Has convergence been achieved in security? Why or why not?
Editor Introduction
In today's interconnected world, the lines between physical and digital security are blurring. This means that threats can easily exploit vulnerabilities in both realms, potentially causing significant damage. That's why the convergence of cyber- and physical security systems is becoming increasingly important. It has already been a topic of discussion in the security market for more than a decade. To get a reality check, we asked this week’s Expert Panel Roundtable: Has convergence been achieved in security systems? Why or why not?
Even if it’s not complete, convergence in security systems is thoroughly underway as segregated networks have proven costly and impractical. This shift towards integrated networks for both IT and IoT devices is driven by the demand for total usability from a system, which true convergence would provide. However, managing multiple vendor devices in the name of convergence presents a challenge, and the high resource intensity of onboarding and maintaining numerous devices throughout their lifecycles will need a specific solution to make everything cohesive. If organisations want true convergence, they’ll need to enable automated installation, security, troubleshooting, and streamlined processes. While progress toward this goal is evident, the extent of convergence varies, and organisations must navigate ongoing challenges to achieve widespread and effective security system integration.
Convergence might just be the word of 2024. While it’s something the security industry is striving towards, I don’t believe we have achieved complete convergence across the industry yet. For us to get there, we all need to continue working toward workflow efficiency and making life easier for our security operators. We can do this by stepping into the future with new technologies such as AV over IP and AI. AV over IP is benefiting control rooms, giving them the ability to share and stream video data anytime, anywhere. Also helping to achieve convergence are promoting partner integrations and allowing for seamless integrations among multiple partners so customers can receive the results they need.
A decade ago, most physical security systems in larger organisations were managed by specialised teams in security departments. The transition to network physical security systems has meant that information technology (IT) departments are taking greater responsibility for managing physical security systems. We are starting to see the breakdown of siloed departments and systems as IT and physical security departments are on a path to convergence. With data breaches rising worldwide and privacy regulations evolving quickly, the need to have a coordinated approach is important. According to an ASIS survey, 76% of chief information security officers (CISOs) and chief security officers (CSOs) believe that blending the cyber and physical security functions will strengthen the performance of security management. Hence, forward-thinking organisations are increasingly adopting open, unified, and cyber-secure physical security platforms that can support convergence strategies.
Convergence in security refers to the coming together of different factors so that physical security departments can stay ahead of the curve to protect the business. Those factors include good business practices to efficiently manage new technologies that physical security requires while also serving the overall organisation beyond only security. Convergence is a process that involves involving different departments in the business so that costs may be reduced. For example, physical security can help other departments achieve their mission using security cameras and thereby have a larger budget to make additional purchases.
While the level of convergence between IT and security departments varies with every company, it should be part of any organisation’s plan to more efficiently collaborate and share information that protects the company network infrastructure. Typical barriers to convergence exist when security and operations are siloed from IT. This can be due to cultural differences, competition for resources, or a lack of understanding between teams. As video surveillance, alarm, access control, IoT, and business intelligence systems become increasingly integrated, the need for convergence grows even stronger. A collaborative incident response plan that includes protocols for both IT and physical security can be a good first step to bring disparate groups together and find common ground. Some sectors, such as healthcare, finance, or government, have strict compliance requirements that can compel collaboration between teams. Ultimately, leadership should mandate that these core functions work together as effectively as possible.
Convergence has been a goal of the security industry for decades, but achieving it has proven to be easier said than done. Security teams are overwhelmed with all the data available from current technology, and because of this cannot always make the best decisions. Only through an integrated approach can convergence be achieved. True convergence requires dismantling siloes and bringing together both cyber and physical security systems and teams to create a harmonious suite of security solutions that share data for analysis and real-time insight.
The gap between IT and physical security is narrowing. An important function of an integrator is to facilitate collaboration and understanding by supporting the goals of both departments in any project. This can be challenging based on how siloed the IT and the physical security teams are within an organisation. We invite stakeholders to regular meetings and build consensus around unified security policies that cover both IT and physical security aspects. Most physical security professionals are trained to understand the basics of networking and InfoSec requirements. Because cybersecurity threats evolve so rapidly, security operators must partner with InfoSec teams fluent in cybersecurity best practices, policies, and protocols. Organisations can no longer afford to have physical security and IT not operating in lockstep together. The promise of 5G and bandwidth becoming economically capable of supporting advanced analytics and evidentiary or archival cloud storage will be one of the next steps in driving complete synergy.
Although we've achieved a greater convergence with IT functionalities, there is still work to be done for organisations to achieve convergence across security realms that include both cyber and physical. The evolution of threats and technology requires constant adaptation and innovation in security strategies. The best way for physical security companies to continue to work towards convergence is to put IT at the centre of their business. It's not a luxury but a necessity for businesses to prioritise cyber security, and that starts with finding inherently secure technology.
The convergence of information and cybersecurity systems with physical security systems and financial risks is not a new topic. Over the years, there’s been work done to collaboratively address not only information and IT security but also physical security and financial business risks (such as those mitigated with corporate insurance and fraud investigators). Some organisations have achieved full integration of these three risk areas, while others have not even started. Some organisations have created more separation within these areas than ever before. However, given the inherent overlaps and integrations that result from current practices and solutions (such as using “smart” IoT products, quantum computing, and AI), organisations must start including all these areas as part of the full risk management team. These areas need to work collaboratively, with not only awareness of each other’s areas’ activities and plans but also being viewed as key stakeholders whose input must be obtained before products, practices, and other types of operational changes are made.
Too often, cyber and corporate security teams work in silos in a way that hampers their ability to benefit from each other’s expertise fully. Unified cyber and physical security efforts are rare, and this isolation weakens their ability to identify and mitigate threats effectively. Imagine the power they could unlock by connecting their systems, tools, and data. Unified teams would gain a comprehensive view of pre-incident indicators and potential threats, allowing them to proactively forecast issues and protect their business and operations. While many organisations are starting to bridge this gap, true convergence remains a hidden treasure waiting to be fully unearthed. Evolving threats and tight budgets pose hurdles, but they also emphasise the urgent need for synergy. Connecting cybersecurity and corporate security efforts around shared business goals unlocks a powerful hidden ability: true resilience. This unified approach empowers organisations to proactively manage risks and navigate the complexities of our interconnected world, building a safer and more secure future for all.
Do we even have a standard definition of what we mean by “convergence”? That is where I would start. The general definition of convergence is the security of the digital and built environments converging into a single operation. This has not been broadly adopted because of limitations in physical security technology that prevent it from operating in the same way as IT and cybersecurity tools. This gap has existed for various reasons. Primarily, the end users of the products are different; there are very few organisations where these two security functions are being fused. Therefore, the tools are designed for separate end users and are being developed with different priorities and desired outcomes. However, in the past three to five years, we have seen a critical shift in how physical security tools are being designed and how they incorporate IT/cybersecurity concepts. Around 2017, we began to see more physical security technology companies publishing hardening guides – these provided configuration options for their products to reduce the threat vectors and increase their cybersecurity hygiene. Now, we are seeing physical security products that are built with cybersecurity in mind – not only the secure nature of the product but how it may be incorporated into a converged security programme. So has security convergence been achieved in security systems? No. But we are better than we were five years ago and are on the right path.
Convergence in security systems remains a complex concept due to the varied interpretations of what this means, all depending on whom you ask. While significant strides have been made, achieving true convergence remains a vision rather than a realised state. Convergence involves seamlessly integrating diverse security technologies like video surveillance, access control, video analytics, and more into a unified platform. Yet today, many security systems still operate within isolated silos and struggle to integrate with technologies from different vendors. Breaking down these barriers and achieving convergence is hindered by proprietary technologies, legacy systems, lack of standardised protocols, and rapid advancements in AI that introduce new players into the market regularly. Despite these obstacles, the industry continues to move steadily towards convergence. Driven by the demand for comprehensive security, the market is seeking simplified solutions that drive convergence as they enhance overall security, improve efficiency, and bolster business continuity.
There are many different types of convergence within security systems, but I think the most important area of growth is multi-purpose systems, where the same system can be used for different use cases while using the same method of communications and interfaces. With ONVIF, we have a fantastic tool to unify the different parts and pieces of a security system, compared with the fire industry where there are not a lot of common interfaces today. And as we look further into unification of sensors and systems - surveillance, intrusion, fire, etc. - these common interfaces will continue to drive a higher level of convergence than we have today.
Editor Summary
By converging cyber- and physical security systems, organisations can mitigate risks, protect their assets, and ensure the safety of people and property. It's important to note that convergence also presents challenges, such as the need for new skills and expertise, integration complexity, and potential data privacy concerns. However, the benefits of a converged approach outweigh these challenges, making it an essential step in today's security landscape. If we can ever get there!
Assuming 100% represents total convergence of physical security and cybersecurity systems, how would you rate the current level of convergence between these disciplines industry-wide?
- Related categories
- CCTV software