Convergence of physical and logical security: what SIs should know

The advantage of the convergence of physical and logical security is obvious. However, end users and system integrators remains slow to implement it. We discuss this with the experts.

Are SIs aware of the convergence of physical and logical security?

The demands of the end users will be an important factor that comes into play when discussing the approach of SIs. Andrew Howard, Chief Technology Officer at Kudelski Security, pointed out that SIs are driven by the needs of their clients. For most enterprises, convergence is a fairly new concept and, even though awareness is definitely growing, it is not ubiquitously understood. 

However, some would say the onus is on the SIs to make sure that their customers understand the need and importance of converging physical and logical

security. And not everyone seems convinced that SIs consider this a priority. Matthew Wharton, President of the Security & Technology Consulting Division at Guidepost Solutions, feels that SIs are largely playing catchup at this point because to a lot of them, the real difference between a network-enabled camera and a non-network enabled camera is still not clear.

“If they had a camera that they were connecting to the video system before and now to a POE switch with a connector, they are looking at ‘does it work,’ ‘does it deliver video,’ ‘does it show up on the platform,’” Wharton said. “They are not anywhere near as sensitive as they should be that they just put in a potential vector into the actual network of the client once they connect that network-enabled device.”

To Mohamed Benabdallah, Director of Professional Services at Convergint Technologies, even though most SIs are aware of the convergence between cyber and physical security, the challenge is that those responsible for physical security do not engage with those responsible for network security. The most secure firms, he said, coordinate their efforts across the organization to plug any potential holes by collaborating on company-wide security policies.

“Recent high-profile cybersecurity breaches have elevated awareness for both physical and logical security managers to ensure their assets are secure,” Benabdallah added. “A useful tool for protecting against a cyber breach is an identity management system that only allows employees to access a network if they are badged into a facility. Wireless networks provide more challenges, which is why many companies have adopted the use of multiple networks, one for employees and one for guests, as well as requiring the employee network to utilize a dual-authentication method for access.” 

What challenges do systems integrators Face?

SIs themselves may feel the need for upping their game when it comes to convergence, but they face substantial challenges that need to be addressed first. Rakesh Viswanathan, Regional Director for India at Cyberbit, feels that the main challenge is that while traditionally, IT and OT security use different disconnected systems, cyberattackers look at physical and digital security as one big playground. This gives them the advantage to leverage the convergence of physical and digital systems to attack critical infrastructure facilities, smart buildings, IoT devices and more. 

“System integrators should take a ‘secure by design’ approach, where cybersecurity infrastructure is part of the design stage of any connected facility, and

where IT and OT systems are tightly integrated,” Viswanathan said. Secure by design approach aims to make systems as free of vulnerabilities and as safe from attacks as possible through a slew of steps such as continuous testing, employing best programming practices and using authentication safeguards. 

In Howard’s opinion, interoperability and ease of access are two of the biggest challenges in this space. Physical devices, especially legacy ones, are typically not designed to work with third-party technology and are often difficult, if not impossible, to access programmatically. 

Perhaps the best people to shed light on this aspect are SIs themselves. Convergint’s Benabdallah said that from the perspective of an integrator, the job is to bring customers a solution that meets their needs in the long term. In this respect, the ideal solutions are those that leverage the latest advancements in technology which allow for convergence. Here the challenge is the effective implementation of convergence itself. 

“The most effective way to overcome the challenge of convergence is to bridge the gap of communication between the business units tasked with logical security and physical security by creating a sound set of policies that close any gaps in security on both sides,” Benabdallah said. “These teams must do their due diligence in picking the right systems which integrate well together and enable both groups to meet their security needs, as well as their convergence goals.”

Finally, an important point to note is that SIs should have personnel who are qualified to work beyond the traditional security systems. Wharton said that for systems integration companies to be sensitive enough to potential network security issues they should be equipped with people who are not just PSP certified but also CISSP (Certified Information Systems Security Professional) certified. Another option is to establish a relationship with third-party consultants who offer this level of professional certification and support in this area.