A Meeting of Two Cultures with Identical Goals

I recently conducted a joint security discussion at a $5 billion beverage company. I moderated the discussion, which was between the physical security organization and the data security organization. The physical security personnel fit the stereotype of burly, blue collar and rough hewn language skills. The data security folks also fit their stereotype: brainy and articulate. Yet, during the meeting, it became clear that the physical security folks had a lot to offer the IT people. It is true, the physical security folks might be able to persuade, but it was clear to me and to the IT people that physical and data security can and should work together.

We found that physical security had skills in conducting risk-based assessments that were sorely lacking in the IT people. We also discovered that the physical security people would immediately view change procedures as an area of high vulnerability. Yet, such procedures at this company were incomplete and inadequate. Finally, the parties reached consensus that third-party oversight might benefit IT's security efforts.

Convergence is a term used to imply the integration of physical and data security. Most people think this means the integration of entry control systems for facilities and the computer network. In the case of this global company, convergence means integrating the two organizations in a way that allows both to contribute to improving the protection of assets.