Physical security and cyber security have traditionally been regarded as two quite separate practices. While the role of the physical security professional has commonly involved the installation of hardware, such as CCTV cameras, to protect people and premises, the primary focus of their cyber security counterparts has been networks, systems and software in the drive to mitigate threats.
Digital transformation has seen both industries evolve rapidly over the last decade, while simultaneously drawing much closer together, united against a threat that can traverse both the physical and cyber realms. The opportunity this presents is significant, yet there are also risks.
Forward-thinking organisations are now looking to protect their entire operation from both a physical and cyber security perspective, in a single homogenised approach. But what does this mean for the physical security professional, and how are the roles of physical security and IT technicians set to change as physical security hosted in the cloud increasingly becomes the norm?
Advancements in cloud, the IoT and the sharing of data mean that legacy analogue security technologies are rapidly becoming obsolete, in favour of intelligent, connected physical security solutions capable of sharing data to improve security and enhance business operations. Yet, without the correct network security protocols in place, vulnerabilities can be inadvertently introduced, such as exposing backdoors into a network as a result of unsecured devices, or other paths that security antagonists could take to target the enterprise.
While modern businesses should look to employ the highest levels of physical and cyber protection, such measures become difficult to achieve when implemented in a siloed way. In May 2019 vulnerabilities were discovered in network physical access control systems that allowed hackers to hijack credentials, take control of doors, install malware and launch distributed denial of service (DDoS) attacks, all while circumventing the security measures in place. In this scenario, it was the physical security system that was compromised leaving the business wide open to attack.
Convergence, therefore, between cyber security and physical security offers a solution to bring the two security facets together in partnership, increasing resilience and enhancing preparedness to identify and mitigate threat. The resulting overarching, holistic view of an organisation’s security posture will enable all points of connectivity to be thoroughly assessed and managed; this is critical as cyber and physical assets become increasingly intertwined and the attack surface is increased.
Yet, as digitalisation and cloud migration make network-connected devices and services the preferred configuration, there is a risk that those physical security professionals who are unprepared for the new era may be left behind. Connecting physical security to the cloud has countless security and intelligence benefits for the end-user. But those physical security installers who do not understand the language of IT or fully grasp the benefits of cloud physical security solutions will be unable to pass these benefits to their customers, resulting in a smaller pool of low-scale projects.
In order to remain competitive, physical security specialists must begin arming themselves with knowledge of network connectivity, data collection and the power of analytics. This will help them position physical security technology as more than just business protection, but rather a business opportunity. Close integration with IT and cyber security partners will be key to achieving this objective and will place the physical security professional in a far better position to work with the latest devices, technologies and platforms to improve business operations for their customers.
While the dangers associated with adding any device to a network cannot be ignored, recognising the risks will help businesses ensure the most appropriate security protocols are in place for maximum protection of networks and systems. An increasing number of vulnerable endpoints creates copious opportunity for network exposure, and malicious threat actors are lying in wait to take advantage. A perimeter firewall is no longer enough to ensure network integrity, and unauthorised access to data and services must be made as granular as possible.
This is why the principle of Zero Trust, based on a framework from NIST, has emerged as cybersecurity best-practice. The premise is a simple one; give no implicit trust. This means ensuring access is only granted to areas of the network as and when they are needed. Multi-Factor Authentication methods can help establish trust, verifying user activity to help protect the network from malicious intent. While it’s still a relatively new concept, physical security integrators must quickly get to grips with such principles to ensure they can deliver surveillance systems that do more than just deliver physical security.
As physical and IT security increasingly converge, security professionals should be looking to align themselves with vendors through trusted partnerships. This will help them to expand their capabilities and take their skillsets to the next level. Working with a provider who can help them understand the benefits of cloud physical security and the importance of working collaboratively with IT, will enable the physical security professional to work with confidence, applying cutting-edge technologies to meet today’s business requirements without compromising network and system security.