The results of a new study from identity solution company HID Global appear to confirm a shift that many have suspected was coming. More and more, the management of physical access control solutions is coming under the control of information technology (IT) or information security. Researchers with HID Global collected survey results from more than 1,500 IT personnel whose responsibilities covered a broad spectrum of the industry, including managers, directors, and staff, all the way up the chain to chief technology and chief information officers (CTO and CIO respectively).
The research was conducted to gain a sense of the relationship between physical security and IT departments, whether they are currently working in concert, and how their organizational tech purchasing decisions are made.
IT and Physical Access Controls
While not dramatic, the report does highlight a transition of decision-making around and implementation of access control systems to include more involvement from IT. The survey shows that “more than half (55%) of respondents report IT as primarily responsible or having shared responsibility for access control within their organization. As a result, IT leaders are tasked with spearheading not only the protection of their company’s network- and cybersecurity-related initiatives—but also those set forth by the Physical Security department to protect employees, visitors and assets from internal and external threats.”
The sharing of responsibility appears to be occurring regardless of whether there is a physical security person or team/department in the organization, which 67% of survey respondents have in place. Among the respondents who said that IT isn’t involved in access control decisions, 36% of them see IT playing a role within the next 5 years. This suggests a continuation of the trend.
Not surprisingly, there’s a gap in the data regarding how small- and midsize companies share responsibilities for physical security decisions when compared to large companies. Larger companies (those with more than 1,000 employees) are more likely to have IT and physical security teams share the load when it comes to access control decisions and implementation. Companies with fewer than 1,000 employees report that IT has a bigger role in physical security decisions (37%) when compared to 14% for larger organizations.