News Mobile Security
Mobile Security, Critical Infrastructure Issues Drive Physical, Logical Security Together
At opening of (ISC)2 World Congress and ASIS International, the walls between traditional security and cybersecurity come down
PHILADELPHIA, PENN. -- (ISC)2 World Congress 2012 and ASIS International 2012 -- In most organizations, those who guard the fences and those who guard computer networks still work in separate departments. But at the co-resident annual meetings of the world's biggest physical security professionals' association and the world's biggest cybersecurity professionals' association, there is more interaction between the two groups than ever before.
Here at the co-resident (ISC)2 World Congress and ASIS International meetings, nearly 20,000 physical and logical security pros will attend sessions and exhibits together. Their interests aren't always the same, but issues such as mobile security and protecting critical infrastructure are increasing the overlap, leaders say.
More Security Insights
- Transitioning to Multicore Development
- Digital Transformation: Creating new business models where digital meets physical
- Best Practices: 6 Security Services Every Small Business Must Have
- Best Practices: Using Apple's Global Proxy to Boost Mobile Security
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Getting a Grip on Mobile Malware
"Protecting critical infrastructure is probably right on top of the stack of issues that are driving the physical and logical sides together," says Hord Tipton, executive director of (ISC)2, an association of more than 80,000 IT security professionals. "For years, critical infrastructure has been about protecting the physical plant, but with Stuxnet and other attacks, there is a lot more concern about the cyber side."
Eduard Emde, president of ASIS International, agrees. "Stuxnet, attacks on nuclear facilities, on the smart grid and smart meters mean that both physical and logical defenses have to work together. Incident response is a key for both groups."
The merger of physical and logical security organizations -- sometimes called "convergence" -- has been predicted for years. But according to an InformationWeek Reports study on convergence, only about half of organizations have any plans to merge the two departments.
"I think for many enterprises, convergence is more of a philosophical shift than an organizational one," says Emde. "Rather than combining the two functions into one department, they are seeing themselves as two parts of a common strategy to protect both infrastructure and data."
Tipton concurs. "They may not be in the same organization, but the physical and logical sides are communicating now more than they ever have."
The growing use of mobile devices is making the integration easier, experts say. Companies can now use mobile devices as a physical means of authentication, or even to geo-locate users as they move in and out of corporate facilities. At the same time, the move toward bring-your-own-device (BYOD), which allows users to bring physical storage devices onsite that can also act as cameras or recorders, affects both physical and cybersecurity.
"I'm not sure people understand how powerful some of these BYOD devices are," Tipton says. "They introduce all sorts of new risk on both sides."
The co-resident conferences will also deal with a number of other issues that demonstrate the overlap between physical and logical security. Physical video surveillance systems are increasingly being driven by IP-based cybersecurity systems. IT systems are increasingly being accessed via physical biometrics, such as fingerprints or keystroke identification. And both organizations are being called upon to provide a common view of overall enterprise security posture.
"If you're entering the security profession today -- or even if you're in management -- there's a need to have an understanding of both the physical and logical threats and issues," Emde says.
But while 18% of enterprises have integrated the physical and logical functions in the last five years -- and 26% have had those functions integrated for more than six years -- 50% of enterprises have not integrated the two sides and have no plans to do so, according to the InformationWeek Reports study.
"I think there will continue to be specialization," Tipton says. "What's important is that there's more communication going on between the two sides, and we expect to see that happening even more this week."
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.