AV & IT: Risk, Security, and Ownership in Enterprise Environments

A destination, not a starting point

ISE 2026 reinforced a clear message across the show floor: AV is now firmly an IP and IT responsibility. Almost every vendor positioned their platforms as “IT friendly”, “enterprise ready”, or aligned to modern infrastructure models.

The direction of travel is undeniable. AV systems now sit inside corporate networks, alongside business-critical applications and security-sensitive data flows. With that shift comes heightened expectations around authentication, visibility, resilience, and governance.

It is tempting to describe this evolution as convergence. In reality, that suggests a level of maturity and alignment that does not yet fully exist. AV has not grown up alongside IT; it has, in many cases, been absorbed into it. The result is progress, but also friction.

Where friction really appears

The most significant challenges rarely emerge at concept stage. They surface during deployment, when AV systems are introduced into live enterprise environments shaped by Zero Trust principles, automated network controls, and tightly governed change processes.

In theory, many platforms are network-ready. In practice, common gaps continue to appear. Full 802.1X implementation is inconsistent. Certificate handling can be awkward. Logging depth may not meet enterprise expectations. Devices sometimes behave unpredictably once placed on real client LANs.

Marketing often suggests AV can simply drop onto the corporate network. On site, careful design, segmentation, carve-outs, and security exceptions are still frequently required to make systems function as intended. This is not a criticism of manufacturers. It is an operational reality. Enterprise IT maturity has accelerated rapidly, and AV devices must now operate inside environments that were not originally designed around them.

Security as baseline, not enhancement

The Cyber Security Summit made one principle unmistakable. Zero Trust is no longer aspirational. It is becoming the architectural baseline. Default deny. Authenticate every connection. Verify continuously. Many AV platforms can participate in that model, but often only with significant configuration effort. In some cases, additional management tooling is required to bring devices into compliance with enterprise access control and monitoring standards.

At the same time, regulatory pressure is increasing. NIS2 and supply chain accountability were dominant themes throughout the summit. Responsibility cannot be outsourced. Vendors, integrators, and end clients must all be able to demonstrate that security is designed, implemented, and maintained continuously, not bolted on at project completion. Even then, technology is only part of the equation. Human factors remain the most persistent vulnerability. Credential hygiene, policy adherence, MFA adoption, and organisational awareness all sit alongside technical controls in determining real-world risk.

Key insights from the ISE Cyber Security Summit:

• Zero Trust emerged as the unifying security principle across all speakers and discussions, reinforced as an essential architectural baseline rather than an aspirational goal.
• NIS2 and supply chain accountability dominated the regulatory conversation, with repeated emphasis that responsibility cannot be outsourced and that every vendor and integrator must demonstrate ongoing compliance.
• Cybersecurity must become a whole business value, driven by leadership, embedded culturally, and maintained continuously—not treated as a bolt on or a one time compliance exercise.
• Human factors represent the greatest and most persistent vulnerability, with MFA adoption, policy adherence, credential hygiene, and organisational education highlighted as top priorities.
• AV/IT convergence, remote access growth, and AI integration have enlarged attack surfaces, making continuous monitoring, end to end encryption, secure development practices, and professional incident response more important than ever.

AI, monitoring, and the illusion of prevention

Artificial intelligence was visible across almost every networking and monitoring conversation at ISE. AI-assisted diagnostics, anomaly detection, and automated optimisation are becoming standard capabilities.

Most demonstrations, however, focused on faster identification of issues rather than eliminating root causes entirely. AI can accelerate response and improve visibility. It does not replace robust network design, disciplined configuration, or clearly defined ownership. Used correctly, it strengthens governance. Used as a substitute for design, it merely accelerates failure detection.

Ownership: the uncomfortable grey area

Once AV systems live on the network, ownership becomes unavoidable. Who is responsible for security posture? For patching? For monitoring and response? For regulatory exposure? Too often, these questions are implied rather than explicitly agreed.

The role of AV network integration is increasingly about making systems acceptable, supportable, and defensible within enterprise environments. That means understanding device behaviour in detail, identifying where it diverges from IT expectations, and working collaboratively to make it operable without compromising either performance or security.

This is less about making devices function in isolation, and more about ensuring they can withstand scrutiny inside policy-driven, security-conscious organisations.

Signs of alignment

Not all movement is reactive. We are seeing meaningful shifts in how some networking vendors approach AV. Companies such as Ubiquiti, through its UniFi platform, and Netgear are framing AV as a workload within cloud-managed, policy-driven infrastructure. The emphasis is less on AV as a special case and more on predictable integration into existing IT governance models.

Cloud management, clearer visibility, and tooling that feels native to enterprise network teams all signal progress. That shift does not eliminate complexity, but it does acknowledge where AV now lives, and who ultimately operates it.

Looking ahead

Alignment between AV and IT will not be achieved through terminology alone. It will come from systems capable of operating inside Zero Trust environments, ownership models that withstand regulatory scrutiny, and designs that are technically defensible on real client networks.

Convergence remains the direction of travel. The reality today is that experienced AV network integration sits at the centre of that journey, translating between disciplines and ensuring that systems are not just functional, but secure, supportable, and sustainable over time.