Convergence: The Whole Story

I recently attended a security conference where convergence was a major topic. To my surprise and disappointment, convergence sometimes means using the IT infrastructure to run security applications such as access control and surveillance. What a small view of an important topic!

This view of convergence grounded in the lowest level of operational security: It is satisfied with incremental change that may or may not lead to a direct path of increasing the security of critical assets. This view operates as though automating processes is an end in itself. It runs headlong into the age old IT conundrum of automating a broken process...thereby making things worse.

We all agree, I am sure, that the processes between physical security and data security are so broken that, for the most part, they do not even exist. I encourage all participants in the discussion of convergence between physical and data security to make sure that the processes around security are fixed before or at the same time as the security systems are implemented on the IT infrastructure. That way, you can avoid making the same mistake our IT predecessors made in the early 60's and 70's. Let's learn from our mistakes so that our effort increases the level of protection.