In 2008, when I went to my first security tradeshow "convergence" was the big buzzword in the security industry as to the pending change-over from analog-based systems to IP-based systems. Within a couple of years, the buzz pretty much died down. Now, in 2014, it has popped up again. However, in these following years the concept of convergence has evolved in some very interesting ways. The transformation is more in line with how IT has generally evolved as well.
Now, In the security world, the term "convergence" refers to physical and cyber security being managed together, instead of separately – which, historically they were, and today, for the most part, still are.
Historically, big companies would have a security department, which was responsible for physically protecting the company’s people and assets using a set of tools popularly known in the trade as Guns, Guards, and Gates. Then, there would be an IT security department, which concerned itself solely with protecting the company’s computers and data.
The two groups were barely even aware of each other, and the IT security people really weren’t that busy until around the mid-90s when the evolution of hackers from a group of teenage punks out to impress their girlfriends to the sophisticated cyber gangsters of today, started in earnest.
I remember noticing, sometime in the mid-90s, that both groups typically saw themselves as ‘Security’ (capital S) for their employers and in their industries, but had no idea what the other group did, let alone any meaningful contact with them.
The security convergence trend started when it was discovered that things like building access control systems and security cameras, (if only as stand-alone systems using propriety communication protocols), could be given IP addresses and become part of THE network.
The idea generated a lot of excitement at the time, because it meant that the servers for access control systems and security cameras sit in the network closet and be managed by the IT staff. Money would be saved on cabling and duplicated efforts. Predictably, the IT people were down with that, but it didn’t sit real well with the Physical ‘Security’ team, who saw it as a flagrant threat to their significance and their jobs.
As security convergence gathered steam, a few sharp engineers realized that physical access to the building, and virtual access to the corporate network, could be managed using the exact same system. A single token (usually a dual-purpose badge) would be issued to all employees. Further money would be saved, the employees would have one less item to lose and be replaced, and everyone would live harmony.
It didn’t quite work out that way, though, because an ongoing parade of glitches got in the way. Early convergence platforms, while prestigious to own and operate, were expensive and error prone. And they were mostly built on Windows XP, which requires no further explanation.
Biometric systems, which to me are a killer app for converged access control, were similarly expensive and error prone. On the video surveillance side, footage streamed from the cameras consumed bandwidth by the boat load, annoying network managers, and the video servers, which were basically industrial strength Tivo machines, were expensive and error prone. (notice a pattern?)
Basically, security convergence in the early days was not ready for prime time, and so the genre entered a lengthy trough of disillusionment.
Fast forward to today. We have much more affordable and improved:
•Cameras and DVRs
In addition, we have the following, which are at or near the point of commercial viability and which together offer a vastly more sophisticated picture of what converged security can be:
•Smartphones and tablets
•Sensors. including cameras, audio, motion, and many more including technologies such as:
•RTLS (real time location systems)
•Big data analytics
•Alerts Technology; and
Finally, to bring all of these separate technologies together we have the IOT, which is starting to plant the seed in the minds of Suits the world over that things other than Workstations, servers, and routers might in fact have an IP address.
We might call this new combination Security Convergence 2.0. With Security Convergence 2.0, we have the potential for real-time situational awareness and predictively deployed security controls to prevent, detect, and respond to threats, the likes of which have not been imagined. And that will be good, because we are going to see threats the likes of which have not imagined as well.
Clearly, we’re still going to face some uphill challenges for fully converged and economical security systems to be built and there may be one or two more troughs of disillusionment yet before we get to where we should end up.