Infosecurity North America made its debut at ISC East in New York, bringing about 30 IT security companies to the physical security industry. With all the talk of the convergence, this increased presence of information security at a traditionally physical security show was a good thing. But it was sloppily done, resulting in several mixed messages.
Rather than give the Infosecurity exhibitors a prominent location to learn more about physical security and educate attendees on their side of the story, they were herded into the rear left corner of the show floor, seemingly as an afterthought. Meanwhile there were at least two ISC East exhibitors whose products are known to have been breached, resulting in backlash from the U.S. government.
While the Infosecurity placement was likely due both shows being owned by separate entities, it certainly speaks to the divide that continues to exist between these two disciplines that in reality should be merging into one.
In addition to its abysmal location, Infosecurity was also physically segregated from the main ISC East floor. This likely had to do with who “owns” each event, but regardless, it is a reflection of the security industry in
general. While physical security largely relies on IP technology, information security remains to some extent on the outside looking in. So while the industry should be embracing information security, the reality is that it’s still an “arm’s length” relationship.
Barriers to Entry
The “show within a show” was literally blocked off from ISC East by booths and other physical barriers that left only a handful of entry points, where you had to have your badge scanned before entering. The message this seemed to send was, “Pay no attention to the show behind the curtain,” which is unfortunate given the increased role of IT in the industry.
You’d think that physical security’s increased reliance on networks would be driving companies to cross over from one side to the other. And while some vendors talk about doing just that, evidence of this was nowhere to be found at ISC East.
Kisi was the only exhibitor with a presence in both shows. That meant reserving, staffing and likely paying for two booths. It also meant two different messages. On the ISC East side it was “Keys made easy: the right people, the right access.” On the Infosecurity side, it was “Modern access control compatible with Gsuite, Splunk, Active Directory, etc.”
The fact that Kisi even felt the need to exhibit in both places speaks to another divide between physical and information security, namely the language barrier.
ISC East does a great job providing a mobile app that allows people to find exhibitors, education and events that interest them. However, none of the Infosecurity exhibitors were listed. If you tried searching for any of them, you were out of luck. So if you relied on the app, the Infosecurity exhibitors (including Cisco) were nonexistent. So unless you happened to venture to the back-left corner, you wouldn’t have known they were there at all.
Of course, trade show politics probably had more to do with the separation of Infosecurity from the main show floor and the requirement that attendees have their badges scanned to enter. However, the placement left much to be desired. The security professionals at the show, many of whom could probably benefit from learning more about the information security products and services available, had to go out of their way to visit Infosecurity exhibitors. You have to wonder how many actually did that.
Convergence has been a buzzword in the physical security industry for years, but so far we’ve seen more talk than action on that front. The physical security industry has a less-than-stellar track record on cybersecurity, and ISC East had a real opportunity to send a strong message that it the industry is embracing information security by giving Infosecurity vendors a more prominent location on the show floor. Instead, they were relegated to sideshow status. Not only does this “business as usual” approach do nothing to bring the two sides closer together, but in many ways, it drives them farther apart.
The longer we continue to pretend that physical and information security are two separate disciplines, the greater the dangers to end users in the form of data breaches, compromised video surveillance and access control, and more.
We’ve talked about convergence long enough. It’s time to lose the territorial mindset and break down the barriers between these two equally important and intertwined approaches to security.