Security predates technology. Theft, intrusion and fraud are crimes that have been around for as long as people. But if you mention the word ‘security’ in a corporate environment, most people will immediately think of computer viruses and hackers. Some might just think of the security passes that get them into the building, but few if any would spare a thought for the security guard that patrols the premises.
Information security makes the news and gets all the column inches. Physical security is pondered on by the few. Yet, leaving a door unlocked will cost an organization dearly, if a thief steps through it… And its reputation could take a hit. Consider the high profile cases over the past couple of years where organizations lost sensitive data when back-up tapes went missing or laptops disappeared. These devices didn’t sprout legs and walk away – they were stolen. And such theft is a physical security issue.
Nowadays, companies are under increasing pressure to improve their overall security to better manage the entire range of risks they face. And it requires paying more than lip service to physical security.
Why has it taken so long?
There are many reasons. The prime one is that physical security is seen as ‘someone else’s problem’. In most companies, information security and physical security teams are entirely separated, with different reporting structures and unrelated budgets. The left hand doesn’t know what the right hand is doing.
Another reason is that information security and physical security personnel come from different tribes. The IT professionals are, to some degree, nerdy geeks, whereas the physical security professionals are burly guards. There’s an acute difference in status that is reflected in the pay grades for each. Information security professionals are, well; professionals, while physical security personnel, more often than not, have to eke out a living on minimum wage.
This is largely due to the nature of the security systems and technology involved, which in turn determines the nature of security activity. Most physical security controls are located near to the object or area that they protect and are consequently spread about a facility. Some are physical controls, such as door locks, that must be inspected manually. Others are electronic devices, such as sensors or surveillance cameras. But most of these are standalone technology; each has its own control mechanisms. So no centralized device management is possible.
The Winds of Change
The fragmented nature of security systems, particularly physical security systems, has come to be seen, correctly, as presenting a high risk.
And, conveniently, physical security devices based on IP technologies are becoming available commercially and at an affordable price. One example is the development of intelligent vision systems that record, store and distribute digital video images from surveillance systems over any communications network – including telephone, ISDN, Ethernet, satellite, wireless, TDM , ATM and frame relay networks.
This enables multiple network users to monitor banks of images from multiple cameras at distributed locations in real time. Gone are the days when bored security guards had to manually go through images stored on piles of analogue video tapes.
Holistic risk management is high on the agenda of today’s corporate executives – much of it spurred by regulation that mandates higher levels of security. The central management of physical security may seem like a futuristic vision, especially given the investments that organizations have made in physical security controls. But the technology can help with that too. Vendors are writing device and manufacturer specific interfaces to legacy security equipment that allow them to connect to IT networks. This cuts the adoption costs of central management considerably. It protects the investment in the existing security devices. Organizations can now put the same central control mechanisms in place for their physical assets as they have for IT assets.
Physical security is coming in from the cold.