In a few short years ‘convergence’ has gone from just a buzzword, to a supposed fad, to now the new normal way of operating. The convergence of physical security and information security is no longer a trend specific to the security industry, it now reflects a larger change in our society.
What is Physical Security Convergence?
In short, security convergence is the merging of information security practices with physical security practices. When we live and work in a converged physical and digital world it’s all just ‘security.’
No single set-in-stone converged security program exists. What makes sense to converge varies at each individual organization. At one business it may be as simple as introducing a daily standing meeting between infosec and physical security personnel. At another it might mean a top-to-bottom infrastructure overhaul.
Why Convergence Matters More Than Ever
Up until just the last few years many had treated the online world as a separate ‘place’ from the physical world. But as more and more mobile and wireless technologies made their way into the enterprise and consumer markets that divide disappeared.
As we’ve talked about a lot here, we’re now in the midst of an Internet of Things (IoT) revolution that’s making convergence the new normal. IoT security tools and threats are changing how we conduct our operations. That means while there’s a lot we need to consider today to keep our organizations secure, we can’t lose sight of what’s on the horizon.
Here are 4 reasons why security professionals need to think about convergence initiatives for the long term.
1) Blended Threats Require a Blended Response
‘Blended threat’ originally meant a network attack that exploited more than one IT infrastructure vulnerability. Now that more and more businesses run IoT infrastructure, blended attacks can now actually include a combination of physical and network attacks. For example, ‘skimming’ an access control proximity card with wireless hacking tools, and then using your employee’s own credentials to access your facility.
Blended threats require a blended security response. In fact, major tech companies like Google have already shifted in this direction. They recently made security headlines by revealing that their 85,000 employee organization had gone more than a year without anyone being ‘phished’—tricked into compromising their IT assets—thanks to a requirement that all employees access their computers with a password and physical security key combination.
Google chose to help secure network-based assets with physical security tools. For other organizations a blended security response could include secure storage for data-carrying electronic assets, like laptops or mobile devices. Or it could include electronic access controls for assets with physical vulnerabilities, like keys to buildings and fleet.
2) Integrated Security is Powerful Security
Converging security practices creates a whole that’s greater than the sum of its parts. Even something as simple as unifying an organization’s security systems through a network-based management tool can yield powerful gains both over the long run and during individual critical incidents.
For example, instead of managing multiple different electronic and paper regulatory logging processes for each security system, a unified management tool can automate logging and reporting from everything for you.
Central tools also can improve critical response efforts. Authorized personnel might be able to release critical facility and vehicle keys, or firearms, in one fell swoop to get response teams in action that much faster.
3) Simplified Threat Responses
Lowering the barriers between physical and network security teams also reduces confusion over jurisdiction. As the rate of blended attacks rises this will become an increasingly important benefit of converged security.
For example, if a contractor at your facility sneaks a cellphone pic of proprietary data on an employee’s PC screen and attempts to email it to someone over your own WiFi network, is that a physical or network security threat? The correct answer is it’s a security threat. A converged program should be built to address these types of blended threats that an organization will face.
There’s no reason to waste time determining who takes point on the investigation when your data and physical security is on the line.
4) It Can Actually Generate a Competitive Business Advantage
Ultimately, converging security processes should align your security operations with your business goals. When they do, they can amplify how well your organization performs its most important functions.
In a very public-facing business like a vacation resort that could mean optimizing security to support visitors and customers within their facility, protecting both them and your assets while also building a reputation for safety.
Or in a tightly-secured business like an electric utility it could mean building blended defenses in depth around the combined physical and digital perimeter of a generating facility. Better security means better up-time and production. Which means incrementally better bottom lines over time.
A converged security program protects your organization’s key assets and helps get them back up and running faster when something does go wrong. When converged security practices are focused this way they can become part of your organization’s competitive advantage.
Contact us to learn how the latest convergent security technologies can improve your security for the long term.
Editor's Note: This post was originally published on April 11, 2017 and has been updated for accuracy and comprehensiveness.