Blog Date: 7/24/2016
Author: Ray Coulombe
Here are five current trends blurring the lines between traditional security paths.
1. Technology convergence
Corporate security services such as video surveillance, access control, fraud detection,and access control are increasingly database-driven and network-delivered. In other words, physical security has become more IT-like. The use of biometrics for authentication is growing ever more popular as a means to control access throughout buildings and systems (think of the fingerprint needed to unlock your iPhone). Security services increasingly integrate with LDAP (Lightweight Directory Access Protocol), the application protocol used over an IP network to manage and access a distributed directory information service.
2. Vendor convergence
Not so long ago, infosec vendors protected networks and physical security vendors protected bricks and mortar. The two stayed separated. Today, many security companies address these and other high impact areas to provide higher situational awareness. Conversely, there’s a growing presence of IT and component vendors in security, including NVIDIA, Microsoft, and Google. And there’s more: Brink’s, the armored car company, offers managed network security services; Unisys has a consulting business in supply chain security; Computer Associates is mixing with smart-card vendors like HID in the Open Security Exchange consortium, developing a network-and-bulding-access standard called PhysBits. The list goes on and on. Look for vendors to continue to merge and meld their distinct product lines into highly integrated offerings. Further, companies including Verint, which has a cyber arm, and various biometric vendors have a foot in both worlds and have yet to fully leverage their positions.
3. Community convergence
The associations in the security industry rarely acknowledge each other’s existence. But, back in 2004-2005, CISSP promulgator (ISC)2 on the infosec side, CPP certifier ASIS International on the corporate security side, and IS audit association ISACA proclaimed their solidarity. Since then, everything has changed. The growing importance of CISO and CSO positions, whose sole focus is security, broadens the meaning of security even more. And, (ISC)2 is showing an increased presence in security industry events and now offers IT certifications in these venues. That said, industry leaders expect even more cooperation between these associations in the future.
4. Threat convergence
The pendulum has swung, where logical attacks may represent a greater risk factor to than enterprise than physical. For example, what’s a bigger threat to a bank? A threat from a bank robber or a cyber attack targeting accounts? However, insider attacks are still recognized as one of the chief attack vectors for evil doers and mischief makers, and tight integration of the physical and logical worlds, specifically in access control, is one means of addressing the threat. Also well documented is the vulnerability of many electronic security devices, such as certain IP cameras, that are targeted as potential weak entry points into company networks.
5. Educational convergence
A number of major universities have launched programs aimed at equipping students with a range of knowledge and skills in both corporate and information security. Cyber programs are sprouting to address the current 120,000 cyber-job shortfall in the US. There’s an increased emphasis on cyber security topics at all industry education events. (ISC)2 has increased its presence at security industry events and offers IT certifications there, including Certified Information Security Systems Professional (CISSP). CISSP includes logical, physical, electronic, and administrative components. All of this adds up to a more holistic, blended view of security.