SIA Panel Calls for Rethinking Identity, Data Trust and Quantum Threats
Key Highlights
-
Digital identity gaps are widening, and organizations must strengthen onboarding, credentialing and verification processes to counter rising impersonation threats.
-
Security data delivers cross-department value, helping teams demonstrate that physical and cyber systems support broader operational and business goals.
-
Quantum-era risks require early preparation, with panelists urging organizations to adopt stronger encryption practices and plan now for long-term data protection.
The Security Industry Association’s (SIA) “Return on Security” roundtable convened in New York City for this year’s ISC East conference to deliver a familiar message: while security threats continue to evolve at an exponential rate, security teams are still fighting to be recognized as more than a cost center. Identity management, data trust and long-term planning for a post-quantum world are becoming central to enterprise strategy.
Strengthening digital identities
The panel — featuring Mark Reed, Executive Director of Campus Support Operations, City of Hope; Teresa Wu, Vice President, Smart Credentials and Access at IDEMIA; and Scott Dunn, Senior Director, Business Development Solutions and Services at Axis Communications — opened the discussion with a focus on digital identity, particularly digital onboarding.
Digital credentials, Wu emphasized, have completely reshaped how organizations onboard and verify new employees. In doing so, they have also opened brand new avenues of attack for threat actors, whose attempts to infiltrate organizations are growing increasingly sophisticated.
“Attackers don’t only store login credentials anymore,” Wu said. “They’re pretending to be employees to gain internal access to your company.”
She cited the Scattered Spider MGM cyber incident to underscore the consequences of weak identity controls. A single social engineering call to a helpful IT desk employee triggered significant operational and financial damage to the tune of $160 million dollars. This attack, Wu said, reflects why identity controls and verification processes need to continuously mature to counter the evolving tactics of cyber criminals.
To combat this, organizations should look into establishing digital identity standards. Wu mentioned New York’s mobile driver license program, launched last year, as an example of government-issued credentials that could be leveraged during employee onboarding. Organizations need comprehensive strategies around credential management that focus protection on networks and infrastructure.
Using security tools to support enterprise goals
Reed shifted the discussion toward practical applications of existing security systems. City of Hope, like most healthcare organizations, faces tightening budgets and rising operational expectations.
His approach is to demonstrate that existing security infrastructure can be leveraged for a lot more than security itself. “When budgets get smaller and efficiency needs go up, you need to build use cases that show security isn’t just a cost center,” Reed said.
Breaking down departmental silos, he explained, opens the door for data sharing that benefits everyone. Data gleaned from access control systems, cameras and sensors can inform decisions across an entire facility. Cameras tracking customers also track their movement patterns, which can be used to optimize product placement or improve the flow of foot traffic. Acoustic sensors, originally installed for threat detection purposes, can monitor noise levels throughout a hospital to improve patient satisfaction scores.
The focus on security as a value add, Reed emphasized, completely changes budget conversations with the C-suite. “When I’m meeting with financial leaders, it isn’t because I need another camera to keep the place safe — how much safer are we going to get?” he explained. “The pitch now includes multiple use cases, bringing in allies from other departments.”
Dunn recalled early retail deployments of what he called “cross-functional video” — video analytics used to study customer behavior. “Marketing wanted that data,” he explained. “The security department didn’t have the budget for additional monitoring devices, but marketing did. We were able to order a greater number of devices because both departments found that customer data valuable.”
This, Dunn said, is the natural progression of security data increasingly improving operational efficiency and business intelligence throughout an organization.
Preparing for a post-quantum future
As data becomes more critical to business operations, organizations must prepare to secure it in a post-quantum world. Wu warned that, even if full-scale quantum attacks remain a decade away, preparations must begin now. When encryption breaks, organizations won’t know which camera feeds or data sources to trust unless proper certification management protocols are in place.
“In decades to 15 years from now, we believe quantum computers will have enough stabilized qubits to break asymmetric key encryption, which is what we use mostly as AES or RSA encryption,” she said. “That is not a lot of time for organizations to become quantum agile.”
When powerful quantum computers become accessible, threat actors could reverse-engineer private keys from public keys, enabling them to impersonate legitimate websites and business accounts. However, Wu explained, that does not stop attackers from acting now. “I may not be able to decrypt your data today, but I can still store it and decrypt it later.”
Dunn acknowledged that device manufacturers are already working on the problem, particularly those that develop their own chipsets. However, securing your network infrastructure is paramount. “We need to be dependent on securing our networks first — then our devices,” he said.
While quantum computing introduces a suite of new threats, there is potential in its analytical capabilities.
“Quantum computing will, essentially, allow us to see into the future,” Reed said. “Traditionally, we’re very reactive in security. But imagine having the ability to predict an incident on your campus and proactively prevent it from happening.”
Wu encouraged participation in NIST’s National Cybersecurity Center of Excellence post-quantum migration project — of 40 participating companies, only three come from the physical security sector. With quantum computing threats likely to hit the mainstream in a decade’s time, the panel closed with its most important piece of advice: don’t wait for threats to materialize. Ask the tough questions now.
