Steve Hunt is an executive strategist with expertise in information security, physical security, confidential information protection, critical infrastructure protection, technology, risk management and regulatory compliance. He was inducted into the ISSA Hall of Fame for his achievements in information security and, CSO [Chief Security Officer] Magazine presented him with the “Industry Visionary” Compass Award. For over 20 years Steve has been helping organizations to create value from security and technology investments. His clients are diverse, in industries such as banking, health care, oil & gas, software, and retail. With each client, Steve helps to create a strategic vision, then maps out its execution including business justification, technical architecture, governance, risk management, compliance, technology selection, and training. His favorite projects are those business-critical initiatives that touch both employee behavior and the IT infrastructure.


Christopher P. Skroupa: Will the new class of physical security technologies utilizing cloud computing and big data analytics merge with IT security systems?

Steve Hunt: Your question is complex, Chris, but I don’t think the answer is. Let’s break it down. Physical security – the world of guards, guns and gates, of key cards and surveillance cameras – that world is changing fast. Software and computing infrastructure underlie all physical protection systems nowadays. In the last few years some physical security vendors have looked to the Cloud as a home for that infrastructure. In the IT milieu, it’s the same. Companies turn to so-called Infrastructure-as-a-service to lower costs and complexity. So, yes, the baby steps the physical security industry is making today will turn into highly functional solutions in the near future.

How long? I predict we have to wait for the largest IT technology firms – IBM, Microsoft, Cisco and the like – to realize the value of working with physical security. Each of those tech companies has dabbled in physical security, but none has taken the opportunity seriously, and therefore, the heavy lifting of creating merged physical/logical security systems is left undone. Think of it: One day a company could manage all its employees and contractors, and all their physical and logical activities, in a secure cloud infrastructure. Small enterprises may even see the value more apparently, by avoiding all the equipment and wires in the first place.

Skroupa: Do our IT systems add to confusion and make us more vulnerable?

Hunt: I’ve often wondered this. Decades ago, we thought information technology would decrease use of paper in offices. It has not. We also thought it would add efficiency. It has, but only if you look at routine tasks. Arguably, IT has created more inefficiencies than improvements. Just look at your inbox. Twenty five years ago businesses grew and made millionaires only by corresponding via the post. And as with email, hackers and state-sponsored espionage also add cost and complexity to our IT infrastructure.

One of my clients is a hot new startup in the Internet of Things business. The executive team uses computers to crunch the algorithms dreamed up by the company’s dozens of data scientists. That part of the business is straightforward – dream up new ways to analyze data and use computers to process it.