Click here to receive your FREE subscription to Campus Technology
Opinion
Converged Security: Can Ex-Cops, Propeller Heads, and Bean Counters Make Nice?
9/14/2007
The head of physical security is typically drawn from law enforcement or the military and reports to the facilities or business side of the house. Authority and a well defined command and control structure are highly valued.
The head of information security is usually a technologist and typically reports to the CIO. Creativity and technological innovations are valued attributes.
Finally, the head of financial security usually has a financial or auditing background and reports to the CFO. Quantitative financial rigor is a core value.
While each of those perspectives is essential for an enterprise, they evolved independently, each having a specific mission. Since 9/11, however, there has been a growing trend in the corporate sector to more closely integrate or even merge the oversight of information security, physical security, and fiscal security. This trend may be relevant to higher education.
In fact, Ben Palma, former PepsiCo CISO and member of the team that moved the company to an integrated security architecture, has suggested that one reason security has not received more attention from senior management is that the various groups involved in security have not presented a unified and consistent story.
What do companies that have a converged security architecture cite as the advantages? Improved information sharing and coordination between security units provides the organization with more robust and coherent security. A converged architecture provides senior management with a single comprehensive overview of corporate security. If the effort is led by a CSO, it also provides senior management with a single point of contact. Finally, a comprehensive security architecture is easer to align with the institution's goals and objectives.
Given that the corporate sector is much further along in converging badges, bytes, and beans, what can we learn from their experience.
To be successful, any convergence initiative must have support from senior management that views security as a strategic business enabler.
Functional silos are usually well protected. Hostile takeovers or coups seldom work.
Any process or organizational structure must preserve the core functions and capabilities of the physical, information, and financial security units and allow each to do what they are good at.
Convergence does not necessarily mean merging multiple units. It might well be close cooperation, collaboration, and joint planning. It is, however, more than an occasional lunch.
Convergence initiatives are a hard sell if they involve significant additional fiscal expenditures to change, in this case integrate, what you are already doing.
A Cautionary Tale
Discussions, seminars, and conference presentations about combining campus libraries and the information technology unit were the rage in the late 1980s and early 1990s. Now, almost two decades later, it has successfully happened in only a handful of places. The idea was great in theory. Both deal with information. Libraries excel in storing and subsequently finding information. IT organizations excel in manipulating information. What we underestimated was the difficulty and practically of merging two very different cultures, one young and brash and the other steeped in tradition.
Recommended Reading
- U Wyoming Students Vote To Implement Sonic Foundry's Mediasite for Lecture Capture
An overwhelming student vote for Mediasite will put the Webcasting platform from Sonic Foundry into University of Wyoming lecture halls this fall. Mediasite is a presentation capture tool that records and synchronizes audio, video, and slides and then allows the presenter to provide it online for on-demand viewing or in podcast form. The tool also enables the presenter to make the presentation available online as it happens.
- DNS Flaw Unfixed as Experts Argue Protocol
Speculation continues as to what the ultimate systemic Domain Name System (DNS) flaw could be. This flaw apparently allows Web surfers to be spoofed, directing them to fake Web sites to gain passwords and load malware on their computers.
- IT Cost Cuts in 2008 May Be a Trend, Study Says
A first-quarter 2008 survey conducted by Computer Economics suggests a possible slowdown in IT spending and staffing lies ahead.
- Microsoft Revamps Its Platforms Division, Loses Kevin Johnson
Microsoft announced late Wednesday a reorganization of its Platforms & Services Division (PSD), as well as the departure of Kevin Johnson, a 16-year Microsoft veteran and president of the PSD.
- Microsoft's DNS Fix Leads to More Problems
The blogosphere is awash with talk about the possible overall weakness of the Domain Name System (DNS) architecture. For its part, Microsoft's released a DNS fix in its patch slate for July, but Redmond seems to have problems just getting it to end users. Moreover, some users of the DNS fix have experienced additional difficulties.
- D2L Launches Mobile Learning Environment
Desire2Learn this week announced a new mobile application of its Desire2Learn Learning Environment. Called Desire2Learn 2GO, the application ties in with Learning Environment 8.3 to provide access via Blackberry. The company also announced that it's streamlining integration Respondus 3.5, a quiz- and test-building application.
