Security

Poll: How involved is your IT department in managing physical access control systems?

As security devices are brought onto the IP network, many IT departments are finding they must manage physical, as well as network, security. Does your IT department manage physical access control systems in your organization? Take this quick poll and let us know.

Traditionally, access to physical locations (buildings, high-security rooms, the wiring closet, etc.), have been handled by an organization's facilities or security department. Yet as devices are brought onto the IP network, many IT departments are finding they must manage physical, as well as network, security.

For a look at Fujitsu's PalmSecure biometric technology, check out the following videos:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

3 comments
cbader
cbader

Our server room has no locks, its a big sliding glass door. The wiring closet has a lock on it but the key is held by the CFO, so it remains unlocked.

Osiyo53
Osiyo53

Our company IT department is somewhat involved in physical access control. And will never have full control. Among other things, the company I work for does electronic security and physical access control system design and installation. And we have customers with very stringent and demanding requirements. The thing is that the design, installation, and long term maintenance of good security systems is a specialty, a career specialty if you want to be very good at it. And, yes, I am not just talking about door access, video surveillance, and so forth. I'm also talking about securing sensitive data, maintaining the integrity of an organizations PC's, servers, and so forth. So, for instance, despite the fact that our company IT department has people who are quite good and knowledgeable. They aren't nearly as knowledgeable of security systems and philosophy as they might think they are. After all, their day to day work keeps em busy enough. And, lets be realistic, your weak link in a good security system might be within your own IT department. This isn't just MY take on the matter. It's also the way our most security conscious customers also view this sort of thing. So while our IT department, and that of our very security conscious customers is, of course, involved in planning and execution. They DO NOT have full control. And in fact aren't even told everything, haven't access to everything, etc. Within our company, our security systems design and implementation group, a small number of them, have overall responsibility for our own internal security systems. And among other things they do, they'll routinely audit and check up on our IT department. That security specialist group, BTW, does contain a couple IT professionals, who specialize in IT security. But they're separate from and not connected to our IT department. This is generally, almost always, also true of our most security sensitive customers. They have a separate security group, and I'm not talking about their security guards, that is responsible for overall security. Which also contains IT security specialists who are not members of the organization's IT department. Because one of their jobs is to watch, audit, and otherwise try to find IT department personnel who might be violating the security rules. It's kind of like this, let's take one VERY security conscious customer of ours. Their facility is loaded with surveillance cameras, various access control devices, motion sensors, etc, etc. All monitored 24/7 by better than average security department watchmen and guards. But what those guys don't know is that there are additional systems and equipment installed which they don't see, which don't show on their monitoring screens ... which watch over THEM. Oh, actually, they do know. They just don't know the specifics of where and what and how. Those additional security systems and methods, that watch the watchers, are only known to a very small core group within the security department. And are accessible only to them. Get the idea? That small core group, BTW, NEVER actually have a chance to be alone in a situation where they might lay hands on the valuables that are being guarded (meaning either data or actual physical items being guarded). At all times, everything members of that core group do is monitored and watched by someone else. The problem with an IT department having full control and power is just this ... who watches and monitors them? Plus, it is unlikely that any of them are all THAT knowledgeable of proven, tried, and true security methodology and philosophy. Which entails a lot more than simple knowledge of security hardware or software. Sorry, can't go into a lot of details. For obvious reasons. Anyone interested can start learning the types of things I'm alluding to by obtaining and reading some books on the art and science of physical security.

SilverBullet
SilverBullet

some of the members who made posts on the BIOS password discussion. This is the first level of security that often is ignored. I work in a very tight security environment, which I'm am not going to discuss however, my consulting business has many experiences dealing with a business culture that has an "it can't happen to me" or is ignorant attitude towards physical security.

Editor's Picks