That lack of coordination likely creates security gaps or vulnerabilities. It may be expected that the convergence of IT and security would be driven, at least partially, by the renewed trend over the last decade toward building automation systems. Building automation systems (BAS) now control heating, ventilation, lighting, electric power, parking, telephony, elevators, and even multi-function office equipment, such as copy machines. We asked if facility security systems were integrated into a building automation system.
♦ 29% Yes
♦ 64% No
♦ 07% Not applicable or question not understood
As more companies report some level of integration than report being connected through their BAS, one can surmise that convergence is also occurring at large corporations that have not integrated security systems into their BAS.
This brings up the subject of smartcard technology and the important role it has played in convergence. In August 2004, President Bush issued Homeland Security Presidential Directive (HSPD) 12 to create a secure and standardized method of identification for federal employees and contractors. HSPD-12 resulted in the Federal Information Processing Standard (FIPS) 201. HSPD-12 was a great impetus toward the standardization of access control for governmental office buildings on smartcard technology. This quickly spilled over onto the private sector. Smartcard technology was an important factor in the movement toward technology convergence, albeit mostly driven by the IT industry.
The survey found that 49 percent of the companies surveyed were using smartcards—a surprisingly high figure. Of those with smartcard technology, 64 percent were using it for facility access control, 4 percent for IT access control, and 21 percent for both. Further, it was reported that 56 percent of the smartcard systems were being managed by the security department, 22 percent by the IT department, and in 22 percent of the cases management was shared by both departments.
Another key facet of this investigation was to try to understand relationships between security and IT. Are we dealing with J. Edgar Hoover and Bill Gates trying to share a cubicle? The survey posed a straightforward question. The relationship between the departments is best described as which of the following? The responses were:
♦ 16% Highly effective
♦ 72% Cooperative
♦ 02% Competitive
♦ 10% Difficult
About 12 percent of the large corporations reported that relationships were either competitive or difficult.
The question of interdepartmental relations was approached from another angle to see if the results would be different. The questionnaire asked how often the department heads met. The following results suggest how much the two groups fear integration.
♦ 37% Rarely
♦ 33% Frequently
♦ 21% Often
♦ 08% Never
It is difficult to reconcile the fact that 45 percent never or rarely meet with the survey response that 72 percent of the departments claim to have a “cooperative” relationship. How cooperative can it really be if they only meet rarely, if at all? The survey probed the relationship issue one more way: “Are there, or have there recently been, conflicts resulting from requests by the security department for access to IT LANS/WANS or requests for more bandwidth than the IT department has been willing or able to provide?” Almost third of the respondents reported problems.
♦ 31% Yes
♦ 60% No
♦ 09% Not applicable