Why Convergence of IT and Physical Security Is the Future of Cybersecurity

Merging the roles of information security officers and the physical security specialists is one of the latest security trends among organisations.  We take a look at what drives converged IT and how this is good for enterprises as a whole.

What’s converged IT?
Organizations today have disparate security challenges in terms of protecting their people, assets, and managing security systems for different needs. There are independent networks and information systems that can’t interlink because they have been built on proprietary technologies. Converged IT refers to the unification of logical and physical security into one network which helps organisations in joint decision making based on realtime data from both networks in one dashboard.

Corporate security services include access control, video surveillance, and fraud detection which are data driven and delivered via a network, while physical security is about physical assets of an organisation. Now video surveillance, for instance, used to have analog network where access to buildings was monitored from within the network. With converged IT, you can access the data from both the networks. This network comprises of multiple heterogeneous devices connected to the network, such as smartphones, laptops, etc. 

There are solutions available that use IP network as a platform for integrated security operations.

How will integrated security benefit me?
The advantages of a unified access solution include lower CapEx resulting from less cabling, and fewer network connections. Returns also come from reduced man power, and the simplified single console management.  ‘To be able to take joint decision making that align with company strategy is the biggest advantage that converged IT offers,’ says CSO of Bharti AXA, Parag Deodhar.

For companies having two different infrastructures for handling physical and cyber security, the biggest challenge is to align the overall security of the enterprises as one entity. S Deshpande of Gartner says, ‘in order to drive effective management of security in an era of convergence, both IT and security professionals will need to engage in joint decision making to ensure that their organization has a unified and well-rounded security approach.’ 

Who all can benefit from converged security?
For businesses having distributed offices, convergence of physical and IT security can help in enhancing the controls. Healthcare sector can gain from the integrated security to enhance their asset tracking mechanisms. RFID tag monitoring can assist identify unauthorized taking away of high value equipments from premises. IP cameras can help analyse suspicious movements inside the buildings and rooms. Manufacturing companies such as retails and critical infrastructure like airports can also exploit this approach to simplify threat detection and elevate event response.

How to deploy unified security solutions?
Before you go for one, you have to define the right set of security policies based on the level of security you want, and the properties you want to be covered in and the processes around. 

Once you have understood your requirements, you can rope in a converged solution provider to deploy the same for you. There are many scenarios which make a case for the implementation of integrated security. Here is one: An employee is trying to access corporate services; the moment his identity is verified he is given access to a set of rights and responsibilities. Now the same identity can be used to monitor physical side of it. If the employee comes in beyond a time limit, he can be disabled to enter into the premise considering it could be a suspicious activity.

A converged infra comprise of resources including servers, storage, network tools, cameras, etc.  Converged IT solutions integrate all these resources into a platform and sell them as solution. Cisco, IBM, HP, and EMC offer solutions that users can configure as per their business needs.

Risks and roadblocks of combined security
The objective of unified security is to be able to examine risks that organisations face as a whole. This calls for a new thinking that brings together stakeholders to work closely. Ensuring employee safety, reducing external risks, etc may get a little difficult for information security professionals initially. The challenge of a converged platform begins with aligning physical security and IT stakeholders that traditionally have different mindsets. Dealing with systems running on disparate computing platforms, communication protocols, storage devices, and networks is not easy.  

You need to ensure some technologies are bandwidth-intensive thus requires dedicated networks to operate.  Plus, the industry needs professionals who are trained enough to build and run a system of threat identification on an IT network. The skillsets would require deep IT knowledge and the understanding of security and intelligence.

NIKE SB