The physical security market is undergoing a substantial metamorphosis as it looks to evolve from its past focus on doors and fences and adapt to a more integrated approach that incorporates the important information technology (IT) aspect of organizations' overall security strategy. This shift is driven by one of the greatest fears for security professionals -- a coordinated assault that combines a physical security attack with an attack on the IT network that would eliminate the organization's ability to command, control and communicate.
To get a firm grasp of an organization's overall security posture, it is increasingly important to integrate all of your various physical and IT security systems -- systems that until now have been managed and run in separate silos. For an enterprise to adequately protect itself from today's increasingly sophisticated threats, it's critical to leverage advancements in technologies that impact both physical and IT environments. As with many areas of technology, this security convergence will occur in a couple of phases.
Physical Security: It all Started with a Knock on the Door
Physical security overall hasn't changed much in the last few centuries -- there were finite ways in and out of a castle or building. The focus was on protecting the physical perimeter where a moat, wall, fence, gate or door served as the primary barrier to entry. Over time, stronger fences, more sophisticated door locks and electronic badges were created to strengthen the physical security of a building, facility or campus. In today's world -- the definition of the physical perimeter is changing and technology needs to adapt accordingly.
More recently, cameras and a variety of noise and motion sensors entered the equation to provide visual confirmation of threats to the physical enterprise - people lurking where they shouldn't be; unknown vehicles in the parking lot; unmarked packages placed in obscure places. So, there's a confluence of factors happening here:
â€¢ Enabling technologies like cameras and sensors are becoming less and less expensive
â€¢ Physical security systems and devices are becoming Internet protocol (IP) -enabled
â€¢ Advancements in technology are making these devices smarter and smarter, enabling more visibility and automation
â€¢ However, these devices are all still deployed in silos and are not coordinated with existing IT security infrastructure
This begs the question, "How can one have thousands of eyes and still be blind?"
The Rise of the IT-centric Enterprise Called for New Security Measures
Today, no organization can conduct business without basic technology infrastructure. Think about it - without email, Internet and applications, we're essentially unable to effectively communicate. This applies to security organizations, too - losing C3 functions (command, control, communication) cripples their ability to achieve their primary goal of protecting people, assets and infrastructure.
The efficiencies of the IT-centric enterprise brought new threats. IT assets - customer data, business information, intellectual property, secret formulas, etc. - were not only easily accessible and re-usable, but also gave rise to new security challenges related to protecting those assets. Multiple technologies have been being deployed to protect this vital infrastructure; firewalls were created to prevent unwanted access to your network and data; intrusion detection systems alerted security personnel to malicious network traffic and computer usage; encryption protected data at the file-level. In fact, many enterprises have 20-plus security products deployed to "serve and protect," each with their own console collecting and reporting current security status. Security event and information management products address this problem by collecting data from all the disparate products and enable the correlation of activities and threats on the network to elicit the appropriate response.