Physical and IT security 'will converge'

Links between physical and virtual security must be thought through, according to Computer Associates' head of security software

The head of security software for Computer Associates, Ron Moritz, has warned that the convergence of physical and IT security can increase a company's exposure to risk if not managed properly.

Speaking at a press briefing at the CA World conference in Las Vegas, Moritz -- the former CTO of Symantec -- told reporters many companies haven't thought about the ramifications of integrating physical security systems, such as card-access servers, into the corporate network.

If managed correctly, he said, the convergence can enhance security through the correlation of physical security events to IT security events.

An alarm can be triggered when someone logs onto a workstation using the credentials of an employee not registered as having swiped an access card to enter the building in which the workstation is located, for example.

If the systems aren't properly protected, it may be possible for a computer-based attacker to access physical security controls.

The integration of these systems is happening because of the reduced cost associated with running security systems over existing IP networks, according to CA director of security brand management Eric Maurice.

"What we've seen [with] CCTV is the IP network becoming a backbone for physical security," he said.

By using the IP backbone, companies save money by not having to put in separate cabling used specifically to link up security systems that handle physical access.

Fujitsu's general manager of professional services and development, Alan Lowe, believes the argument about whether or not the integration should occur is moot -- they are going ahead and that won't change.

"I believe in the finish there will be an absolute convergence between the two," he told ZDNet Australia.

According to Lowe, there simply won't be an alternative to this type of integration in the future. Already, he says, the lines between physical and IT security issues are fairly blurry.

"I would have trouble differentiating... where they start and where they stop," he said. "You can't divorce the two".


For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.