Information technology (IT) and physical security have been on a converging path for years. As physical security systems switched from analog to internet protocol (IP)-based, the relationship between these functions began to change. Growing adoption of cloud-based physical security applications created additional areas of overlap. Today, with data breaches rising worldwide and privacy regulations evolving fast, it’s more important than ever for physical security and IT to work together to safeguard facilities and network infrastructure.
Organizations worldwide and across industries are looking to bridge these skills and teams to prevent interrelated IT/physical security business risks and take advantage of the growth of data. Siloed responsibilities, unique department cultures, and isolated systems make this a difficult task. According to an ASIS survey, 76% of chief information security officers (CISOs) and chief security officers (CSOs) believe that blending the cyber and physical security functions will strengthen the performance of security management.
How can these teams work together to secure facilities and networks, optimize business operations, and bring physical security data into a holistic analysis?
Unifying physical security and IT solutions -- and the humans who manage them
CTOs, CISOs, and CSOs are looking at the challenges and considerations. Their concerns are about team integration, role delineation, governance, and the complexity of the decision-making process. Finding common ground isn’t always easy. Organizations face several fundamental challenges when they work to increase IT/physical security team collaboration.
- Different strengths. IT and physical security each play critical roles in corporate risk management. But the types of risks they oversee are vastly different. So are their skills and expertise in identifying and mitigating those threats. Since these teams are focused on their own objectives, they may not always recognize the overlap in their work. A well-architected and cyber-resilient physical security deployment can make a difference. It means that physical security pros can operate without a hitch to keep the business safe, while strong physical security systems mitigate potential risks posed by devices and software on the network.
So, who should oversee the purchase of new physical security solutions? Do physical security teams have the in-depth know-how to implement a robust security system that runs well on the network? Can they ensure performance and reliability across a large and often widespread ecosystem of devices? Or does IT need to guide implementation requirements and specifications?
- Competing priorities. Because every second counts when a potential physical threat is detected, physical security teams require that all information be available to as many people as possible. IT typically wants to limit the number of devices on the network to minimize exposure to cyber threats. In some cases, the disconnect between teams may lead physical security to find their own solutions. Particularly across smaller organizations, they may be more eager to adopt cloud services without fully vetting feasibility, reliability, or vendor cybersecurity credentials. The more these teams remain focused on different objectives, the greater the potential organizational risk.
- Growing exposure to cyber risks. Businesses may have thousands of physical security and IoT/IIoT devices on their networks. The more devices, the more cyber risk. With networks expanding to the supply chain, perimeters become less clearly defined. And with increasing cyberattacks have come new regulations. Achieving compliance can be labor- and time-intensive. From devising and implementing corporate policies and auditing procedures and systems to re-investing in new technologies, the cost of data protection and privacy compliance is surging.
- Data mining. While businesses invest in physical security systems to protect facilities, assets, and people, there’s a growing realization that they’re also collecting a goldmine of data that can be used to gain efficiency and business insight. To capitalize on this data, organizations need the right people with the right skills. That’s where the disconnect can happen. Though the data is coming from physical security investments, IT teams are typically the group most engaged in data projects and digital transformation initiatives. Today, physical security pros are starting to take a more proactive role in unlocking the value of their physical security data.
3 strategies for better collaboration between IT and physical security teams
As roles converge and skill sets combine, organizations are taking different approaches to unify IT and physical security. For some, IT teams are bringing physical security into their group. In others, physical security leaders are expanding their departments with IT skills. And some are broadening the security operations (SecOps) function to address security risks and capitalize on data coming from both groups.
1. Physical security expands with IT skill sets
This scenario involves physical security hiring dedicated resources within their department to oversee IT-related tasks. For instance, they may bring on cybersecurity and privacy experts or add cloud and data specialists. Incorporating existing internal IT resources within the physical department is another option.
2. Security operations takes on physical security tasks
Security operations groups have experience in IT-related cybersecurity, network optimization, and risk mitigation. In this scenario, they evolve that responsibility to also oversee those domains across physical security. They manage data across the enterprise, including from physical security sources, with the primary goal of using that information to extract business value.
3. IT begins overseeing physical security mandates
In addition to becoming more active in physical security decision-making, in this scenario, IT also takes on physical security as part of their mandate. The CISO becomes the predominant leader of IT and physical security. This provides a more central view of operations and risk mitigation strategies, with a focus on resilient networks and security ecosystems.
Unifying physical security systems plays a critical role in convergence
An open, unified physical security platform supports all convergence strategies, facilitating the IT and physical security merger. Built to include video surveillance, access control, and license plate recognition, a unified solution eliminates the need for separate systems. Instead, data flows into an intuitive platform, providing a shared view for consistent decision-making across the enterprise.
Simplify business operations
A unified solution consolidates all physical security data in one view. Physical security teams can access thousands of cameras and doors, intrusion sensors, automatic license plate recognition, intercoms, and more across locations and geographies. This ensures they can efficiently manage security policies, monitor events, and run investigations. It also simplifies data management for IT and SecOps by consolidating security system data. Seamless integration and a standardized data format provide consistent paths to extract and export information to external databases or data lakes. This streamlines data sharing enhances collaboration and enables efficient utilization of security information within the broader data ecosystem.
Improve privacy and cybersecurity
Working from a unified security platform, IT and security teams can implement a single, global data protection and privacy strategy. Everything from the ways they encrypt data and enable multi-factor authentications to how they share evidence and define user privileges can be applied across all physical security systems. A unified platform creates a comprehensive view of real-time risks and effective tools to harden systems and devices. Automating retention policies, scheduling audit reports, and using privacy masking further streamline compliance.
Streamline access to cloud and hybrid-cloud capabilities
A flexible unified security platform gives organizations the option to deploy on-premises, cloud, and/or hybrid-cloud, supporting greater physical security and IT convergence. Cloud services help reduce IT and security team workloads. Teams no longer need to manage infrastructure, handle updates, or monitor system health. Instead, everything from device firmware and software patches to other critical security data is automatically pushed to the system. Cloud services can also facilitate new business applications, such as extending physical security system access to other departments to enhance operations, trying out new file sharing, or streamlining the flow of visitors across sites.
Optimize data gathering and business intelligence
When all physical security data comes into one platform, teams can gain meaningful business insights. A unified platform that offers rich data visualization can display data in maps, charts, or histograms rather than in databases and spreadsheets. This can help teams get to the real work faster, find valuable insights, and uncover unexpected issues. Teams can identify patterns in security incidents and better understand how current security strategies measure up. From there, they might find opportunities to enhance incident response or make cost-saving improvements to standard operation protocols (SOPs).
With a data-driven view, teams can find new ways to optimize space, streamline parking, expand sustainability efforts, or comply with industry requirements. They could also extend system information to other departments that are focused on improving the customer experience or business services.
There is no right or wrong approach to converging IT and physical security teams. These departments have long-standing organizational strengths. They share a dedication to keeping the organization secure. And in many cases, these teams have already found ways to adapt and work more closely together to successfully implement new projects and improve processes. Unifying physical security systems can help ease convergence and unlock the power of data.