The Basics Behind Converging IT and Physical Security

Blog Date:  7/14/2016
Author:  Ray Coulombe

Converging your physical and cyber security means a cooperative and results-oriented effort to work together. This doesn’t necessarily mean you’ll need to rework your organizational charts, but it does mean the physical security team will need to learn a little bit of IT while the IT department needs to support the physical team. It’s an integration of logical security, information security, physical security, and safety risk management.

Just don’t assume that your IT department can automatically assume any physical security roles. Information Technology is fairly new, compared to physical security which has seemingly been around since the cave man era. Product catalysts for the convergence of physical and cyber security include smart cards, smart phones, RFID cards or tokens, and biometrics, all of which can secure access to buildings, computers, lockers, or data storage centers.

Obviously, cost savings can create ample rationale for merging “security” systems. It’s generally more cost-effective to manage a single, integrated security team, and some research suggests that having a lead point person, such as a Chief Security Officer, for the entire security team is a best practice for many companies.

Because of the traditional culture disparity between the IT and physical camps, skilled personnel management and sensitivity is a must. Nevertheless, intervention from others in the C suite may be needed.

Cost savings are not the only benefit. Better security is achieved as information from disparate systems can be based on a common data set, such as Active Directory. For example, provisioning and deprovisioning new hires and terminations may be achieved on a timely basis, controlling physical and system access much more effectively. For example, take this case study from CSO Online in an article by Derek Slater:

“[The] Children's Hospital in Boston has a complicated workforce. It's a teaching hospital, so in addition to normal staff turnover, new physicians come and go "in waves," according to CISO Paul Scheib. To help keep pace with creating and managing new network accounts and assigning the right privileges, the hospital first implemented password-management software and later a more complete identity-management suite from Courion. While the impetus was on the hiring end of the employee lifecycle, Scheib says a big payoff is that access can be shut off in a more-timely manner when an employee leaves the organization. And Scheib finds himself working closely with the hospital's physical security group to integrate door access badges into the identity management approach. In the past, Scheib notes, "we had our information and they had theirs," there was very little sharing of information. "Now we're working on a metadirectory project and starting to map both physical and infosecurity data and to define roles that require physical access to high-security areas such as surgical suites." Children's Hospital has no organizational initiative dubbed "convergence;" it's just security people recognizing the efficiencies of working together.”

Just as today’s advanced security systems move to providing holistic situational awareness, another dimension is added with effective IT integration.

Research included from from CSO Online and Tech Target.


Resource Blogs

Most Recent Blogs Listed for Ray Coulombe.


Stay Safe! While Traveling This Summer

It’s summer vacation time! The last thing you need to worry about it is getting your identity stolen while you’re sitting on a beach somewhere exotic. In 2016, more than 15 million Americans were victims of identity theft, up 16 percent from the previous year, according to Experian. Plus, about 33 percent of that fraud took place when people were traveling. Here’s a few tips to staying safe all summer while traveling...
read more -->


Rethinking Cabling

Cat 5e became an ANSI/TIA/EIA standard in 2001, Cat 6 in 2002, and Cat 6a in 2008. However, it may be extremely useful to consider taking advantage of other existing cabling infrastructure in lieu of running new. Read more to learn how to approach cabling.
read more -->


Off the Beaten Path at ISC West

This year at ISC (the International Security Conference and Exposition), I was determined to try to see the latest iStechnologies hiding in the nooks and crannies—literally! I visited booths in the back, the basement, small kiosks hidden inside larger vendor books, and throughout the Emerging Technology Zone.

In case you missed the show, I’ll round up some of the best new technologies and companies to keep an eye on. Read more.
read more -->


Cyber Crime Taking Down Cities

Earlier this year, in March, the City of Atlanta’s nearly 8,000 employees heard words they never thought they would hear: “It’s okay to turn your computers on.” Their computers were powered off for five days. In those five days Atlanta residents could not pay traffic tickets, water bills, or report city issues. Read how ransomware impacted this metropolitan area.
read more -->


A Few Thoughts on K-12 School Security

There is no one size fits all when it comes to K-12 school security. Schools vary in so many ways: size, age, local environment, affluence, culture, governance, and more. Read some helpful tips and resources that might just help your school be better prepared.
read more -->