Holistic security solutions that unite physical and logical defenses can strengthen an organization. John Carney, Senior Manager for Government Practice, Cisco Systems, examines how deeper integration can yield business benefits.
Holistic security solutions that unite physical and logical defenses can strengthen an organization. John Carney, Senior Manager for Government Practice, Cisco Systems, examines how deeper integration can yield business benefits.
Today, security can mean either physical security or cyber security. The departments managing the technology for each type of security are generally separate. With the proliferation of IP convergence, this separation can impact both as well as compromise the safety and security of an organization.
According to IMS Research, the number of devices connected to the Internet passed the 5 billion milestone in 2010, and the number is expected to reach 22 billion by 2020. This surge reflects the explosion not only of personal devices, but also of IP-enabled sensors, cameras and other devices used in security.
Cyber security depends greatly on physical security. Attackers who can gain physical access to a computer can almost always take advantage of that access to further their efforts. Merely getting access to a physical terminal where a memory device can be plugged in is usually sufficient. Any device connected to the network must be protected to ensure that it cannot be used in an attack.
This massive convergence can have a negative impact on the performance of the network if it has not been properly designed to handle this increase in traffic. Along with presenting new security challenges, the convergence of Internet-connected devices, voice, video and data also provides ways to integrate cyber and physical security that were not possible a few years ago.
The lack of integration between physical and cyber security creates the following challenges:
* No single system exists to confirm a person's identity because each functional security department controls its own identity database.
* The potential for theft increases.
* Best IT management practices are not applied to physical security devices, or they are not applied consistently across departments or organizations.
* Cyber security devices are not physically monitored to detect tampering or unauthorized access.
Today, more than ever, the problem comes down to governance, making it a priority to create a single body for security policies, procedures, and deployments.
Merging Physical and Cyber
It is important to understand that physical and cyber security are no longer separate systems; they depend on each other. Still, a number of companies treat them as separate systems. Until recently, this was justified because the technology to integrate physical and cyber security was not yet available.
Before the convergence of applications, devices and services onto the IP network, security measures were largely separated. The convergence of voice, video and data has brought the following changes to these areas:
* Voice or audio: In addition to traffic created by deploying VoIP services, “voice” now refers to other audio sources such as crowd monitoring, a gunshot in a high-crime area, or noise detection in a building that is supposed to be vacant at night.
* Video: In addition to video calls, “video” now also refers to video surveillance, traffic cameras, digital signage and streaming video.
* Data: Access to data is not just in the intranet anymore; with the explosion of cloud services, access to data can be anywhere, anytime, from any device.
* Network: Multiple heterogeneous devices are connecting to the network, such as smartphones with video, personal laptops and so on.
* Social media and enterprise collaboration also play a role in reporting security incidents, thus requiring the analysis of all sorts of data within the organization. Physical and cyber security technologies have matured to the point that they can now be integrated. The convergence of the IP network and the migration of legacy systems have helped drive this transformation.
Secure Network, Protected People
Protecting people involves a combination of physical and cyber security. A compromised network allows access not only to business-critical data, but also to all of the security devices. Many technologies are available to secure the network against the wide variety of threats that exist.
One possible high-impact solution that has minimal impact on the human side is to ensure that only trusted users access the network. To enforce this, users are required to badge into a building before they access the network. The users do not have to change their behavior of swiping a badge, or how they log in to the network. However, this creates multifactor authentication: something you have (a security badge) and something you know (your ID and password). By tying building access to network access, the security of the network and its resources increases.
Combining cyber and physical identity management does create challenges. This is where the concept of a single governance body for security becomes vital. This governance body needs to determine who can make changes, what changes they are allowed to make and when they can make them. Keeping the identity data accurate needs to be a priority, because all policies and procedures use it to enforce existing policies. Now that the employees are identified, it is important to ensure they are kept safe. When an accident or dangerous situation arises, effective notification of people directs them away from danger.
Conclusion
A sound security posture must be designed holistically. Having a cross-departmental team accountable for policies and procedures helps ensure all stakeholder needs are met without negatively impacting the ability to create the desired security posture.
The integration of physical and cyber security domains allows better asset security. When integrating the two, keep in mind the following:
* What are you trying to protect?
* Where is it located?
* How do you build security around it?
Combining cyber and physical security processes and infrastructures simplifies the manageability of the security infrastructure and increases visibility to resources. This makes it easier to detect and prevent security incidents, and provides a platform to manage the response and recovery after an incident occurs.
A common identity manager provides reassurance that the person presenting credentials is known across the organization. By deploying an identity validation solution that includes network admission control, a multifactor authentication deployment is created with minimal impact on worker habits.
There are many more opportunities to integrate physical and cyber security. We will likely see administrative redundancy as well as security opportunities that can be enhanced by combining these two technologies.