Making Sense of Where Physical Security and Cybersecurity Meet

By Lance Holloway, Kratos Public Safety & Security in SIA Membership on December 6, 2016 |
Security Industry Association (SIA)

When stepping back and taking a broad view of the security market, I find one of the greatest opportunities in our space is to simply translate technology to nontechnical groups, or to translate real pain points to entrepreneurial solutions crafters.

One such case in point is the connectivity between physical and cybersecurity. Even the most cutting-edge physical security product must exist as part of the overall IT ecosystem in most customer settings. In the past, IP-enabled equipment, software services and databases have all been “tossed” onto the network with little or no collaboration with the IT group. Many times, cybersecurity vulnerabilities stem from aging or misconfigured equipment left on the network without being part of the overall maintenance and audit program. Recently, one of the largest denial-of-service attacks in history stemmed from exploits on vulnerable security video equipment across North America and abroad.

So IP-enabled physical security devices can be registered as part of the broader IT governance program. IT groups implement entire software platforms that focus on managing the security of every IP-enabled device on the network as well as the login permissions of authorized employees on those devices. These platforms are called Identity and Access Management (IDAM). If you are familiar with Microsoft’s Active Directory, then you have a good understanding of the principles involved in IDAM platforms. People are organized into “roles” that they play within the business and are granted permission across network equipment that should be accessible to their role. Traditionally however, these organizational disciplines have been limited in scope. The IT department managed only the network and physical security managed only door access.

Now, in recent years, a new evolution in the entire IDAM tenant has risen to the top of the toolbox and can be leveraged with tremendous benefit to both physical security and IT departments—Physical Identity and Access Management (PIAM). A true PIAM platform masters the needs of the IT department for audit reporting, logical access control and risk management while extending these critical functions into the physical security products on the customer premise. Now, instead of two separate kingdoms managing employee permissions, a single platform can grant and manage rights to the network as well as physical doors.

SOX and NERC CIP audits can now take minutes instead of weeks. Abnormal behavior of trusted employees can be brought to light and examined. Granting and revoking of permissions to networks and physical locations can be streamlined even across global company enterprises. PIAM is truly a master cornerstone element when determining a customer’s security roadmap. When discussing the marriage of physical and cybersecurity, I start with PIAM platforms.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association (SIA).