Convergence: The Use of Both Technology and Physical Security - Research Paper Example

Convergence: the use of both technology and physical security Security convergence refers to the process of integrating two previously distinct functions of security (information security and physical security). Physical security refers to security measures customized to restrict unauthorized personnel from accessing resources, facilities and equipment while simultaneously minimizing the risk of property damage or personnel exposure to harmful situations. Conversely, information security refers to measures instituted to impede unauthorized access to information regardless of the form data is in; for example, physical or electronic data (Anderson, 2007). Unlike in the past, corporate assets are now information-based. This has prompted corporations to integrate both physical and information security measures to prevent unauthorized access to the corporate assets. In addition, the rapid advancements in the technology sector has brought into question the effectiveness of security functions in preventing criminal attacks in organizations. Explored in the research are the implications of adopting security convergence within an organization, analysis of trends affecting security and loss prevention, and evaluation of non-traditional approaches to crime prevention from a multi-disciplinary approach. As mentioned, physical security deters unauthorized individuals from accessing facilities. There are several types of deterrence methods, which function by convincing attackers that imminent attacks on a facility are futile due to the presence of strong defenses. They include physical barriers, security lighting, natural surveillance, intrusion detectors/ electronic surveillance, access control among others. Physical barriers represent the outermost layers of security measures, which include fences, warning signs, and vehicle barriers. Their sole purpose is to delay attacks by acting as psychological deterrents. Security lighting installed at entrance points such as gates and doors deter unauthorized entrants, as guards can clearly see the well-lit areas. Natural surveillance entails altering the design or architecture of a facility’s perimeter to prevent unauthorized entry; for example, the vegetative cover between the fence and the facility’s walls is less dense giving guards a clear line of sight. Intrusion detectors/ electronic surveillance comprise of alarm systems, which function by alerting security personnel when unauthorized entrants attempt to trespass a secured area. Without prompt response from security personnel, alarm systems prove futile in preventing unauthorized entry into facilities. Finally, access control security functions by creating specific access points within a facility for all incoming and outgoing traffic of people. Security guards, CCTV surveillance, ID badges, and code-controlled doors are examples of access control security. Various people define security system integration differently; however, the core presumption amidst all the definitions is the linking of different security systems with the aim of synchronizing the monitoring process. In the past, integration projects entailed linking alarm systems and access control with the Closed Circuit Television System (CCTV) whereby, any violation of the access control triggered the alarm, which in turn turned on the CCTV to record the incident. Presently, integration entails merging logical security (e.g. biometric identification programs) and physical security applications (e.g. access control) into one comprehensive system. This present definition of integration creates the foundation of security convergence. It is important to note that integration does not translate into complete merging of security functions, as suggested by security convergence. For most professionals, full convergence of security functions is impossible; however, integrating the systems enables both the IT and physical security department to coordinate their efforts when working on crossover projects (Radcliff, 2004). Convergence has several implications for security stakeholders (all parties directly or indirectly affected by the different security functions). Cooperation between the security and IT department functions to enhance security. Firstly, integration of security systems in an organization helps to minimize confusion, as the IT team in charge of maintaining security software programs liaise with the physical security personnel with regard to security concerns. Prior to convergence of security functions, teams worked independently on similar security concerns leading to crossover issues. Both teams were at loggerheads pertaining to, which team had precedence over security concerns. With security convergence, both teams pool their resources when conducting investigations whereby, each team enriches the process with their diverse skills and knowledge. Secondly, convergence proves pivotal in aligning security goals with the organization’s overall goals. It is important to note that security is a daily function of organizations, and not just an expense for the organization. Cooperation between the IT department and the physical security department helps to unify an organization’s security goals, which in turn mirror the organization’s overall goals. Heightened security in any organization works as a “business enabler” such that, all relevant stakeholders remain motivated to pursue business ventures without fear of insecurity. For example, after the 9/11 terrorist attack, many businesses stepped up their security measures; however, for some organizations, these measures were simply seen as an added cost to the business. This perspective proved problematic for such organizations because when not viewed as revenue-impacting events, top management fails to take a more proactive stance in their mitigation. Marshall Sanders, CSO of Level3 Communications infers that it is crucial for senior executives to view security as a business enabler in order to create comprehensive security architecture. Finally, convergence of security functions cuts down costs, as it is more cost-effective to handle an integrated system free from duplication of tasks. Despite the benefits organizations stand to gain from convergence, there are certain disadvantages of merging security functions. Firstly, heads of the different departments might perceive integration as loss of control over issues pertaining to the organization’s security. As such, they are prone to resisting integration despite being aware of the impending benefits. More often than not, physical security personnel feel shortchanged by the merging of security functions triggering resentment. In addition, budget related problems arise with the merging of security functions. Prior to signing off on any business related expenditure, top management considers the Return on Investment (ROI). It is difficult to quantify expenses pertaining to security, as multiple departments benefit from the installed security network. For example, it is difficult to appropriate costs pertaining to maintenance, installation of new security features to the various departments. Even worse, top management finds it difficult to resolve conflicts over competing departmental interests. Finally, merging of security functions requires extensive training of personnel. In the past, personnel handling an organization’s security only had to undergo extensive training in physical security. This has since changed with convergence, as physical security personnel are required to receive IT training, which equips them with the basic skills needed to handle computerized security systems. Conversely, IT personnel operating security programs also have to acquaint themselves with physical security training. With the extended use of technology in contemporary society, security personnel require extensive training to equip them with the technical expertise that will enable them to handle the diverse security equipment. Unlike in the past where security personnel only required training in one specific field, convergence mandates that security personnel receive training in both security and information technology (IT) fields. It is possible for individuals interested in pursuing this career to receive either basic or advanced training in IT. The certificate level is the most basic education level whereas the post-graduate level is the most advanced level. More often than not, security personnel work in conjunction with IT specialists in organizations, as such, they do not have to pursue advanced education training in IT to be able to handle basic integrated security systems (Bernard, 2003). Completing a diploma in IT customized to help individuals grasp the basic concepts of different security programs might be sufficient for security personnel who are professionals in handling diverse aspects of physical security. Conversely, IT specialists are integral in ensuring the smooth functioning of security software programs. Their role is to handle the complex technical glitches security personnel are incapable of fixing due to their limited educational training. However, the educational requirements for the head of the new integrated security system are different whereby they require more training in both fields. Firsthand experiences gathered while serving in different security positions such as law enforcement, military or private sector security personnel enables them to preempt possible criminal attacks. Moreover, an advanced degree in IT enables them to detect loopholes in the security software programs that unauthorized personnel might use to breach the security system (Bernard, 2003). For example, Howard Schmidt was the most suitable candidate for the Chief Security Officer position at Microsoft due to his extensive experience in the Air Force and law enforcement department in Chandler, Ariz. Various scholars define the term globalization differently. Clark (1997) defines globalization as “the integration of economic, social and cultural relations across borders”. Conversely, Kay (2004) defines globalization as “the creation of a variety of trans-boundary mechanisms for interaction that affect and reflect the acceleration of economic, political and security interdependence”. From the two definitions, it is apparent that globalization entails cooperation that transcends physical geographic boundaries, which contributes to an accelerated political, economic and social interdependence. Globalization has implications on all aspects of human interaction including security. In fact, globalization continues to transform traditional security attacks into more sophisticated ones necessitating the need to adopt non-traditional security measures. The rise in insecurity is attributable to various factors such as poverty, technological advancements, and ideological differences among others, which globalization has exacerbated. The fact of the matter is that not all countries have equal economic power. This directly affects the standard of technology both at the national, corporate and individual level. The ability to secure information is vital to the safety and power of all three (Kay, 2004). This has led many in the north to re-evaluate whether the long neglect of the rich nations has led to the poor nations raging against them in acts of terrorism and violence (Wade, 2001). For most of the under-developed countries, more economically stable countries characterized by high level of industrialization and development are to blame for their dire state. In a bid to retaliate against their oppressors, extremists from the oppressed countries have adopted abrasive tactics to threaten the security measures instituted by such countries; therefore, redefining traditional crimes. These include terrorism, cyber-attacks, and identity theft among others. Indeed, terrorism has changed the traditional definition and concept of national security, which was “acquisition, deployment and use of military force to achieve national goals” (Held & Grew, 1998). There is a very strong connection between terrorism and globalization in all areas of national security around the world. The threats of terror have developed a more complicated network afforded by globalization that traditional responses to security are ill equipped to deal with. This has caused countries to co-operate and even lend help in terms of technology personnel and in some cases financial aid. Globalization has expanded the support base for marginalized groups among those with common sympathies. The US has earned leadership in globalization, which has earned the wrath of those against its ideology of democracy and according to Kronin (2003); this has increased the number of anti-US sentiments. Terrorism takes on different forms depending on the people instigating the attacks. The use of weapons of mass destruction such as explosive devices to commit terror attacks represents physical acts of terror. The US has experienced subsequent terrorist attacks whereby, the terrorists used weapons of mass destruction. In response to such attacks, the US heightened security measures across the country especially at different points of entry into the country such as airports and physical border entries. Security convergence plays crucial roles in ensuring passengers are not in possession of any weapons of mass destruction. For example, guards at the airports subject passengers to full-body checks using high-tech equipment. In addition, airports have an integrated security system, which alerts them of any security breaches. Through such measures, countries such as the US have minimized the threat of terrorist attacks on their country. Despite such efforts, security personnel across the globe are reporting an increase in cyber-attacks, which refer to any offensive maneuver used by a person, group or organization to target computer information systems, computer networks, and infrastructure. More often than not, the malicious acts originate from anonymous sources, which are hard to track but have the capacity to steal, destroy or alter information previously stored on the system. Depending on the different contexts, cyber-attacks take on different names, which include cyber campaign, cyberterrorism, or cyberwarfare. These attacks can range from simple attacks on an individual’s personal PC to complex attacks that target complicated, highly secure computer systems of nations or large organizations. The recent rise in cyber-attacks by anonymous hackers has been in retaliation to concealing of information by the government or large organizations. Hackers justify their actions by claiming that they are serving citizens’ right to access information freely. For example, Julian Asange, developer of Wikileaks released large amounts of secret information to the public, which caused mayhem in the respective countries but also empowered citizens to demand accountability from the exposed organizations and governments. Many remain conflicted about the usefulness of cyber-attacks. Identity theft happens when a person steals another person’s information and proceeds to use it without his or her authorization. Victims of identity theft suffer financial losses and in some cases find their reputations destroyed. In conclusion, organizations cannot afford to ignore the rapid changes occurring in the technology sector, as these changes stand to affect either positively or negatively implemented security measures. Adopting convergence offers organizations the opportunity to integrate physical and information security measures; therefore, increase the efficiency of their overall security system. Through sensitization of personnel, resistance to convergence is reduced, as each person is able to conceptualize the eminent benefits they stand to gain from the new integrated system. However, it is important to note that security convergence does not necessarily mirror parallel organizational convergence. In actuality, it reflects both departments (IT and Physical security) ability to coordinate their efforts towards solving problems pertaining to an organization’s security (Bernard, 2003). References Anderson, K. (2007, May). Convergence: A Holistic Approach to Risk Management. Network Security, 5. Bernard, R. (2003, April). The Convergence of Physical Security and IT: Responsibilities. Security Technology and Design Magazine. Clark, I. (1997). Globalisation and Fragmenattion: International Relations of the 20th Century. Oxford: Oxford University Press. Held, D., & Grew, A. M. (1998). Review of International Studies. The End of the Old Order, 219-243. Kay, S. (2004). Globalisation,Power and security. Security Dialogue, 10. Kronin, A. K. (2003/05, Winter). Behind the Curve: Globalisation and International Terrorism. International Security, pp. 30-58. Radcliff, D. (2004/June). Physical and IT Security: Overcoming Security Convergence Challenges. Teach Target. http://searchsecurity.techtarget.com/Physical-and-IT-security-Overcoming-security-integration-challenges Wade, R. (2001, April-may 28-04). Winners and Loosers. The Economist, pp. 72-74. Read More