Forrester issued a report earlier this year on the convergence of Physical and Logical Security. The author, Steve Hunt, felt strongly enough about the subject to leave and form 4AInternational, a consulting firm focused on securty convergence.

Security Focus, published a nice summary
of the report which I’ve been meaning to discuss for some time. Anyone following the security convergence discussions would not be surprised by Forrester’s conclusions. However, it puts numbers on the size of the security convergence market and adds the weight of third party validation to media and conference discussions about security convergence.

What does this mean for convergence? There are a few key areas that offer immediate opportunities for convergence with a moderate effort. First and foremost, card integration. Other areas are policy development, reporting structrues, monitoring software, combined incident response, and regulatory compliance. This is where we should see growth over the next 12 months. Now is the time to lay the groundwork for larger efforts in 2006.

Now, to 4AInternational. During engagements with my clients “security convergence” has a achieved buzzword penetration. Convergence issues are being taken seriously in the context of other efforts. What we are not seeing is security convergence as a stand alone project. Major vendors offer lip service but few effectively offer products and solutions.

Talking about the benefits of security convergence at the C-level is fairly easy. Getting to those benefits is a little more difficult. Traditionally the physical and logical security efforts in an enterprise have different organizational structures and career paths. Both can have great systems, but there are very few individuals with the experience to talk to both groups. What most people do not realize is that physical and logical security systems integration can start small and may not be as far off as they think. If 4AInternational can put together a team that outlines the convergence business case for both sides of security and shows the client the low hanging fruit, they could find themselves with a nice slice of that security convergence growth.

4AInternational

Security-Flaws » Blog Archive » Wedded to physical and IT security?

It’s interesting to note that the two top challenges faced by higher ed CIOs, security and finance, are both addresses in many aspects by the integrated identity approach of ITM.

Security comes from streamlined provisioning and decommisioning of all aspects of identity at an institution, both physical and logical. At the transaction level, common security monitoring tools could provide a better perspective on your overall security situation.

Financially, identity initiatives offer ROI opportunities not found in many other IT efforts. For instance, security efforts traditionally weigh cost against risk of loss. The poor ROI leads to risk acceptance until we have major breaches, like those linked to from the Inside Higher Ed article. Following a breach, institutions often spend in a knee jerk reaction. It gives immediate satisfaction, but often provides a ROI in the future.

Approaching your identity efforts in holistic fashion focusing on security, sales and service, helps your security ROI piggyback on efforts with a clear financial return. For instance provisioning all your credentials and passwords from a single office reduces administrative overhead. In some instances, that single point of provisioning can also reduce IT overhead of multiple system interfaces to your badging system, physical access control and IT identity management efforts. Let dining and vending fund the office while IT reduces points of support and failure in identity provisioning. It’s worth looking into.

The original Educause survey report can be found here.

An article at Inside Higher Ed provides a good, brief summary. Inside Higher Ed :: Top IT Challenge: Paying for It

Across the board, the idenity space is hot. Last week French smart card manufacturer spread its wings a little bit with the acquisition of Finnish secure document company, Setec.

Apparently their cooperation on the Singapore electronic passport last year impressed some folks. The deal makes lots of sense. As our paper documents become smarter, the vertical integration of the component manufacturers provides a logical competitive advantage. Pennies matter on this scale, so making production as efficient as possible means a more competitive Gemplus.

While it won’t immediately translate into benefits for the rest of Gemplus’ customer base, maybe it will down the road. Like most smart card companies, Gemplus gets most of their revenues from the telco industry. Although Gemplus has been supplying the ID market for some time, it always held more promise than profits. They made a big play into solutions just before the dot com bust. The Setec acquisition puts Gemplus in a stronger competitive place to pursue secure ID efforts like they won in Singapore.

Smart cards are already showing up in lots of other form factors than cards, so why not throw paper into the mix?

Gemplus Press Release

Gemplus snaps up e-document firm | The Register