How Does The IT Department Influence Security Purchases?
Editor Introduction
In recent years, information technology (IT) departments at end user companies have often been seen as adversaries of traditional security departments – or, at least, as a thorn in their side. One of the issues is territorial: As physical security products have migrated to use of Internet protocols and the network infrastructure, the IT and security departments have clashed – erm… make that interacted – more and more often. New realities such as cybersecurity have made it critical that the two entities work in harmony, and IT professionals often provide useful insights into product selection, among other issues. We asked this week’s Expert Panel Roundtable: What is the influence of the IT department on security purchases at an end user company?
Not that long ago, the industry viewed IT involvement in security buying decisions as an impediment. However, the tide has shifted, and it is critical that these professionals be brought into the fold early in the process, now that virtually every security component either lives on or somehow touches the IT infrastructure. The ever-present threat of cybersecurity breaches alone is enough to mandate their involvement, but IT also has the benefit of overseeing all the systems within an enterprise. Through this lens, they can offer suggestions of ways that security products and services may also serve needs in other areas of the business that are not directly tied to security (e.g., video analytics, process improvements).
It is critical for IT departments to be involved at the very onset of physical security projects because so many of today’s security devices and systems, such as surveillance cameras, are connected to the network. IT departments need to gauge the impact of the devices on the network, especially if the devices – such as IP cameras – use a significant amount of network resources. IT departments also need to influence the way the devices are managed on the network and how they interact and/or integrate with other systems such as user databases. Given that cyberattacks continue to rise in occurrence and complexity and pose a serious threat, IT departments also need to make sure that physical security devices are not susceptible, and if they are compromised, the damage is minimized. Furthermore, IT departments can provide advice on whether cloud-based applications would be a better fit for an organization.
IT departments are becoming more and more involved with security purchases due to the ever-greater integration of systems. This was very evident right from the introduction of IP CCTV and video analytics, which at the time required considerable amounts of network and bandwidth resources. Bandwidth usage is less of a problem with modern systems, but overall vulnerability is still a concern. Network security is also heavily involved with preventing online attacks on physical security systems, with SSL encryption now commonly used. Possible data breaches and online attacks are an unpleasant reality for 21st Century businesses. Equally, though, if a company’s network data can be corrupted, there will inevitably be potential consequences for security systems that also use these resources. In a hyper-connected world, a potential vulnerability could come from any direction. As well as internal security, it is important that companies ensure their suppliers/partners maintain vigilance as well.
The influence of the IT department in end user companies can be both positive and negative. It really depends on the attitude and knowledge of the department managers and staff. What I mean is, if the staff are very technically aware of both current and new developments in the market, and the benefits of various technologies, then they can have a positive influence by championing new technologies and the need to implement them in the correct way. Conversely, if they aren’t aware, then they can adversely influence the uptake of new technologies, or even actively suppress it! Some of this can also be attributed to the finance departments and the allocation of budgets. Some companies allocate annual budgets, but fail to take into account the lifespan of the equipment being purchased, meaning they buy sub-standard equipment to fit the budget but it ultimately costs more in the longer term.
IT and security have become much more tightly integrated over the past several years. Gone are the days when security solely operated on its own. Today, security oftentimes must reside on IT’s network. In many cases, the IT managers are responsible for the security solution.
The best organizations have departments that work together to solve complex business challenges. Every day, technology advances are adding more strain to IT infrastructure and increasing cybersecurity risk. To accommodate this changing climate, both IT and physical security departments must diversify, adding staff with competencies in other areas of business/security/IT and forming strategic alliances with each other to ensure all sides are pulling in the same direction. IT should have a seat at the table to mitigate cyber-risk, ensure proper infrastructure support, evaluate performance, and integrate the applications into the existing IT framework. Physical security departments should have specialists in cybersecurity to assist in mitigation and response. This should all be done while balancing the needs of the end users and the goals of the organization – and can only be accomplished with a highly functioning working relationship between departments whose contributions will evolve over time.
High-profile data breaches have put great deal of stress on chief security officers (CSOs) who are responsible for their organizations’ physical security systems and networked operations. Further, because of the growing implementation of networked systems, security personnel are tasked with closely evaluating any security and surveillance device under consideration in terms of how it may affect overall network security. One outgrowth from the focus on network security is that CSOs are increasingly looking towards physical security information management (PSIM) solutions, which have the power to aggregate multiple disparate systems into a single operational view. In addition to the inherent integration, management, and control benefits that PSIM solutions provide, they consolidate user access to security sub-systems to a single application at the SOC level, making the deployment and monitoring of cybersecurity protocols easier to maintain.
The IT department’s responsibility continues to expand as the network and interconnectivity of devices on that network add more functionality. As telephones – and later video cameras – moved from analog to IP, the IT group’s migration and merger with the facilities group have put their hands and budgets in more systems; giving them a louder voice and influence into product selection. Now as access control has joined the IP realm and is moving to cloud software solutions, the input and influence of IT have grown vastly in security purchases, and in some cases, they are the sole decision maker. This voice, in turn, is increasing the IT integrator’s footprint into the security market. IT integrators are being asked if they provide additional solutions on the network specific to security, and this presents them with an opportunity to expand their business and leverage their network expertise into the physical security market.
If an end user has an internal IT department, they are critical in the decision process and implementation of security systems. With cyberattacks and breaches being a common threat, and an all-too-often occurrence, cybersecurity and system hardening is a critical component of physical security and access control. The integrity of proposed and/or deployed systems falls squarely on the shoulders of IT professionals. As IT professionals share the common goal of protecting sensitive data, system integrity and corporate policies, they can efficiently assess in coordination with security professionals to assure the proposed system meets corporate IT data and security policies as well as the organization’s required functional capabilities.
Editor Summary
Our market’s recent concerns about cybersecurity seem to ensure an ongoing role of IT departments in the physical security buying process. In fact, cybersecurity worries have further aligned the overall goals of the security and IT departments in the face of a challenging common threat. At the end of the day, security is security, and the IT department’s role to keep its systems and networks safe is in perfect alignment with the security department’s role of protecting facilities and assets. Cooperation is the name of the game, and both the IT and security departments must be on board.
- Related links
- ACT Access control systems & kits
- ACT Access control software
- AMAG Access control software
- AMAG Video Surveillance software
- ISONAS Access control systems & kits
- ISONAS Access control software
- Milestone Video Surveillance software
- Oncam Video Surveillance software
- TDSi Access control systems & kits
- TDSi Video Surveillance software
- TDSi Access control software
- Oncam IP cameras
- TDSi IP cameras
Expert commentary
Security beat
Security bytes
- Getting To Know Dan Grimm, VP And General Manager Of Computer Vision At RealNetworks
- Big Wins And The Importance Of Showing Up: Insights From SecurityInformed.com Editor Larry Anderson
- Setting Goals, Business Travels And Radioactivity: Success Secrets From Tiandy's John Van Den Elzen
- Getting To Know Jeff Burgess, President/CEO At BCDVideo
Healthcare security articles
Milestone Systems, a global pioneer in video technology, is at the forefront of the video security industry, emphasizing responsible technology innovation across its operations. The company will host...
Just like fighting against the spread of disease in a clinical environment, healthcare providers must mobilize, coordinate with interconnected partners, and apply sufficient budgetary resources to com...
VIPRE Security Group, a global pioneer and award-winning cybersecurity, privacy, and data protection company, released its Q1 2024 Email Threat Trends report, based on an analysis of 1.8 billion email...
Johnson Controls, the global pioneer for smart, healthy, and sustainable buildings, demonstrated complete building security solutions at ISC West 2024 in Las Vegas. The company showcased its comprehen...
Choosing the appropriate fingerprint technology for a given application is dependent on factors including the required level of security and matching accuracy, the desired capabilities and features, a...
ASIS International, the world’s largest association for security management professionals, has announced its programming lineup for Global Security Exchange (GSX) 2024 with in-person and di...
Next DLP, a pioneer in data loss prevention and insider threat solutions announced that their Reveal Platform is the first Insider Risk Management solution to automatically map detection events to MIT...
The Security Executive Council, with Rice University and MD Anderson Cancer Center, will facilitate a day and a half of expert-led sessions on workplace violence risk management for corporate security...
At Hannover Messe 2024, Siemens presents the first generative artificial intelligence (AI) product for engineering in an industrial environment. Siemens Industrial Copilot The Siemens Industrial Cop...
HID, the pioneer in trusted identity solutions, announces it has been positioned by Gartner® as a Pioneer in its 2024 Magic Quadrant for Indoor Location Services. The evaluation was based on speci...
Vismo will launch the latest version of its Locate & Protect App at the International Association for Healthcare Security and Safety (IAHSS) Annual Conference and Exhibition 2024, at booth #713, f...
ASSA ABLOY Opening Solutions will be exhibiting an expanded range of innovative products at booth #8061 during ISC West. With access and intrusion risks rising in schools, healthcare spaces, and worsh...
Cohesity, a pioneer in AI-powered data security and management, announced it is collaborating with Intel to bring Intel’s confidential computing capabilities to the Cohesity Data Cloud. Leverage...
Identiv, Inc., a global digital security and identification pioneer in the Internet of Things (IoT), has entered into a definitive asset purchase agreement to sell its physical security, access card,...
Thailand’s pioneering fair for security and fire safety for commercial and industrial premises, announced at the press conference at Grand Hyatt Erawan Bangkok that the 2024 edition will return...
Multi-Residential Access Management And Security
DownloadGuide For HAAS: New Choice Of SMB Security System
DownloadPrecision And Intelligence: LiDAR's Role In Modern Security Ecosystems
DownloadHikvision: Solar Powered Product Introduction + HCP
DownloadArtificial Intelligence
DownloadVerkada TD52 Cloud-Based Video Intercom
exacqVision IP08-64T-R1XW-E X-Series 1U Rdnt IP NVR 64TB RAID5 Windows OS with 8 IP Ent Lic
Climax Technology TouchPanel-3 7” Color Graphic Touchscreen Panel