Merriam-Webster defines convergence as “the merging of distinct technologies, industries or devices into a unified whole”.  Security Convergence, in its broadest sense, represents movement towards more holistic management of the commonly disparate security and operational risk domains within an organization.  Yet despite its popularity and support for nearly a decade, convergence continues to be a struggle for organizations and can still create strong debate, as evidenced by a recent article in Network World and resulting blog commentary.

Styles of Convergence

As identified by Steve Hunt in a CSO post, there are three common levels of convergence, chosen to meet the goals, structure and political/management culture of organizations.

At the most basic is physical convergence, taking advantage of the ubiquitous IT networks, systems and storage.  For instance, many organization are working to bring closed-loop physical security, video  and environmental monitoring systems onto IP networks, with related concerns around bandwidth, availability, and security (reminiscent of telecommunications and data network integration  a decade ago).  Or the challenges in applying data practices or privacy/compliance regulations, so well established in paper records management, to burgeoning electronic records stores.

Moving up the scale is logical convergence, where organizations can integrate, correlate and utilize information sources or processes from disparate security domains.  This is evident in areas such as the utilization of a single badge to access physical premises and IT systems, correlating physical records (video, logs) and IT event logs for fraud/forensic analysis, or integration of business continuity and incident response with IT disaster recovery.

Often the most challenging, process convergence brings together the processes and people from formerly isolated security domains under one guiding risk or security governance structure, whether merely in a cooperative approach or a fully unified reporting structure under a CSO or other risk manager. This provides the most cohesive approach to managing risk across an enterprise.

Each level of convergence represents a different level of efficiency, awareness and security posture gains, but also is infused with attendant risk and political wrangling to overcome.

Security Convergence, Secure360 Style

Convergence has been a key, driving theme of the Secure360°™ Conference since its inception and is reflected in both our membership and in the tracks/sessions we select.  We strive to portray a holistic approach to convergence, including all aspects of security and operational risk management across domains such as physical and logical security, business continuity/disaster recovery, audit, records management, privacy and compliance.

To learn more, come to Secure360°™ and see our convergence panel session, then expand your knowledge and organizational worth by getting outside your comfort zone and attending sessions on topics in other security domains from those in which you commonly practice.