Why Convergence?

Physical security and data security organizations typically work independently of each other. You know this to be true since you see at every company you have ever worked at, unless it is IBM, Microsoft and just a handful of others. Well, let's take a look at some obvious security events that never get detected in the typical (unconverged) environment:
1. Bob does not badge in to work today, but someone accesses data and applications normally used by Bob. This is probably not a security event in your company.
2. Bob gets up from his computer workstation, leaves the building to go home for the night. He even badges out. Bob’s computer continues to run just as though he went down the hall to use the restroom. Would this be true at your company?
3. Bob works in customer support, yet he uses the computers his department to access files that are normally accesses only by people in accounting. These two departments are on separate floors of the building. Would this be a security event in your organization?

These three examples illustrate how the separation of physical security and data security creates a set of vulnerabilities that ought to embarrass any security organization that claims to have performed a risk assessment

.