The Internet of Things (IoT) has blurred what was already a narrowing gap between physical security and cybersecurity functions. You could refer to this emerging reality as security convergence. You could call it holistic security. Irrespective of the term, convergence is the realization that you cannot effectively secure enterprise infrastructure if physical security and cybersecurity are in separate silos.
If you think about it, physical security and cybersecurity convergence has already happened at the technical level. What is lagging is a convergence at the organizational level. Organizational convergence is a formal, concerted and results-oriented cooperation between otherwise disjointed security roles. The cooperation is systematic with clearly defined accountability and processes.
Note that convergence is not just combining the physical security and cybersecurity functions under one unit in the organization. While merging functions is one way to approach it, it is not necessary nor does it automatically lead to convergence.
So what are the factors driving security convergence?
By converging physical security and cybersecurity, you create a security structure that is stronger than the sum of its component parts. Unifying security systems does not just bring the strengths of each on board. They complement one another. Experts can better work together and benefit from each other’s knowledge in the prevention and resolution of security incidents.
The world is rapidly transitioning from the internet to the IoT. Now it’s not just laptops and smartphones that connect to enterprise networks, but also doors, HVAC systems, motor vehicles, factory equipment, and everything in between. The line between what falls under physical security and what falls under cybersecurity is fast disappearing. And bad actors have adjusted their arsenal accordingly.
Cyberattacks are increasingly a combination of physical and cyber techniques. For example, criminals could skim an employee access control proximity card via wireless hacking tools then use this to gain physical access to your facility. Such converged threats are best addressed through converged security.
Some security incidents are clearly cybersecurity events while others fall under physical security. But there isn’t always such a clear distinction. There will be incidents that seem to straddle both security arms. This can cause confusion in organizations that have yet to converge their security.
For example, a contractor accesses an unlocked computer and prints a highly confidential strategy document, exits the building and shares the printout with your competitors. Should this be handled by cybersecurity or physical security? The answer is both. With a converged security structure, you no longer have to spend time thinking about which security arm should be assigned to an incident.
Converging your security functions is not just a means of improving the efficiency of your security functions. You must see it as contributing to your organization’s overall goals. If your security is working well, it creates the environment for your everyday operations to thrive.
So when a bank optimizes its security for the benefit of customers, contractors, and employees, it gains a reputation for protecting customer privacy and ensuring a safe environment. This bolsters the brand in the eyes of customers and increases its appeal as an employer. Also, better security means fewer incidents. It allows more time for productive activities that grow the organization’s bottom line. Even when things do go wrong, converged security ensures a faster return to normalcy. It provides a valuable edge over rivals.
Blending security functions leads to a reduction in the duplication of efforts. Tasks previously handled by different people can be assigned to one person.
You can also slash costs through systems convergence. An enterprise security management system could be deployed to take charge of access card controls, door controls, panic buttons, alarm monitoring, sensors, and motion-based CCTV. Building control functions such as lighting and HVAC could be integrated into the system as well, allowing property management to remotely manage building systems.
Such automation would substantially reduce the number of people needed to enforce security controls. For instance, cybersecurity staff could monitor alerts from physical security systems.
Streamlined onboarding and off-boarding
When your organization hires new staff, the employee needs access to multiple physical and virtual assets to perform their job effectively. These range from network passwords to door access cards. When they do leave, the access must be revoked quickly and any company-owned items returned.
Failure to onboard new employees seamlessly has repercussions on the efficiency of company operations, in addition to cybersecurity and physical risks. For new employees, existing staff may feel compelled to share their password or access card with the new staff to get them contributing to work as soon as possible.
Similarly, a weak off-boarding process has both physical security and cybersecurity consequences. Ex-staff could leave with company assets. And if they retain access to enterprise systems, they could use that privilege to extract confidential information to share with a competitor.
Converged security ensures an efficient, streamlined security process for onboarding and off-boarding employees. It is less likely that something will fall through the cracks.
A decade or two ago, physical security vendors provided solutions protecting brick and mortar assets while cybersecurity vendors provided solutions that protected digital assets and technology equipment. Now a growing number of security vendors are operating in both the physical and cybersecurity sphere.
This trend is in its infancy and remains relatively unsophisticated since the vendor will typically offer two different systems for physical and cybersecurity. Still, it is possible for an organization to work with the same vendor when procuring both their physical and cybersecurity solutions. Expect to see vendors continue to merge these disparate systems into a single, tightly integrated solution.
Good business sense
Physical and cybersecurity convergence allows for quicker, more accurate security management. Teams become better equipped at managing the security landscape. The convergence just makes business sense.
Physical security limits access to locations where sensitive data is stored. Facilitators of physical security such as video surveillance cameras, smartphones, and RFID key card door locks are regularly targets of hackers. On the other hand, good cybersecurity safeguards the sensitive data that physical devices retain.
Convergence addresses and leverages the interconnected nature of different security components. It treats them as one, as opposed to distinct business entities.
Photo credit: Pixabay.com