Security convergence is probably best defined as a process which brings together all those dedicated to security for the benefit of the business.
In many organisations, of course, physical security and information security are looked after by two separate functions or sections. It’s the very recognition of the interdependence of these business functions and processes, though, that has led to the development of a more holistic approach to security management.
The concern now is for Best Practice in business security management. Authorised access to company information is of particular concern to both teams, and their unity in achieving this is crucial.
Put simply, many leaders from across the physical and information security sectors now firmly believe that nothing less than a converged response to security and risk is required.
“Our goal is to protect people and organisations from blended attacks and enable them to operate effectively,” explained James Willison, the founder of Unified Security who – along with Incoming Thought’s director of security consulting, Sarb Sembhi – will be speaking on the subject of ‘The Security Convergence Movement’ at the Global Security Summit in October.
“We are committed to working with all areas of security, facilities management, Human Resources and other vital business support functions to help the process of convergence move forward,” added Willison.
Determined and aggressive criminals
“The current economic climate has fuelled a new and more aggressive criminal determined to get hold of business assets, both physical and logical,” continued Sarb Sembhi. “By way of converged security strategy reviews, for example, we feel that organisations can better assess their current response and consider ways in which a unified approach to both physical and logical security might benefit the overall stance of the business.”
Sembhi and Willison are very much in favour of comparing convergence Best Practices and identifying the most appropriate ways in which all areas of security might work together to achieve greater cost savings and efficiencies, while at the same time affording enhanced security and a reduction in risks.
There are distinct advantages to be realised from a converged security strategy review, it seems. “Such reviews may be customised to meet individual business and security objectives, and thus ensure that maximum value is realised from the work,” urged Sembhi.
How, though, is it possible to ensure that businesses identify blended security risks and actually start to see the benefits convergence brings? What is the best way forward?
Overcoming the cultural barriers
Willison and Sembhi are fully aware that there are often barriers – either cultural or organisational, maybe even both – within and across today’s businesses which can make such change difficult.
What they also agree on is that there are four key areas for the various security risk functions to develop in order to overcome these obstacles.
“There needs to be a developed understanding and respect across each risk function,” urged Willison. “In terms of the cultural issues, there has to be an overt recognition that each brings a level of expertise the other really needs if the business is to be effective.”
On top of that, there’s a definite requirement for working together on joint projects. “This is growing in importance as physical security and fraud technologies are now increasingly reliant on IT and information security to avoid and identify these converged risks.”
Beyond that, convergence is also about building professionalism and increasing capabilities by way of cross-department training and education and mapping an overriding willingness to share information through common lines of reporting across the piece.
Tellingly, Willison explained: “There must be humility at play such that there’s an acceptance of when other risk priorities come above one’s own function in respect of funding and development.”
If you want to learn more about ‘The Security Convergence Movement’ (and the recently-introduced ASIS Physical Asset Protection Standard), James and Sarb’s presentation takes place between 1.50 pm and 2.20 pm at London’s Olympia on 11 October. Don’t miss it!
James Willison is the founder of Unified Security and Sarb Sembhi is director of consulting services at Incoming Thought
Further information on the Global Security Summit
*For further information on Global Security Summit London, the full education programme and speaker line-up please visit http://www.globalsecurity-summit.com/, follow us on Twitter (@GSS_London) or join the LinkedIn Group
**Companies interested in exhibiting should contact event manager Tracy Bebbington on tel: 0207 921 8065 or e-mail: tracy.bebbington@ubm.com or Paul Amura (business development director at Pro-Activ Publications) on tel: 020 8295 8307 or e-mail: paul.amura@proactivpubs.co.uk