The New Norm: Information Assurance
Since 2005, integrators have become aware that convergence “is all about the integration of applications and devices,” said John McClurg, vice president of global security & chief security officer at Honeywell International. Moving forward, the watchword will be information assurance, as in “it’s all about the digital information in our integrated environment being trusted and secure,” McClurg said. The reason is that the small, medium business owners, security executives, and/or the boards of directors of your customers will expect these protections in their security policy. The new normal for the security executive in the 21st century is protecting “all the business assets all the time,” McClurg added.
Enter the 21st century security executive, who is evolving their skill sets to include a clear understanding of how information assurance impacts business operational success and brand reputation. When the FBI mandates that cyber crime is now its third priority â€” following weapons of mass destruction and domestic terrorism â€” the problem has evolved well beyond the financial resources and the operational scale of the IT department alone to address it.
McClurg is a prototype for the new security executive. I first saw him present an excellent keynote speech at the Security 500 program (www.sec500.com) in New York.
As a former supervisory special agent with the FBI, McClurg held an assignment with the U.S. Department of Energy as a branch chief, charged with establishing a cyber-counterintelligence program within the DOE’s newly created Office of Counterintelligence. Prior to that, he served as a supervisory special agent within the FBI, assisting in the establishment of the FBI’s new Computer Investigations and Infrastructure Threat Assessment Center, what is known today as the National Infrastructure Protection Center within the Department of Homeland Security. His commercial experience included a role as vice president of global security for Lucent Technologies prior to his responsibilities at Honeywell. McClurg’s experience typifies the public-private collaboration our nation needs to secure global business.
McClurg’s leadership within Honeywell has included championing the creation of a “Converged Risk Assessment Model,” where risk assessors are cross-trained to engage in both physical security and IT risk analysis, “integrating the vulnerability assessments of both worlds,” he explained. A secondary step includes merging cyber security best practices into the Honeywell global security policy. McClurg feels that the physical and cyber worlds are “inextricably interconnected.”
His advice to integrators and security professionals alike is to, “Leverage the convergence of both security products and the expertise of the people using them into a holistic approach by which to confront the cyber and physical threats of the 21st century.” He believes that new security thinking involves a broader view of the business through the vantage point of “information assurance,” rather than a strictly traditional “guns, guards, and gates,” mentality.
The global security approach at Honeywell International is an excellent case study for an industry whose executive roles are in transition. It underscores the challenge facing both individual companies and our industry. A holistic approach broadens the security landscape and increases revenue opportunities.
The Honeywell sales organization has seized on that opportunity, advancing product offerings that leverage the operational example set internally. It will be interesting to see the extent to which the broader physical security industry’s integrators and distribution channels realize the value of creating products and positioning services to embrace information assurance as an emerging trend.
Innovators like McClurg (and Honeywell) are pioneers that expose emerging mega trends. It is up to security executives, distributors and integrators alike to execute a plan to take advantage of the opportunity.