Enhanced security effectiveness driven by convergence of physical and logical security functions

A recent research survey shows that increasing numbers of organisations are combining their physical and logical security (sometimes called security convergence), a process that leads to improved efficiencies plus a better return on investment (ROI) in managing risks.

The initiative for the survey was triggered by the new interest in the subject which is being promoted by the ASIS International European Security Converged subcommittee led by Alessandro Lega with the support of eleven members from eight different European countries. “These results – commented Alessandro Lega – show the need to keep the momentum in promoting Security Convergence across Europe. As far as threats are converging from a technological and operational stand point, we need to make sure that corporate security organizations are not going to waste time and resources in fighting each other.

The research – which was carried out by ASIS International Europe and the Information Security Awareness Forum (ISAF) – found that 35 per cent of respondents had fully integrated their physical and logical access control using a single ID/card.

A further 26 per cent of the security professionals indicated that they were developing the technology.

According to James Willison, vice chair of the ASIS European security convergence sub-committee, the aim of the research was to determine how many medium to large enterprises are either operating – or working towards – a converged security strategy in their organisations.

Willison, founder of Unified Security Ltd – who co-authored the report along with fellow IT security professionals Prof. Paul Dorey, Director with Security Faculty Ltd & IISP Chairman Emeritus; and Sarb Sembhi, Chair of ISACA GRA Sub Committee , Director of Consultancy Services at Incoming Thought Ltd– says that the results confirm that approaching two thirds (61 per cent) of organisations are both streamlining and increasing the cost efficiencies of their physical and logical access security systems.
“This is excellent news, as it not only reduces their security risk profile, but also leads to cost efficiencies. And as the ROI on these efficiencies generates cost savings, so these savings can be re-invested into further security technologies,” Willison, said.

“This research confirms our research by Security Faculty that IT security has now reached the level of maturity where it can meet the previously disparate requirements of security and financial control – and that is no mean feat,” added, Professor Paul Dorey.

Professor Dorey also said that the survey, which drew on responses from 216 security professionals from across the physical and information security community in Europe, found that 35 per cent of organisations now operate independent corporate and information/IT security functions.

“The fact that the same percentage of respondents also revealed that previously independent security disciplines now work together on security risks across the business is another reflection of growing maturity of the Information security industry,” said Dorey.

“A recent ASIS/ (ISC)² survey found that 30 per cent of corporate and IT security professionals share a responsibility for security. This latest research suggests that this level of cooperation is on the increase, and that is extremely positive for organisations generally,” Willison added.

Report co-author Sarb Sembhi – who is also a former president of ISACA London – echoed their comments, noting that co-operation and integration of security between the various disciplines is a very important evolution.

“It is an important step, as it means that risks can be identified and their true impact understood with an agreement for action. It means there is less duplication and, as a consequence, improved cost savings can be generated for improved risk management, which is good news in these economically troubled times,” he said.

“It is also interesting to note that organisations with a North American headquarters are more likely than their European counterparts to have converged security functions. A growing trend can also be seen in the UK and Ireland but appears slower in continental Europe.” Dorey added.

The researchers also noted that more than 70 per cent of respondents to the survey agreed that it is important to combine physical and logical security due to the rising levels of blended physical and digital threats being seen on the threat horizon.

This, they say, has significant implications for the way that both physical and logical security people work together – whether it be to deal with blended threats, changes in technology, cost savings or better value to the businesses they serve.