least partially responsible for physical access control within the organisation. Of those, 26% reported that IT was primarily responsible and 29% said that IT and the physical security departments shared responsibility. In organisations where IT is not yet involved in physical access control, 36% reported that IT will play a role within the next year to five years. This indicates a fundamental shift in how organisations manage physical security.
As this fundamental shift takes place across organisations, there is a need to establish a holistic security approach with regard to decision-making. In this approach, the emphasis is on the entire breadth of a security solution, not just access control’s potential to be the weakest link in an otherwise sophisticated network security strategy.
Nowhere is this shift as critical as in the process of setting budgets and allocating money for capital investments in IT and physical security infrastructure. Almost 44% of participants reported that both IT and physical security shared investment decisions related to physical access control, while 41% reported that IT is the primary decision-maker on these investments.
This shift is logical, as physical access control systems become more and more involved with larger network and cyber security strategies. With this increasing interdependence comes the framework for establishing physical access control devices on par with other connected hardware and software platforms. Legacy access control systems that do not place a premium on the latest security protocols should be replaced immediately in an effort to protect an organisation’s overall security posture.
For many organisations, investments in cameras and card systems are looked at in the vein of longevity. However, as technology evolves and vulnerabilities are publicly revealed, it becomes imperative that physical security equipment be updated on a cycle equivalent to that IT. As such, physical access control systems should continually be updated as needs change and threats evolve.
Critical to the success of a modern physical access control solution is the ability to prevent unauthorised individuals from accessing network-related hardware, while also presenting security directors with the ability to easily add options for emerging technology, such as mobile devices or biometrics. More than 68% of respondents agreed, saying one of the main feature requirements in a new solution is the ability to add or support new technologies in the future.
Today’s organisations must be more collaborative internally than ever, especially within the realm of security. Physical access control decisions and responsibilities are seeing a fundamental shift toward the IT department, requiring both departments to better work together to achieve true security across the enterprise. It is clear the shift toward the collaboration between IT and physical security departments are resulting in a more unified approach to security, which results in a more united front to combat incoming problems.
As a result, IT professionals need to rely on physical security teams for their expertise and support when implementing new technology, while physical security teams must do the same with regard to IT-centric decisions. Additionally, it is critical for physical security teams to demonstrate their value to the overall security posture of the organisation. By focusing on the collaboration between the two departments, physical security teams can retain control over their budgets and investment decisions, as well as the ability to prioritise the safety and security of the organisation.
Similar to the threats today’s organisations face, the needs of these organisations are constantly changing, leading companies of all sizes to the realisation that physical access control solutions must fall in line with the standards that the IT department has set forth to protect assets and people. As new technology is introduced into the ecosystem of an organisation, it’s imperative that close collaboration between physical security and IT departments continue to grow and thrive to meet and exceed the expectations of safety and security.
Luc Merredew is product marketing director, at HID Global. For more information, visit www.hidglobal.com
1. Survey conducted by The 05 Group of more than 1,500 IT Managers, Directors and staff, as well as Chief Information and Chief Technology Officers