“Convergence” is the current buzzword in professional security journals. It is so topical that several security groups and Web sites were recently formed to focus on this phenomenon, such as the Open Security Exchange (OSE). With developments such as this, a question remains: How far along the winding path of full integration have we traveled? Are we walking against the wind, or with it?
Earlier this year, Security Management and I conducted a questionnaire survey of large corporations. The objectives were to gauge how much the technologies of the security industry and the information technology sector have converged and to examine relationships between the two.
Responses to the questionnaire were received from 100 companies. That may seem like a fairly small sampling for analytic purposes, but data from a hundred large corporations might still be statistically more relevant than a hundred random companies, large and small. The respondents have average annual revenues of $3.8 billion (median = $1 billion) and employ an average of 11,000 people (median = 3,500) of whom about 207 (median = 48.5) work in the IT department and 341 (median = 35) in security, including contract employees. The average security department budget is around $5.8 million (median = $2 million).
The averages are probably skewed by the very large corporations. That’s why the median figures noted above are important.
With respect to the survey population, it is important to point out that any inferences about the state of technological convergence are likely to be valid only with respect to large corporations. Any conclusions drawn from the data may, or may not, accurately reflect IT and security convergence among all companies, particularly smaller ones.