Over the past several years, we’ve seen an almost complete convergence between physical security and IT.
When I started out in IT 10 years ago, this process had already begun, but it was still far from the norm. Physical security systems, such as video surveillance cameras and door access control systems, were mostly offline or standalone systems.
Even then, however, some smaller organizations saw their IT departments managing physical security. After all, IT always knew when someone was onboarded or offboarded, and could add access control tasks to their existing processes.
Other organizations handled these physical security tasks through a facilities department, and some bigger organizations had dedicated physical security staff.
Today, we see much of the same, but one thing has changed: Regardless of who’s responsible for managing physical security, IT is involved with it in some capacity, either owning the whole system or individual components of it.
Whether it be network/server provisioning, database management, backups, firmware upgrades or a multitude of other things, IT has a big role to play in modern physical security deployments. Therefore, it’s critical for IT managers to work with their physical security counterparts – and here are five things that IT managers can do to facilitate that.
1. Know the Technologies
What is a mantrap? A multisensor camera? What are camera analytics? Not unlike the IT world, the physical security world is chock-full of hardware devices and software applications.
There are many different types of IP cameras, card readers and other physical security devices that have a wide variety of use cases. What are the capabilities of these devices and what protocols do they use?
You don’t need to have an in-depth knowledge of all the components, but a broad understanding of the technologies and how they are managed and maintained will go a long way.
As an IT manager, understanding this technology will not only help you to better work with your physical security counterpart, but it will also give you a better idea of the types of devices that are on the network, what they do and how they do it.
2. Understand the Physical Security Environment
Beyond understanding the physical security technology, you should also understand the physical security environment to a certain degree. Some questions to consider:
- What areas are being monitored?
- What technologies are being used to monitor them and maintain them?
- Is the monitoring reactive or proactive?
- How many days of video retention are cameras getting and how many do they require?
Talk to your physical security counterpart and understand the goals of the physical security environment. As a former IT manager, I used to meet with my physical security counterparts on a quarterly basis to discuss our environment.
I wanted to know about any pain points they had, new technologies they were looking at or any plans for growth or expansion. Having these meetings, in conjunction with understanding the underlying technologies, allowed me to anticipate where the IT infrastructure needed to be enhanced to improve performance or accommodate equipment.
If I knew, for example, that they wanted to add 10 new cameras to a building in the next budget cycle, I could plan on my end to make sure IT had the port capacity, bandwidth and/or storage to accommodate those additional cameras.
3. Get Involved in the Planning
When physical security projects are being scoped and planned, participate in that process. Chances are, as an IT manager, you’re already part of this process to some extent – likely after the fact.
Build a relationship with your physical security counterpart and with your organization’s physical security partners so you can be involved in the process early, and so you can understand what’s being planned and what impact it could have on the IT infrastructure.
It’s much better to use your understanding of the technologies and the environment to contribute to the conversations, rather than to be looped in later down the road after the decisions have already been made.
Early on in my IT management career, I would get into situations like this in which my physical security counterpart would email me and say they had just purchased and installed new cameras and needed network connectivity.
Sometimes, I was lucky and had the port capacity in that area and other times, I would have to order and provision a new switch, delaying the project.
Another common issue was storage: Adding cameras without increasing storage dropped the retention of all the cameras. With 100 cameras, you may be getting 30 days of video retained, but add 10 cameras to that and you may be down to 27 days. Being a part of the planning allows you to better plan for challenges like this.
4. Dedicate an IT Liaison
If you can’t be involved in the planning yourself, then dedicate an IT liaison – someone on your team who knows the IT infrastructure and processes and can work with the physical security team.
With an IT liaison involved, you can ensure that the respective agendas of the IT and physical security teams complement each other. Again, if your IT department doesn’t outright own and manage the physical systems, you at least own and are responsible for certain parts of those systems.
Have someone on your team who knows where those lines are and understands how these systems and components are integrated into the IT infrastructure.
5. Share Information
Remember that it’s a two-way street and that communicating and sharing information with your physical security counterpart can be beneficial to both of you.
Is IT planning a server patch or database upgrade that will affect physical security systems? If this is the case, reach out to the physical security team and let them know or work with them on outage dates.
Or, maybe IT is running new network cables to improve the WiFi in a certain area. In this case, reach out to the physical security team beforehand to see if they need any cable runs done in that area as well. Maybe they have been wanting to add a camera or card reader in the same location that your team will be working in.
Share information about how IT devices on the network are monitored and maintained, how and when edge devices are patched and how risks are mitigated on those devices. Bringing your physical security counterpart into the fold will be beneficial for both of you and your respective departments.
In the end, you and your team are ultimately responsible for the security and performance of the IT infrastructure and the data within it, so having a good working relationship with the physical security team will help to meet that goal as well.
Knowing what devices they have on the network, what those devices do and how they do it are key to keeping your IT infrastructure secure and performing well.