On the Horizon

Convergence ofIT and physical security creates a world of diminishing borders

  • By George Adams
  • Dec 01, 2007

The world of the IT security professional has always been dynamic, if not somewhat unpredictable and even chaotic at times. From continual changes in technology to the seemingly endless barrage of new and more potent security threats, the best IT security professionals remain vigilant and stand ready to quickly identify and adapt to whatever new challenges are thrown their way.

Today, the industry needs to prepare for the next evolution. This one could catch some veteran IT security pros off guard if they’re not paying attention and planning accordingly. The reason: the inevitable integration of physical and IT security technologies and operations. Gone are the days when the enterprise IT security professional only had to worry about securing data communications among PCs, Internet and/or network-based computing systems, which is no small task. Monitoring, maintaining and preserving the security integrity of hundreds of enterprise-wide, multi-platform computing systems takes time and dedication. It’s going to get even tougher for some.

Security in the 21st Century
The world is undergoing profound changes with potentially far-reaching consequences. Theft, terrorism, U.S. border breaches, property damage, school shootings and other crimes are on the rise. Law enforcement and security professionals are working diligently to address these problems.

In many cases, physical security technologies are rapidly evolving to meet these challenges. This means that many conventional physical security solutions are entering the digital realm, from high-definition, IP-based video surveillance systems to common access cards and other electronic access solutions. The deployment, monitoring and management of these systems are leveraging the power and nearly unlimited technical possibilities of the digital computing world and, in turn, providing a whole new level of functionality to help monitor, identify and even deter criminal and illicit activity.

However, this also means these technologies are quickly falling under the purview of the IT security professional. One example is high-definition video surveillance. Frost and Sullivan estimates the IP video surveillance market will grow 47 percent per year to nearly $6.5 billion by 2012.

According to some estimates, 100 percent of new video surveillance systems will be installed on an IP network within five years. New digital video surveillance cameras allow dedicated coaxial cable-based systems to be replaced by simple IP-based communications, and higher-resolution IP cameras can be placed anywhere within the reach of the already ubiquitous network. As a result, video surveillance systems will cover more area and locations.

Common access cards and other types of smart cards are another example of the growing convergence of physical and IT security. In fact, Eurosmart estimates that more than 4 billion smart cards will have been shipped worldwide in 2007. On one hand, smart cards provide an efficient way to reliably identify and authorize an individual accessing data. However, they also enable new points of access to potentially sensitive information contained on potentially thousands of enterprise computing systems.

These added capabilities come at a cost, much of which will be borne by IT professionals. The amount of digital information that needs to be secured will grow exponentially with new digital physical security technologies. In addition, as physical security systems increasingly merge onto corporate IT networks, the points of entry and exit for sensitive company and internally stored customer data will increase dramatically, creating further vulnerabilities for potential security breaches.

The Foundational Security Approach
In light of the increasing integration of physical and IT security, old methods and procedures have outlived their usefulness. IT security professionals must adopt a foundational approach designed to address all areas of IT and physical infrastructure when building, deploying and managing enterprise security. Key elements of a foundational security approach include:

Cross-technology education. IT security professionals must become familiar with the new digital physical security technologies.

However, this isn’t simply limited to learning how to integrate these technologies onto an IP network. Security personnel also must understand all of the ins and outs of how these technologies work, so the deployment and ongoing management of physical security technologies will maximize the value, effectiveness and usability of these technologies.

Multi-functional teams. Companies should create crossdisciplined teams that include experts in physical, as well as electronic, security. These teams need to focus on controlling access to sensitive data while also identifying devices and media that might contain sensitive information. Also, as recent retail security breaches demonstrate, it’s wise to be on the lookout for suspicious activity outside of the digital network. As such, highly visible physical security devices, such as security cameras and other monitoring devices, in addition to the presence of security personnel, can serve as a deterrent to prevent data security breaches.

End-to-end security. With physical security technologies enabling more access points to sensitive digital information stored on enterprise computing systems, every common access card reader, video surveillance camera, and retinal and fingerprint identification system has the potential to become the weakest link in an organization’s IT security chain. All digital information and data transmissions should be encrypted at all times—both at rest and when transferred from the source to the destination. This approach secures all data within the enterprise from endpoint to endpoint.

Standardization. To maximize the security of digital data and information while ensuring interoperability among disparate physical and IT security systems, IT professionals should seek to use tested and proven protocols and standards to secure data. Limited proprietary protocols and unsupported open-source protocols should be phased out.

Centralized management. With the increased frequency and sophistication of physical and virtual security attacks, it can be extremely tedious and time consuming for IT professionals to manage enterprise security solutions, especially in large, heterogeneous platform enterprise environments. An easy-to-use, automated security management platform can ease the burden by allowing IT professionals to manage deployment, provide security product and policy upgrades, and monitor technical issues from a central location. An automated management solution can lower overhead costs, while simultaneously reducing human error.

While the convergence of physical and IT security is a challenge, the benefits far outweigh the cost. Computing technology is breathing new life into old-line physical security solutions, dramatically improving the ability of security professionals and law enforcement to protect people, information and property. With a little planning, efficient, multi-functional security systems can be designed and effectively deployed to reach new levels of data and physical security without breaking the bank or the backs of IT security professionals.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities