ISCW Live From 19

On the Horizon

Convergence ofIT and physical security creates a world of diminishing borders

The world of the IT security professional has always been dynamic, if not somewhat unpredictable and even chaotic at times. From continual changes in technology to the seemingly endless barrage of new and more potent security threats, the best IT security professionals remain vigilant and stand ready to quickly identify and adapt to whatever new challenges are thrown their way.

Today, the industry needs to prepare for the next evolution. This one could catch some veteran IT security pros off guard if they’re not paying attention and planning accordingly. The reason: the inevitable integration of physical and IT security technologies and operations. Gone are the days when the enterprise IT security professional only had to worry about securing data communications among PCs, Internet and/or network-based computing systems, which is no small task. Monitoring, maintaining and preserving the security integrity of hundreds of enterprise-wide, multi-platform computing systems takes time and dedication. It’s going to get even tougher for some.

Security in the 21st Century
The world is undergoing profound changes with potentially far-reaching consequences. Theft, terrorism, U.S. border breaches, property damage, school shootings and other crimes are on the rise. Law enforcement and security professionals are working diligently to address these problems.

In many cases, physical security technologies are rapidly evolving to meet these challenges. This means that many conventional physical security solutions are entering the digital realm, from high-definition, IP-based video surveillance systems to common access cards and other electronic access solutions. The deployment, monitoring and management of these systems are leveraging the power and nearly unlimited technical possibilities of the digital computing world and, in turn, providing a whole new level of functionality to help monitor, identify and even deter criminal and illicit activity.

However, this also means these technologies are quickly falling under the purview of the IT security professional. One example is high-definition video surveillance. Frost and Sullivan estimates the IP video surveillance market will grow 47 percent per year to nearly $6.5 billion by 2012.

According to some estimates, 100 percent of new video surveillance systems will be installed on an IP network within five years. New digital video surveillance cameras allow dedicated coaxial cable-based systems to be replaced by simple IP-based communications, and higher-resolution IP cameras can be placed anywhere within the reach of the already ubiquitous network. As a result, video surveillance systems will cover more area and locations.

Common access cards and other types of smart cards are another example of the growing convergence of physical and IT security. In fact, Eurosmart estimates that more than 4 billion smart cards will have been shipped worldwide in 2007. On one hand, smart cards provide an efficient way to reliably identify and authorize an individual accessing data. However, they also enable new points of access to potentially sensitive information contained on potentially thousands of enterprise computing systems.

These added capabilities come at a cost, much of which will be borne by IT professionals. The amount of digital information that needs to be secured will grow exponentially with new digital physical security technologies. In addition, as physical security systems increasingly merge onto corporate IT networks, the points of entry and exit for sensitive company and internally stored customer data will increase dramatically, creating further vulnerabilities for potential security breaches.

The Foundational Security Approach
In light of the increasing integration of physical and IT security, old methods and procedures have outlived their usefulness. IT security professionals must adopt a foundational approach designed to address all areas of IT and physical infrastructure when building, deploying and managing enterprise security. Key elements of a foundational security approach include:

Cross-technology education. IT security professionals must become familiar with the new digital physical security technologies.

However, this isn’t simply limited to learning how to integrate these technologies onto an IP network. Security personnel also must understand all of the ins and outs of how these technologies work, so the deployment and ongoing management of physical security technologies will maximize the value, effectiveness and usability of these technologies.

Multi-functional teams. Companies should create crossdisciplined teams that include experts in physical, as well as electronic, security. These teams need to focus on controlling access to sensitive data while also identifying devices and media that might contain sensitive information. Also, as recent retail security breaches demonstrate, it’s wise to be on the lookout for suspicious activity outside of the digital network. As such, highly visible physical security devices, such as security cameras and other monitoring devices, in addition to the presence of security personnel, can serve as a deterrent to prevent data security breaches.

End-to-end security. With physical security technologies enabling more access points to sensitive digital information stored on enterprise computing systems, every common access card reader, video surveillance camera, and retinal and fingerprint identification system has the potential to become the weakest link in an organization’s IT security chain. All digital information and data transmissions should be encrypted at all times—both at rest and when transferred from the source to the destination. This approach secures all data within the enterprise from endpoint to endpoint.

Standardization. To maximize the security of digital data and information while ensuring interoperability among disparate physical and IT security systems, IT professionals should seek to use tested and proven protocols and standards to secure data. Limited proprietary protocols and unsupported open-source protocols should be phased out.

Centralized management. With the increased frequency and sophistication of physical and virtual security attacks, it can be extremely tedious and time consuming for IT professionals to manage enterprise security solutions, especially in large, heterogeneous platform enterprise environments. An easy-to-use, automated security management platform can ease the burden by allowing IT professionals to manage deployment, provide security product and policy upgrades, and monitor technical issues from a central location. An automated management solution can lower overhead costs, while simultaneously reducing human error.

While the convergence of physical and IT security is a challenge, the benefits far outweigh the cost. Computing technology is breathing new life into old-line physical security solutions, dramatically improving the ability of security professionals and law enforcement to protect people, information and property. With a little planning, efficient, multi-functional security systems can be designed and effectively deployed to reach new levels of data and physical security without breaking the bank or the backs of IT security professionals.

If you like what you see, get more delivered to your inbox weekly.
Click here to subscribe to our free premium content.

comments powered by Disqus
  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • School Planning & Managmenet
  • College Planning & Management
  • Campus Security & Life Safety