"People still think of physical and information security as two separate entities. But to completely manage risk and identity you have to bring all the pieces of security together. It doesn't matter if you're talking people, products, data or data systems -- they're all assets that have to be protected," says Marene Allison, vice president of global security at Medco Health Solutions Inc. in Franklin Lakes, N.J.
Allison signed on at Medco three years ago to create a converged security application for the Fortune 50 pharmacy benefit company. With HIPAA, Sarbanes-Oxley, the Payment Card Industry Act and other mandates to comply with, she says the walls between physical and information security have come tumbling down and IT executives now are responsible for all aspects of data security. "Physical security is just one more peel of the onion skin that has to be dealt with, like firewalls and intrusion detection," she says.
In addition, she says video surveillance networks and access control are becoming more advanced and can ride on the IP network.
Moving video surveillance and access control, such as closed circuit television (CCTV) and building entry card readers, onto the IT platforms leads to reduced costs and management headaches for both IT and physical security teams.
To capitalize on the possibilities, Allison merged her physical security unit with the IT security team to take advantage of each group's knowledge base. She cross-trained the teams to learn each other's security approach. Her team also upgraded the CCTV and access control technology into a single, cohesive IP-based business intelligence network using Dallas-based TAC's integrated security systems.
"We use the CCTV in conjunction with alerting methodology and more traditional IT intrusion detection to know who is touching data and data systems when," she says. By integrating her video surveillance and network access control systems with her IP network, the unified security team can now set policies that dictate how long a building door should stay open.
If they receive an alert that an entryway has stayed open too long, they can call up real-time video, stored video and access control information right from their desktops. In the past, they would have had to wait for the physical team to notice an anomaly in its building access reports and then search through an analog videotape to find the culprit.
"This definitely narrows the window on solving security problems," Allison says. It also helps her prove a safe chain of command for data control, which many federal and private sector mandates require.
While Medco's approach might be cutting edge to some, a January 2007 IDC report finds a worldwide shift from analog surveillance cameras to digital network cameras. "In 2008, analog cameras will occupy 75% of the total market, yet as more usage of the network occurs for more than simple data transmission, we expect the network share to take off in 2009 and 2010," IDC says. In fact, the research firm predicts that global shipments of network cameras will increase at a five-year compound annual growth rate of 63%, moving from 540,817 in 2006 to 6.2 million in 2011.
IDC calls the use of the corporate network as a means to facilitate surveillance, security and monitoring "a natural extension of [network] capital expenditure."
Network cameras definitely offer advantages over analog cameras that transfer black-and-white images over coaxial cables to proprietary recorders with magnetic tapes. Companies then log the tapes and store them for certain periods of time before erasing and reusing them -- all of which consume human and monetary resources.