The data is stored in the cloud and on various devices. With people working at home, in hotels and generally anywhere, the
           physical security of the devices is also with the User, so physical security has also converged with the technical and personnel.


           Its all with the User and security suddenly becomes a matter of trust rather than walls and doors. Hence with a converged
           paradigm of security there is a need to trust your users, but in doing so, use the well-known principles of ‘need to know’ and ‘least
           privilege’ to help retain some semblance of control.

           However relying on access control mechanisms has advantages, it means that when someone leaves the company, you can revoke
           the credentials and encryption keys and any company data they have on their phone or other devices is effectively rendered
           useless. No more physical boundary, now its a virtual boundary but you still have control.

           Looking from a different perspective, physical security is still very much a critical aspect, but now it is about protecting the offices
           and cloud data centres as physical assets, more than the information. However in the case of cloud computing, all of the servers
           have to be stored somewhere and these can be massive, highly critical data centres, supporting thousands of customers, hence
           availability becomes much more of a requirement than confidentiality and that comes down to preventing denial of service attacks
           on the data centres.

           But even in the realms of physical security, staff now have to use computers for most things. CCTV, alarms, intrusion detection
           systems (IDS) all use Internet Protocol (IP) networks. Gone are the separate coax and phone networks. Welcome to the Internet of
           Things (IoT), where everything is connected to the Internet, be it your phone or the corporate CCTV.

           Now you can sit in your SOC in London and watch real-time the CCTV in your Dublin data centre in high-quality HD. The video may
           no longer be stored on-site either, but entrusted to a large cloud provider such as Amazon Web Services where its really cheap to
           store data for a long time and you can get at it from anywhere, anytime. It also stops miscreants stealing the tapes.


           It does not matter what sort of company you are, even if your an accountant or recycling firm, the chances are your IT is outsourced
           or you use Internet-based services for your office work. That maybe email and Internet browsing or may even extend to providing
           services via your website. The chances are your security and risk management is converging and you just have not noticed.


           There is no getting away from the fact that there is no longer a physical boundary around any company, staff are not assets they are
           a trusted part of the ecosystem and ICT is pervasive both in business life and home life.


           Convergence will mean those who are specialists in specific areas will need to at least understand the basics of the others. It will
           also see the separate aspects of security gradually merge in larger companies, usually under the CISO. One of the key benefits of
           the Security Institute is that peers across a whole spectrum of specialised skills can learn from each other and support our journey
           to converged security.