When you think about security, you probably think about the IT side of the equation: firewalls, encryption, and VPNs. There is another group in your company that also thinks about security constantly, but in their daily routines, the lingo is CCTV, proximity cards, intrusion detection, and monitoring. Until now you probably have not interacted with them too often, especially given the siloed reporting structures within most organizations. However, that is all changing as physical security is fast becoming front and center in the IT world.
In this new world the two groups must come together to achieve the shared goal of a secure organization. How safe is your server room if you have the latest firewall technology, but an ex-employee can walk into the office with an old badge? What do you do when you find out one day that there are more security cameras than laptops on your network infrastructure, and that they do not use 802.1x, which you require on all network ports?
While territoriality and control issues still exist between physical and IT security regimes within an organization, the role of the network (IT’s domain) in physical security technology is vital. At the same time, insider threats and intruders are getting increasingly sophisticated and bold, blending IT techniques with entry points through the physical perimeter. By sharing information, access, and analysis, it’s now possible to achieve a unified physical and IT security strategy.
Physical security for the IT-minded
Video surveillance has been around for the last 30 years, but the systems have mostly been proprietary and managed by a separate team. Today, that is rapidly changing, in parallel with ever increasing security risks. Now, video systems are running on the same IP network as the rest of the company’s IT applications. There are millions of networked cameras installed worldwide. Following suit, access control systems leveraging the corporate network are not far behind.
Not only does this make the system much easier to integrate with logical security, but it can also improve system capabilities and reduce costs. This is where IT comes in, because when the C-suite sees cost savings in an operational improvement, they will push to immediately implement those changes. For example, in an increasingly connected world, physical and IT security are intrinsically intertwined. So, if you want to truly secure an organization, you will have to make sure it is safe from both a logical and a physical point of view. This is exciting. But it also represents a fundamental change that is difficult to impart and execute.
Why physical and IT security need each other
We’ve all seen the stories of hacked IP video surveillance cameras, like what was exposed last summer around the BSides Conference. The trend shines a spotlight on the need for proper credentials to access and manage IP surveillance cameras in the same manner as an organization would manage a customer database, an application, or a cloud service. The BSides hacking also demonstrates the importance of properly installing and managing video surveillance equipment to keep out rogue devices that could become a vulnerability targeted for exploitation.
IT needs to be involved in today’s IP-connected physical security infrastructure to ensure proper policies and procedures are in place, and to lock down devices and applications as entry points to the network and corporate assets. This includes the design of physical security technologies in the network, which should have the same logical securities as any other node, access point, or end point on the network.
As an IT professional, I encourage you to proactively seek out the physical security team within your organization. Understand what you can do for them and what they can do for you. Understand the latest technology. Embrace the change that is coming, and unify teams and technologies for a common good. Physical and IT security: They’re good on their own but even better together. Just like chocolate and peanut butter.
Fredrik Nilsson is General Manager of Axis Communications, North America, where he has been instrumental in leading the industry shift from analog closed-circuit television to network video.