On the Horizon
Convergence ofIT and physical security creates a world of diminishing borders
- By George Adams
- Dec 01, 2007
The world of the IT security professional
has always been dynamic, if
not somewhat unpredictable and even
chaotic at times. From continual
changes in technology to the seemingly endless
barrage of new and more potent security threats,
the best IT security professionals remain vigilant
and stand ready to quickly identify and
adapt to whatever new challenges are thrown
their way.
Today, the industry needs to prepare for the
next evolution. This one could catch some veteran
IT security pros off guard if they’re not
paying attention and planning accordingly. The
reason: the inevitable integration of physical
and IT security technologies and operations.
Gone are the days when the enterprise IT
security professional only had to worry about
securing data communications among PCs,
Internet and/or network-based computing systems,
which is no small task. Monitoring, maintaining
and preserving the security integrity of
hundreds of enterprise-wide, multi-platform
computing systems takes time and dedication.
It’s going to get even tougher for some.
Security in the 21st Century
The world is undergoing profound changes
with potentially far-reaching consequences.
Theft, terrorism, U.S. border breaches, property
damage, school shootings and other crimes
are on the rise. Law enforcement and security
professionals are working diligently to
address these problems.
In many cases, physical security technologies
are rapidly evolving to meet these challenges.
This means that many conventional
physical security solutions are entering the
digital realm, from high-definition, IP-based
video surveillance systems to common access
cards and other electronic access solutions.
The deployment, monitoring and management
of these systems are leveraging the power and
nearly unlimited technical possibilities of the
digital computing world and, in turn, providing
a whole new level of functionality to help
monitor, identify and even deter criminal and
illicit activity.
However, this also means these technologies
are quickly falling under the purview of
the IT security professional.
One example is high-definition video surveillance.
Frost and Sullivan estimates the IP
video surveillance market will grow 47 percent
per year to nearly $6.5 billion by 2012.
According to some estimates, 100 percent of
new video surveillance systems will be
installed on an IP network within five years.
New digital video surveillance cameras
allow dedicated coaxial cable-based systems
to be replaced by simple IP-based communications,
and higher-resolution IP cameras
can be placed anywhere within the reach of
the already ubiquitous network. As a result,
video surveillance systems will cover more
area and locations.
Common access cards and other types of
smart cards are another example of the growing
convergence of physical and IT security.
In fact, Eurosmart estimates that more than 4
billion smart cards will have been shipped
worldwide in 2007. On one hand, smart cards
provide an efficient way to reliably identify
and authorize an individual accessing data.
However, they also enable new points of
access to potentially sensitive information
contained on potentially thousands of enterprise
computing systems.
These added capabilities come at a cost,
much of which will be borne by IT professionals.
The amount of digital information that
needs to be secured will grow exponentially
with new digital physical security technologies.
In addition, as physical security systems
increasingly merge onto corporate IT networks,
the points of entry and exit for
sensitive company and internally stored
customer data will increase dramatically,
creating further vulnerabilities for potential
security breaches.
The Foundational Security Approach
In light of the increasing integration of physical
and IT security, old methods and procedures
have outlived their usefulness. IT security
professionals must adopt a foundational
approach designed to address all areas of IT
and physical infrastructure when building,
deploying and managing enterprise security.
Key elements of a foundational security
approach include:
Cross-technology education. IT security
professionals must become familiar with the
new digital physical security technologies.
However, this isn’t simply limited to learning how to integrate these technologies onto an IP network.
Security personnel also must understand all of the ins and
outs of how these technologies work, so the deployment
and ongoing management of physical security technologies
will maximize the value, effectiveness and usability of these
technologies.
Multi-functional teams. Companies should create crossdisciplined
teams that include experts in physical, as well as
electronic, security. These teams need to focus on controlling
access to sensitive data while also identifying devices and
media that might contain sensitive information. Also, as recent
retail security breaches demonstrate, it’s wise to be on the
lookout for suspicious activity outside of the digital network.
As such, highly visible physical security devices, such as security
cameras and other monitoring devices, in addition to the
presence of security personnel, can serve as a deterrent to prevent
data security breaches.
End-to-end security. With physical security technologies
enabling more access points to sensitive digital information
stored on enterprise computing systems, every common access
card reader, video surveillance camera, and retinal and fingerprint
identification system has the potential to become the
weakest link in an organization’s IT security chain. All digital
information and data transmissions should be encrypted at all
times—both at rest and when transferred from the source to the
destination. This approach secures all data within the enterprise
from endpoint to endpoint.
Standardization. To maximize the security of digital data
and information while ensuring interoperability among disparate
physical and IT security systems, IT professionals
should seek to use tested and proven protocols and standards to
secure data. Limited proprietary protocols and unsupported
open-source protocols should be phased out.
Centralized management. With the increased frequency
and sophistication of physical and virtual security attacks, it
can be extremely tedious and time consuming for IT professionals
to manage enterprise security solutions, especially in
large, heterogeneous platform enterprise environments. An
easy-to-use, automated security management platform can
ease the burden by allowing IT professionals to manage
deployment, provide security product and policy upgrades, and
monitor technical issues from a central location. An automated
management solution can lower overhead costs, while simultaneously
reducing human error.
While the convergence of physical and IT security is a challenge,
the benefits far outweigh the cost. Computing technology
is breathing new life into old-line physical security solutions,
dramatically improving the ability of security professionals
and law enforcement to protect people, information and
property. With a little planning, efficient, multi-functional
security systems can be designed and effectively deployed to
reach new levels of data and physical security without breaking
the bank or the backs of IT security professionals.