According to Forrester Research, U.S. spending on merging physical and logical access control, across both the public and private sectors, went from $691 million in 2005 to $7 billion in 2008. Estimates of total spending on IT and security convergence couldn’t be found and perhaps don’t exist, but it does appear self-evident that the amount of convergence is significant.
The survey of large corporations revealed the following degree of melding of IT and security computerized systems.
♦ 37% have linked networks (in addition to CCTV) but are not fully integrated
♦ 33% are entirely independent of one another
♦ 20% share the IT network for CCTV but are otherwise separate systems
♦ 11% are totally or almost totally integrated
Security industry observers will probably find it surprising that 11 percent of large corporations may have integrated IT and security systems entirely or almost entirely. Moreover, that only about a third of these companies have systems that are not interconnected is equally remarkable considering that the security profession’s mantra for decades had been for security to always be a standalone system.
Another consideration in understanding integration is whether operating systems are compatible. IT departments reported their primary operating systems as the following:
♦ 96% Windows
♦ 04% Unix
♦ 00% Linux
Security departments, however, indicated:
♦ 93% Windows-based
♦ 02% Linux
♦ 01% Unix
♦ 04% Other (didn’t know)
We can’t infer too much from this information, but it may imply that since none of the reporting IT departments use Linux, whereas 2 percent of the security departments do, there could be potential compatibility issues. Any intelligent system can be made to communicate with any other intelligent system, but initial compatibility often determines whether integration is effort-less or complicated.
More significant perhaps, 70 percent of the security departments stated that their security systems management software was proprietary or somewhat proprietary. The remaining 30 percent indicated that their software was based on open protocols and open architecture. Critics of proprietary software assert that such products represent a marketing tactic to make it difficult for customers to switch to a competitor’s product, that they are locked to the manufacturer for life. On the other hand, others point out that such claims are exaggerated and that proprietary products perform as well as nonproprietary software products. Plainly, open protocol software is still in the minority.
In companies where integration is occurring, which departments does security share databases with? The survey reported the following:
♦ 40% IT
♦ 32% HR
♦ 24% No database sharing
♦ 04% Other
While 33 percent of the security departments stated that they are totally independent, only 24 percent reported that there is no database sharing, perhaps suggesting that some standalone departments are nevertheless sharing databases. Of related interest, the questionnaire asked whether IT departments had a security system that was independent of the security department’s system. About 24 percent of the respondents reported that their IT department had their own standalone security system, and of those, about 50 percent were not compatible with the security department’s system.