The chief security officer for an US-based Fortune 100 manufacturing company explained the benefits he has unlocked. His security budget does not grow much from one year to the next. As a result he cannot simply identify a money-saving high-ROI project and deploy it. One of the first programs he put in place didn’t cost any money but yielded great dividends.
He invited the corporate security, IT security, and compliance management teams to collaborate when setting or modifying security policies. Each group had periodic meetings to review security policies and agree on language for new policies. The meetings sometimes included representatives for business units affected by the change. When the security groups began collaborating on policies, they discovered that they all had concerns about strong authentication in common Together, they discovered that a single card could serve as ID badge, door access card, and network smart card.
Not duplicating efforts and technologies around cards, badges, readers, and network authentication meant immediate and obvious savings into the hundreds of thousands of dollars. From a few new policies, a successful task force was born. Now the risk management steering committee, comprised of members from many different areas in the company, makes recommendations and divides responsibility for all operational risk management. Less overlapping effort equals more time and money for new projects, better security, and faster response.
Today, the CSO benefits from the coordinated efforts of multiple security and risk management groups, producing integrated security policy management, a shared internal website for security information, a common security awareness program, integrated security incident management, and combined reporting. His operation works better, smarter and cheaper, giving him more personnel talent, time and money to deploy high value technologies like event management workflow software, digital video systems, and identity provisioning software.
Software, computers and networking are sweeping across the physical security industry. Not only are manufacturers incorporating these information technologies, but corporate security executives are also discovering more efficient and effective ways of running a security operation with better policies, processes, and tools inspired by information technology. Using a combination of better technologies and shared information, security executives tap into new value.
Comments