Home > Articles By Issue > Safety & Security > Article Mar. 2003

Physical And IT Security: Converging With The Traditional Roles Of The Facility Manager

The upside to the seemingly daunting state of security is that an unprecedented number of resources are available to help facilitate the measures necessary to protect valuable assets. Never before has the marketplace been flooded with such powerful technologies and skilled industry experts, and never before has an investment in these resources been so important.

Many, if not all, facility managers find themselves firmly entrenched in the world of physical security management with good reason. With the expertise to run and maintain crucial environmental systems, mechanical processes, HVAC, fire alarms, and other functions, it makes sound business sense for physical security to involve facility management professionals or become an extension of their operations.

What doesn't make sense is the expectation that every facility manager miraculously morph into a security expert overnight. To achieve such a feat, people would have to understand the intricacies of conducting security surveys and assessments, understand the latest technologies and their applications, be able to forecast accurately an endless barrage of threats, and have the ability to develop a comprehensive security solution tailored to fit the organization-all while wearing the numerous hats required on a daily basis to operate a facility.

Fortunately, facility managers who lack the time and resources to develop a comprehensive security background do not necessarily run the risk of jeopardizing their careers-or the safety of their colleagues. Rather, facility managers are in a position to reap the benefits of a security industry that has flourished in recent years through advancements in technology and important strategic insights. By working with security experts, facility professionals can better understand their true risks and have access to the latest software, hardware, wireless technologies, and proven methodologies to create a program that will help reduce risks and provide substantial recourse in the event of a problem or crisis.

According to a Cleveland, OH-based Freedonia Group Report, the U.S. represents the world's single largest security service market, accounting for over 40% of total demand. Sorting through the myriad of available tools, technologies, and providers can be just as frightening as the prospect of security failure itself. Managers and other professionals striving to maximize their companies' security and provide the safest environment possible should start by developing an understanding of current security trends and the challenges shaping them.

Armed with this information, facility professionals will be better prepared to assess, develop, and sustain programs that meet their security requirements in a cost-effective manner. And as an added incentive, managers will stand to simplify their operations, ultimately improving the overall quality of their own work environment. Prior to the dramatic shift that occurred following the terrorist attacks of 9/11, companies focused their efforts on loss prevention and the deterrence of internal threats, such as employee theft, workplace violence, and sabotage of a facility and its assets. Liability also played an important role for companies investing in security programs before 9/11.

Security systems with features such as access control and CCTV were designed and installed to help deter criminal activity, record entry and exit, and protect employees while on the job. In addition to providing employee protection, these security tactics served the dual purpose of protecting the company against fraudulent lawsuits filed by employees or visitors.

The Impact of 9/11

It is no surprise that the security industry swelled in importance, size, and scope in the months since 9/11. The initial 1993 attack on New York's World Trade Center introduced an awareness of the potential terrorist threat in the U.S., which resulted in new security procedures and policies. This attack, however, did not prepare companies for the magnitude of the destruction and loss that later occurred.

For the very first time, many American businesses understood the significance and indispensable value of investing in a security program capable of protecting its people, property and information and of developing a crisis or business continuity plan. Facilities managers' attention to-and attitude toward-security quickly changed from a focus on privacy and convention to the sudden and pervasive realization that new, more stringent safety and security measures were necessary.

"Security is not just a privacy issue, but one of economic survival through demonstrated best efforts to prevent compromise by not being negligent of potential threats," states Mark Cherry, product development manager, for Golden Valley, MN basedHoneywell ACS Service.

Physical barriers such as guard booths and barricades were immediately erected, and guards seemingly multiplied and became increasingly more visible in building lobbies, key entry points, and in public areas such as malls and transportation facilities. Turnstiles and access control systems were quickly installed. Security firms reported a deluge of calls from thousands of companies requesting security audits and immediate upgrades to existing programs. In addition, the anthrax scare had companies rethinking their mailroom procedures and access to all of their property, including shipments. While the deadly chemical agents are well published, other more common toxic industrial chemicals (TIC) are creating a concern for authorities.

"Chemicals such as chlorine, ammonia, and cyanide are transported daily through major metropolitan areas on tankers and rail cars," informs Scott Goetz, director of sales and marketing, of Edgewood, MD-based Smiths Detection. "While not as deadly as battlefield chemical warfare agents, TICs are easier for terrorists to acquire, control, and disperse."

Post 9/11

The surge in heightened security measures was only temporary. Much of the initial frenzy subsided in only a few months, largely due to the slowdown in the U.S. economy and new interest in corporate compliance. Faced with a bear market, unemployment at its highest levels in recent years, and companies conducting mass employee lay offs, the budgets for elaborate new systems or additional security personnel quickly disappeared.

"Immediately following 9/11, American companies had a knee jerk reaction and purchased systems and products that really didn't need to be implemented," remarks Andrew Podolak, director of operations for U.S. Security Care. "However security, albeit slower, continues to be an upward trend."

In addition to these economic influences, smart companies spent more time during the months after 9/11 reassessing their security risks, addressing business continuity, and evaluating the performance of their existing security programs, systems, and personnel. Marc Goodman, senior managing director, of Falls Church, VA-based Digital Security and Investigations Group of Decision Strategies, highlighted the dramatic changes that took place in late 2001, noting, "The shift in security turned to terrorism and evacuation. Everyone rushed out and got a security audit." Looking ahead, he added, "The threat [of terrorism] is ongoing, and people are gradually growing lax about their security-especially physical security. The hyper vigilance is dissipating."

What Is Driving The Industry Today?

The following factors are impacting security in the building management profession:

• Homeland security;
• Terrorism and war;
• Public and media;
• Liability and corporate compliance;
• Increase in cyber threats/attacks and identity theft; and
• Technology.

Security audits and assessments led to new interest in integrated, cost-effective security systems with an emphasis on access control and information technology (IT). Companies demonstrated a more selective approach to spending by investing in customized solutions that created efficiencies and tied in more closely with business operations. The focus shifted to protecting assets from the most likely risks. This strategic approach continues to be strong today, with industries relying on the knowledge and experience of security consultants and suppliers integrating the latest security technologies.

"The advantages of technology based products are that they are always alert and offer cost-effective solutions-especially compared to adding personnel which is expensive and not always effective," says Tim Mohl, director of marketing, for Horton Automatics based in Corpus Christi, TX.

Other changes since 9/11 include the emergence of new roles and responsibilities related to security, such as the role of facility managers and the emergence of the new chief security officer (CSO).

An Industry Moves Forward

Current trends and statistics indicate that security remains a top priority for American businesses and their employees, and spending seems to be continuing, just at a slower rate. In a 2001 Seattle, WA-based N2H2 survey, security was named as the most pressing issue for 31% of U.S.-based companies. Industry surveys also indicate employees are accepting increased access control, pre-employment screening, and background investigations for new and existing staff. Recently passed legislation requires companies, to know more about their employees, contractors, and suppliers, as well as their overseas operations and international partners.

This newfound emphasis continues to produce exciting advancements in security technologies, so current trends in the industry and the impact these developments are having on facility managers warrant examination.

The difference between traditional security operations and those being employed today can be summed up in one word: technology. The advent of the Internet and other new technologies is revolutionizing how people communicate, work, and seek entertainment. By incorporating advancements in communication and information storage into access control, surveillance, communications, and other physical security devices, systems have become less dependent on personnel and their inherent skills to create a more secure environment.

Miscommunication

In addition to the risk of human error, several challenges arose from the traditional model's dependency on personnel. One of the most common problems that prevented security programs from realizing their full potential was the limited interaction between security personnel and other business operations, such as facility management and the IT departments.

Despite the commonality of their goals and overlapping responsibilities, this absence of collaboration between the different departments arose from traditional organizational structures that discouraged interaction and collaboration on a regular basis. This structure created an occupational silo effect that limited communications and prevented a more successful, cohesive team approach toward business operations, including security matters. Now, a gradual transformation has occurred through increased demand, downsizing, increased productivity requirements, and the introduction of new technologies.

Security Personnel Versus The IT Department

Many industry experts attribute these communication breakdowns and functional silos within the traditional organizational model to disparate professional backgrounds, education, and demographics of the individuals working within these departments. Security personnel, notes Goodman primarily tend to be older, second-career employees with former investigative backgrounds such as retired police officers, FBI, or secret service agents with little past access to computers and other technologies.

The average security professional is a 35-50 year old male with 10 years of security experience. Nearly, 65% has previous law enforcement experience, and only 38% report security as their primary or singular responsibility.

In contrast, IT personnel-the majority of whom are engineers, programmers, or other technical professionals-tend to be younger and bring entirely different skill sets and perspectives to the mix. These differences fostered a segregated work environment in which people were more inclined to interact with those sharing similar backgrounds. The increased use of computers and rapid introduction of technology into the physical security world is beginning to close this communication gap and improving collaboration among IT and security personnel.

Companies and associations are pitching in to provide education and training services to update people on the latest technologies."Organizations like ASIS provide excellent seminars for security professionals who are interested in knowledge development," explains Bill Lozen, vice president of product management, of Fairport, NY-based Bosch Security Systems. "While not intensive IT training, it does enable security managers to know when to call in the professionals and why IT plays such an important role today and a larger one tomorrow."

While there is still a long road ahead, these diverse organizations and people build the trust and focus on common issues required to develop significantly safer and more secure work environments.

Integration

Technology will continue to force these groups to link their programs and create an operational model that is built on an integrated enterprise approach to security. The positive impact of technology on security programs is certainly not limited to the improvement of communications.

Recent advancements by security software and hardware manufacturers are solving the problems associated with product system integration. Facility managers and other security professionals have long struggled with the time and cost involved with replacing system components.

Until recently, security system crashes and failures meant facility managers and their counterparts were regularly forced to replace individual system components. This was both time and labor intensive due to the difficult practice of identifying and ordering compatible components that would seamlessly integrate into an existing system. Equally troublesome, switching out components also meant the purchase of new hardware or software, placing an unexpected strain on the security budget.

Today, this problem is rapidly disappearing as more and more manufacturers are now credited with creating hardware and software designed with compatibility in mind. This process has resulted in new efficiencies and resource savings for businesses. Reliance on technology should also help to resolve the ongoing battles between physical security professionals and IT departments in terms of responsibility for security and the appropriate budgets. Different strategies, approaches, and priorities magnified by a lack of communication and understanding of their counterparts' perspective have created this disconnect and struggle. Fortunately, the process of developing security programs focused on integrated business continuity has created increased dependence on and cooperation between traditional security and IT personnel. While the effort to secure funds and prioritize security measures still remain contested issues for many businesses, more companies are effectively merging the roles and responsibilities for physical and IT security into a shared resource through security committees and regular, ongoing communications.

Security Advances

Challenges related to the traditional security operational model are being replaced with more cost-effective, enterprise-wide, integrated solutions. These increased efficiencies will be tied directly to advancements in security technologies and an emphasis on proactive preventive programs.

Expectations of double digit growth in sales for security systems, personnel and consulting services are even more impressive in the face of today's stalled economy. Security is not only surviving the slowdown; it is thriving because it is providing increased efficiencies.

"The end result is that a higher level of security systems, products, and procedures is in place today than existed pre 9/11, and people have grown accustomed to this higher level," explains Inna Shames, director of marketing, at Suffern, NY-based Temtec. Evidence of security's expansion is everywhere. Just last year, a report published by Stamford, CT-based Gartner research group shows that firms plan to spend nearly 4% of total revenue on security services by the year 2011 versus just .04% today.

Growth in the guard sector is also apparent. According to an October 1, 2001 Los Angeles Times article, two of the largest guard firms anticipated hiring between 15,000 and 28,000 more guards following 9/11. Combined, these two firms boasted employment numbers of over 170,000 worldwide as this issue goes to press. Additional industry research shows that growth and spending will continue across the board in years to come. A May 2002 survey conducted by the Buffalo, IA-based International Security Management Association (ISMA)-whose 400+ members include only the most senior security personnel at Fortune 500 companies-reveals that 70% of companies reported increased spending spread evenly between technology, staff, and access control. The same survey broke down the numbers further, showing that respondents expected to spend 36% of their allocated budget on technology security measures, 23% on staff, and the remaining 11% on the development and execution of security policies.

Opinions: Everyone Has One

Contrary to these findings, many security practitioners are reporting that companies are not necessarily spending more, but are simply spending more wisely.

"Since terrorism seems to have no end game, companies are routinely looking for ways to upgrade their security systems and are looking more and more to electronic systems to bring their security systems into the 21st century," states Bill Walsh, national sales manager, of Wheeling, IL-based CCL Security Products.

Chuck Fisher, senior consultant and president of Belmar, NJ-based SecPro Services Inc., reports seeing businesses raise the priority of their security programs, and in the process many are taking a second look at the people and technologies involved with their existing systems.

These companies are ultimately trying to determine what would make their business more efficient without spending more. Fisher also stresses that spending in the security industry is largely dependent on the vertical markets it services. He cites the example of the consumer packaged goods industry, and how that industry has responded quickly to enhance its security levels. Some vertical markets, Fisher points out, are especially slow in their growth, "Until they have the accident at the red light, they won't make a lot of changes."

Security industry professionals from every facet of the business-including endusers, manufacturers, suppliers, vendors, and consultants-have widely differing opinions on the current state of spending and the growth potential of the industry despite the projections that have been published in recent years. Mark Oakes, president of Sykesville, MD-based Intellimar, Inc., says he has seen an increased sensitivity for the need of physical systems to create a line of defense around or inside a building following 9/11. He is quick to point out, however, the current boom in the business has caused an altogether new problem for the industry. Demand is now often outstripping supply, especially for the latest access control and perimeter security measures.

"This has led many companies to seize the opportunity to make money with many businesses that have traditionally lived in different markets now crossing into the security sector," explains Oakes. He illustrates this crossover movement with examples such as engineering and architectural firms that are now forming key divisions within their organizations to design more secure federal buildings, electronic monitoring security companies now responsible for erecting vehicle barriers, and IT consultants becoming increasingly involved with designing and deploying software communication systems for emergency scenarios.

To avoid suppliers and others who may be opportunistic and motivated solely by market conditions, Oakes stresses the need for facility managers and other in house professionals to identify and discern the expert or experts in a specific area of security.

The debate over spending trends in the security industry will likely continue over time with the introduction of new threats and the fluctuating state of the economy. Facts will become clear only when the actual market figures develop. Business requirements will also play a role and change as new technologies are adopted to simplify processes, eliminate inefficiencies, improve communications, and completely alter programs as we know them today.

Understanding these technologies and the pervasive impact they have on security measures should be a priority for facility managers. Knowing what tools are available and how they fit in an overall security program will give managers and other professionals an unparalleled, competitive advantage in the workplace by ensuring a safe environment for employees and protecting its assets.

The Technology Advantage

It is already difficult to imagine life before the Internet. Its advent has forever changed how we communicate, learn, conduct business, shop, and perform a host of other activities. The security industry is a prime example of the Internet's power to change existing practices. Before online technology entered the mainstream of the security world, professionals were forced to work with tethered technologies that limited their surveillance, access control, and communication capabilities. Rather than have the freedom to monitor from anywhere in the world at any time, professionals relied on a local surveillance effort running on coaxial cables. Emergency communications that were once considered adequate in the security industry are now seen as dangerously slow in comparison to the lightening speed of Internet-enabled information sharing. Another nice feature in today's access control is the wireless capabilities. Personnel can be away from the office and still access their security networks.

"Today, more access control systems are able, via wireless phones and pagers to get information out to security officers on patrol," states Kevin Maynard, director of marketing, SimplexGrinnell based in Westminster, MA. " It's even possible for CCTV images to be transmitted to a hand held personal digital device."

Other security measures are also becoming centralized, thanks to the fast, reliable, and relatively inexpensive technology of the Internet. To appreciate the revolutionary affect of the Internet on the security world, one only needs to remember the technology that persevered through the attacks on New York's World Trade Centers. Telephones failed, and in many cases so did cellular phones. However, e-mail weathered the tragedy better and enabled emergency communications, both personal and professional to subsist.

Tools

Security professionals disagree on which tools, systems, and technologies are essential to running a successful security program. These conflicting views often leave those responsible for selecting and implementing appropriate measures with a complicated wealth of products and services to chose from with no clear direction on what is best suited for their security needs.

Many facility managers are attempting to resolve the uncertainty by conducting security audits with the assistance of consultants and other security experts. Further complicating the process, few written standards exist for security due to the diverse individual requirements of organizations such as industry, location, risks, and liabilities, leaving individuals to develop their own guidelines.

There is a new trend toward the development of security guidelines and industry best practices being developed through security professionals and trade associations including ASIS International, the Security Industry Association (SIA), and the National Association of Security Companies (NASCO), as well as many industry specific organizations and federal/state regulators.

Despite a lack of consensus regarding the elements of a security program and an absence of true industry benchmarks, many security experts surprisingly agree on which new technologies are having the greatest impact on facility security by improving operations without driving up costs. A snapshot of these important tools and services offers a glimpse at how these technologies are different and the value they bring to a security operation.

Digital Video and Remote Monitoring

Digital video cameras are popping up in facilities everywhere. Smaller, more compact, and extremely durable, digital video cameras are now being strategically mounted in less visible locations to give security staff a more comprehensive view of their facility.

"These systems will be retrofitted into existing installations but will also be integrated with either existing or upgraded security systems to enhance their effectiveness," says Steven Turney, security marketing manager, of Carrolton, TX- based TAC Americas.

Offering a complete picture and a more tactical vantage point from which to monitor an area is just one of digital video's benefits. This emerging technology is distinct in its ability to capture images and turn them into files that can then be quickly compressed and transmitted to anywhere in the world with Internet connectivity.

Digital video eliminates the videotapes and costly cable normally used in analog surveillance techniques. Digital video also enables users to store and catalogue captured images on a computer network and retrieve them from a hard drive or a network by conducting a search based on a date, time, or event. The entire process saves valuable time and reduces the cost and aggravation associated with installing, running, and maintaining a standard analog video surveillance system or CCTV operating with coaxial cables.

Digital video recording has entered the mainstream primarily because of the technology's cost-effectiveness. The quality of the digital images is also fast improving and is expected to rival the quality of images produced by traditional analog systems. What makes the technology of digital video even more appealing is its remote monitoring counterpart.

Remote monitoring is undoubtedly one of the defining technologies for modern day security operations. With the help of digital video cameras, security personnel are increasingly monitoring their facilities from remote locations by pushing video images over several different technology networks. These networks include: Internet protocols (IPs), local area networks (LANs), wireless area networks (WANs), and virtual private networks(VPNs). This technology is already saving businesses with multiple facilities time and money. Remote monitoring gives these companies greater flexibility in their operations by allowing them to add more cameras than ever before to their surveillance efforts and easily transmit the recorded images to a remote location from anywhere in the world.

Derek Trimble, vice president of marketing and new product development, of Milwaukee, WI-based Johnson Controls Security attests to the value of digital video and remote monitoring, "Video enables you to see an alarm before it occurs. Digital video interrogates the event and finds out what happened prior to being alerted."

Web-Enabled Software And Applications

Digital video and remote monitoring are not the only security related operations employing technology today. Many facility operations are one by one becoming Web-enabled, including access control, environmental monitors, lights, fire alarms, and HVAC. These have long been regulated by software and other applications and are now being managed and maintained via the Internet.

These security functions save businesses money on several fronts. First, they eliminate the need and cost associated with installation, maintenance, and upgrades for cables, wiring, and the like. Second, they allow for greater flexibility in monitoring activities, also saving facility personnel time, which inevitably saves money. Rather than have one person travel back and forth on a campus all day long or make a trip across town to a visit a separate facility, security personnel can now make adjustments to time alarm systems, unlock doors immediately in the event of a fire alarm, or receive step-by-step instructions in the event an environmental alarm is activated from one location.

Businesses that implement Web-enabled software or applications will also have the ability to establish a more uniform program with a centralized security effort that allows a main facility or headquarters to monitor plants or warehouses in different locations throughout the U.S. and the world.

Web-enabled applications are growing in popularity among facility managers and security directors running multiple tenant buildings, notes Bob Ralston, product manager of Santa Ana, CA-based Hirsch Electronics.

"Visitor traffic is more and more concerning, especially in the cases where you have a multiple-tenant facility with 50 + plus floors." states Ralston.

To resolve the access control issue for visitors in a large facility, an increasing number of security directors and facility managers are turning to Web based visitor enrollment. This process occurs when a tenant completes a visitor registration form and submits it by e-mail to security. Using this method, security is then able to produce a card for the requested visitor complete with access restrictions and an expiration date. Security notifies the requester with an e-mail confirmation when the card is ready.

This Web-enabled technique is especially appealing to businesses that regularly employ the services of contract employees, Ralston adds. Visitor registration is just one example of how Web-enabled software and other applications are becoming an integral part of security programs.

Smart Cards

Among the technologies revolutionizing the security world, the smart card is arguably one of the most sophisticated and powerful tools. The complex nature of smart cards and their seemingly unlimited potential to ensure access control, network security, and even personal safety, makes the cards an effective technology today, and an even greater one tomorrow. Despite the progress made in the development of smart cards during the course of the past three years, they have yet to break into the mainstream and replace standard access cards.

The difference between smart cards and their predecessors is much greater than just a few periodic upgrades and added capabilities. Once they are widely adopted, smart cards will forever change the way access control and other security is run.

The difference between standard and smart cards is best explained by what the former cannot do for security systems. Standard access cards cannot tell the difference between the actual owner assigned to the card and the user of the card the moment it is swiped or held to a proximity reader. The old card sends a fixed amount of data to a reader for access and gains entry except in the event that an administrator changes the data for that card owner and denies access. The limitations of this technology are obvious: a person who steals a standard card to gain entry into a facility will likely be successful, especially when a human element is missing to provide a dual confirmation.

Smart cards include a microprocessor with memory capabilities. When a smart card is presented for entry, information is exchanged between the card and a surface mount chip. Biometric components, such as iris, fingerprint, or hand geometry recognition, can be used in the cryptic data exchange to identify the holder of the card. This highly reliable access control technology is being used with more frequency now in the government sector than in private, but a trickle down effect, based on declining costs and public acceptance, is anticipated to make smart cards more readily available.

The Pipeline

Similar to smart cards, a number of new technologies and practices are still being developed for security use. For some, the goal is to go wireless and eliminate landlines, cables, and all other tethered technology. For others, the key to a more secure work environment lies in the use of biometrics on a sweeping scale. The projections for biometric use are impressive. USA Today reported on December 4, 2002 that the biometrics industry is expected to grow from $600 million to $4 billion by the year 2007. This growth is expected to take place primarily with hospitals, banks, and government agencies.

The extent to which biometrics will be used some day is still up for debate. Some experts suggest biometrics would better serve the industry as a second or third means of identifying an individual. Integrating biometrics into an existing access control process, for example, would involve first having an individual present a photo ID badge followed by the submission of a pin number and finally the reading of a fingerprint or another biometric for confirmation.

Several security experts believe the next generation of security will be characterized by such an integration of physical security with information technology. The degree to which integration will occur, however, is difficult to predict, and opinions vary on how to define what is a truly integrated program.

When it comes to the future of integration, Fisher says "A successful security program is not about money. It is about knowing how to pool together IT and personnel for the best mix." What will define the best mix remains to be seen; however, physical barrier systems such as access control, turnstiles, and gates are already dependent on information technology. And electronics are running CCTV, digital video recorders, alarms, and HVAC in many instances. Goodman believes that in order for any integrated program to be successful, it must focus on shielding a company's main network and data. "Don't think in terms of the physical things," states Goodman. "All things are connected to the main computer brain. Not protecting it is like playing football without a helmet."

Goodman is not alone in his estimation. Findings by Gartner Dataquest show that the IT/information security market continues to grow. The report predicts the market will be worth approximately $6.7 billion by the year 2004.

While integration exists today on many levels, true integration is believed to be a possibility years down the road for most businesses. Carter Griffin, CEO, of Arkington, VA-based Brivo Systems believes true integration will happen when the access control devices such as smart cards transition from authentication to general business use. Griffin envisions a work environment that relies on a single card for entry into the facility, sign on to one's computer with designated access to certain databases, programs and files, and even a card that acts as a debit card from payroll for the facility's cafeteria.

This card would also integrate security measures with human resources operations by serving as a time clock and tracking an employee's vacation time. Griffin suggests that a card that truly integrates with human resources data would even grant access to rest room facilities based on one's gender and indicate medical conditions when swiped in the event of an emergency.

Management Information Systems (MIS) And Security

What is evident today is the fact that security operations can no longer function alone. Security is becoming an integral part of business and merging with MIS departments, human resources, and in many cases, members of operations management who are responsible for running the organization.

Facility managers and other security personnel must bear in mind that as the lines continue to blur between physical security and IT, one must establish a balanced and secure program that does not create new vulnerabilities. The fact that computers are already controlling so many elements in today's facilities, one must recognize the potential of a major failure if the main system that operates these elements is disrupted, whether the disruption happens intentionally or unintentionally. A security program that relies too heavily on computers and eliminates the human element has the potential to become security's weakest link.

Security issues are mainly credited with moving the MIS department out from behind its walls and into the arena of business operations. Security professionals and facility managers now share the overarching goal of protecting a facility and its assets. Shared responsibilities compounded by the communication problems discussed earlier in the traditional operational structure create a gray area in many organizations. Within this gray area, roles are loosely defined, responsibility is often shifted back and forth, and processes are still being figured out. The newness of electronics supporting-and in many instances-running physical security operations raises the important question for many in the industry: Who should lead the security effort for a facility or an organization operating out of multiple facilities?

A large number of facility managers would like to have this question answered, but, in the interim are assuming a position of authority and leading security efforts. Whether this position is officially assigned or not, facility managers are ultimately held accountable for security because of its entwined nature with the other systems that run a building.

Overseeing the operations and technologies involved with access control, HVAC, fire, and environmental monitors simply cannot be done without the direct involvement and assistance from a company's IT members. Many industry experts assert that a committee or a team should share the overwhelming responsibility of providing security.

A New Position

More security professionals see a trend emerging that designates a company official to run security, and the new position is appropriately known as the CSO or chief security officer. The role of CSO has emerged at many large companies out of pure necessity. Global corporations, sensitive government structures, and other organizations with multiple facilities required a fulltime professional devoted to security.

Some generalizations have been put together so this position has more of a shape and context. This individual be empowered at the executive level in order to have a voice in decisions, acquire budget dollars and establish and enforce uniform security standards and procedures. The CSO position also improves safety by enabling a company to set up consistent qualifications for security employees and policies for them to follow.

The current debate over the CSO position is not whether or not it is viewed as corporate overhead, but instead what experience and skill set should this leadership position bring to the table.

Podolak reports that most of those elevated to the position of CSO have either an IT operations background or an investigative background with the FBI or police. "There is a big controversy in how this role will be defined in the long run," says Podolak. Regardless of the outcome he adds, "The CSO must have an understanding of the business itself."

Richard Taylor of Atlanta, GA-based Decision Strategies warns, the organizational structure and security itself, "won't work unless there is cooperation between the IT manager responsible for the network and the security director or facility manager."

Taylor does say this lack of collaboration can be prevented. "There is a lower incidence of problems when the person in charge of IT and the person in charge of security report to the same person," he states.

An Evolving Role: Facility Manager

The events of 9/11 had a profound impact on the role of facility managers. As companies moved quickly to enhance their existing programs in an effort to protect their facility and assets from potential terrorist threats, many took a holistic approach toward security for the very first time.

Dana Brown, vice president of Oakton, VA-based Vance International, notes that up until 9/11, physical security measures such as blast mitigation were seldom considered a priority. After the attacks exposed unforeseen vulnerabilities, companies began implementing a more proactive approach to security-including crisis management and business continuity planning. Brown says just one of the reasons that facility managers are now playing a significant role in the planning and execution of these proactive security programs is because "These plans take into account elements such as the structural integrity of the building and evacuation plans."

In addition to becoming more involved in the crisis planning process, a large number of facility managers are now charged with the tasks of installation, administration, and upkeep of new electronic access control systems. The push for managers to invest in electronic security solutions is driven by two primary factors: cost and reliability.

Many companies post 9/11 felt the need to invest in a more secure access control system capable of identifying employees with greater accuracy than guard personnel. Secondly, companies were forced to tighten their belts with the slowdown of the economy and required a solution that would help alleviate the costs associated with staffing security personnel. Electronic access control has been identified as a possible solution.

Traditional And Newer Access Control

The question that begs to be asked is: Should companies forgo traditional access controls such as badging in favor of biometrics? Some believe it will take some time for the widespread adoption of the technology. "Many skeptics say the technology is still too expensive, isn't foolproof, and too hard to implement," comments Daniel Faneuf, president, of Milford, NH-based Plasti-clip Corporation. "A study by Cambridge, Ma-based Forrester Research found that only 1% have implemented biometric systems and 58% of companies have no plans to implement biometrics."

Conversely, there are some security professionals who believe the new technology can impact the workplace immediately. "In the past, security applications were designed to support the manager. In contrast however, security tools today are designed and geared toward the individual or manager being trained to support the applications. "The individual is now working for the application rather than the application working for the person," states Fisher.

Many security experts argue that facility managers and security directors alike require regular education and training in order to take advantage of the full range of benefits that today's systems offer. Because training is considered a pure expense, many organizations lack the budget dollars to train their security staff members. Steve Futrowsky, managing director of Vance International Inc., cautions that with the market's increased reliance on electronics, companies still must have properly trained people to respond to emergencies when they are alerted. Without the funds to employ an adequately trained staff, businesses run a higher risk for litigation if and when an incident happens and avoidable mistakes are made.

The vast majority of security professionals agree that the systems purchased and now in place following 9/11 are underutilized due to managers' inability to focus solely on the operations of the system. This is compounded by a lack of training and instruction. This problem is expected to resolve itself in time with the economy's recovery and a return to spending.

Although facility managers are educated about numerous disciplines, they recognize their limitations in technology knowledge. Consequently, they are teaming with members of their IT departments as well as outside consulting resources to develop a team approach. Still, in light of this collaboration, facility managers and security directors remain in control and hold the reigns when it comes to making security decisions.

During the lean months ahead, facility managers must focus their limited time and resources on maximizing their existing systems. Facility professionals have the ability to pool together the talents that lie inside the walls of their organizations and develop contingency plans that optimize their systems and create the safest environments possible. The key to achieving these goals is information sharing and communication.

Organizations that focus on open and ongoing communications and knowledge management will form a more cohesive effort and a better proactive approach toward security. After all, knowledge is power and American businesses will come to rely on this source of power in the coming years as it works to help ensure the safety of its people and assets.