Should IT take over?
Yet another good discussion going on over at John Honovich's site, this time regarding the impending/never-gonna-happen takeover of security operations by the world of IT. Here's the nugget of John's take: I believe it would be dangerous for IT to take over physical security. If IT did take over, this would increase security and liability risks. Which is a little bit of a "no, duh!," but is also right, in my opinion. Here's the comment I left, below. Feel free to comment here or at John's place. Would love to hear the opposite view point. I think the analogy with HR or sales is apt. Obviously, both departments need IT to function, and some of their old duties have transferred to IT, but you wouldn't consider scrapping HR or sales entirely just because some of the functionality has been moved to IT. I think the IP telephony analogy is also apt, if in a different and not-bad way. Phones don't really have a department that manages them. The move to IP just shifted maintenance work from one person to another. Similarly, the maintenance of the security system will shift from one person to another. But the operation, installation, and upgrading of the system will still reside with security. The security department will still operate the system in the same way that HR operates the HR database/payroll/everyone's benefits. But when it breaks, they'll call IT, which can fix many, but not all, of the problems. When a specialized HR software program craps out, you call the HR software maker. When the security software/system craps out, you'll call either the integrator or the manufacturer. As for IT's increasing role in security decision-making, I liked something I heard recently on the Pelco-Cisco webinar: IT won't be the guys who say yes, they'll be the guys who say no. Security will select a product and bring it back to IT for vetting. If it's copacetic with the network, they'll approve, but not really care what you selected. If it's not going to be a good network citizen, they'll veto and the security guy will keep looking. So, for the integrator and the manufacturer, the idea is not to get veto'd.