Physical security and cybersecurity have traditionally been regarded as two quite separate practices.
While the role of the physical security professional has commonly involved the installation of hardware, such as CCTV cameras, to protect people and premises, the primary focus of their cybersecurity counterparts has been networks, systems, and software in the drive to mitigate threats.
Digital transformation has seen both industries evolve rapidly over the last decade, while simultaneously drawing much closer together, united against a threat that can traverse both the physical and cyber realms. The opportunity this presents is significant, yet there are also risks.
Forward-thinking organizations are now looking to protect their entire operation from both a physical and cybersecurity perspective, in a single homogenized approach. But what does this mean for the physical security professional, and how are the roles of physical security and IT technicians set to change as physical security hosted in the cloud increasingly becomes the norm?
Moving Away From Security Silos
Advancements in cloud, the IoT, and the sharing of data mean that legacy analog security technologies are rapidly becoming obsolete, in favor of intelligent, connected physical security solutions capable of sharing data to improve security and enhance business operations. Yet without the correct network security protocols in place, vulnerabilities can be inadvertently introduced, such as exposing backdoors into a network as a result of unsecured devices, or other paths that security antagonists could take to target the enterprise.
While modern businesses should look to employ the highest levels of physical and cyber protection, such measures become difficult to achieve when implemented in a siloed way. In May 2019, vulnerabilities were discovered in network physical access control systems that allowed hackers to hijack credentials, take control of doors, install malware, and launch distributed denial-of-service (DDoS) attacks, all while circumventing the security measures in place. In this scenario, it was the physical security system that was compromised leaving the business wide open to attack.
Convergence, therefore, between cybersecurity and physical security offers a solution to bring the two security facets together in partnership, increasing resilience and enhancing preparedness to identify and mitigate threats. The resulting overarching, holistic view of an organization’s security posture will enable all points of connectivity to be thoroughly assessed and managed; this is critical as cyber and physical assets become increasingly intertwined and the attack surface is increased.
Physical Security in a Cloud-Enabled World
Yet as digitalization and cloud migration make network-connected devices and services the preferred configuration, there is a risk that those physical security professionals who are unprepared for the new era may be left behind. Connecting physical security to the cloud has countless security and intelligence benefits for the end user. But those physical security installers who do not understand the language of IT or fully grasp the benefits of cloud physical security solutions will be unable to pass these benefits to their customers, resulting in a smaller pool of low-scale projects.
In order to remain competitive, physical security specialists must begin arming themselves with knowledge of network connectivity, data collection, and the power of analytics. This will help them position physical security technology as more than just business protection, but rather a business opportunity. Close integration with IT and cybersecurity partners will be key to achieving this objective and will place the physical security professional in a far better position to work with the latest devices, technologies, and platforms to improve business operations for their customers.
Zero Trust and the Safety of Cloud-Based Physical Security
While the dangers associated with adding any device to a network cannot be ignored, recognizing the risks will help businesses ensure the most appropriate security protocols are in place for maximum protection of networks and systems. An increasing number of vulnerable endpoints creates copious opportunity for network exposure, and malicious threat actors are lying in wait to take advantage. A perimeter firewall is no longer enough to ensure network integrity, and unauthorized access to data and services must be made as granular as possible.
This is why the principle of zero trust, based on a framework from NIST, has emerged as cybersecurity best practice. The premise is a simple one: Give no implicit trust. This means ensuring access is only granted to areas of the network as and when they are needed. Multifactor authentication methods can help establish trust, verifying user activity to help protect the network from malicious intent. While it’s still a relatively new concept, physical security integrators must quickly come to grips with such principles to ensure they can deliver surveillance systems that do more than just deliver physical security.
As physical and IT security increasingly converge, security professionals should be looking to align themselves with vendors through trusted partnerships. This will help them to expand their capabilities and take their skill sets to the next level. Working with a provider that can help them understand the benefits of cloud physical security and the importance of working collaboratively with IT will enable the physical security professional to work with confidence, applying cutting-edge technologies to meet today’s business requirements without compromising network and system security.
Martyn Ryder is VP Sales & Marketing at Morphean.
This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.