Different Worlds

Although the benefits of security convergence are obvious, there are huge cultural challenges to collaboration that physical and information security organizations must overcome. For starters, IT workers typically embrace new systems and like to play with them to see how they might be applied to their work, whereas physical security personnel are usually more skeptical and standoffish about emerging technologies, says Steve Hunt, president of 4A International LLC, a security consulting firm in Chicago. Those differences can lead to a disparity in terms of how the two groups evaluate and adopt security technologies, he adds.

Compensation is another bugaboo. Hunt says a physical security chief for a Fortune 500 company with 20 years of experience typically earns about US$60,000 a year, while an IT security manager who has been with the same firm for just two years generally commands twice as much. "It can be a real train wreck, and you can't normalize the salaries," Hunt adds.

Ownership battles can lead to increased isolation rather than collaboration. "In a lot of places where you have a strong physical security component and an information security program, the worst that happens is they shut each other out and say, 'This is our problem; we'll take care of it,'" says Jon Miller, president and founder of InfraGard Long Island Members Alliance Inc. InfraGard is a chapter of the cybercrime security initiative set up by the FBI in 2001 to improve cooperation between federal law enforcement officials and the private sector.

Gaps in training are another problem. These can include things as simple as a patrolling security guard not understanding the importance of turning off workstations that have been left on, says Dave Cullinane, president of the ISSA and chief information security officer at Washington Mutual Inc. in Milwaukee.