Dive Brief:
- As physical facility security increasingly depends on technological controls, organizations must address vulnerabilities in the digital realm to ensure the security of their physical premises, a report from Info-Tech Research Group stated.
- Moving physical security to the cloud and integrating operational technology with the Internet of Things increase the volume and frequency of security threats, Info-Tech’s security and privacy practice research director, Ida Siahaan, stated in the report.
- The IT research firm said companies must consider integrating digital and physical security measures to identify and mitigate potential threats more efficiently.
Dive Insight:
The adoption of cloud technologies and sophisticated access control systems, which include technologies like electronic locks and biometrics, is driving a shift in the security landscape through the convergence of operational technology and the Internet of Things, Info-Tech Research Group’s principal advisory director, Carlos Rivera, said in a press release.
Physical security threats that can come via cybersecurity breaches include unauthorized access to facilities or system permissions, introduction of viruses and malware into networks and the risk of virtually overriding HVAC applications.
Thus, physical security operations often involve interdependence among internal departments like facilities, information security and IT in addition to external third-party vendors, Info-Tech Research said in the release.
But collaboration and cooperation across those departments is not guaranteed. “Territorial protection … may limit security visibility and hinder security integration,” the report said, calling for an integrated security architecture that involves people, processes and technology to strengthen an organization’s overall security posture.
However, combining physical and information security to create a hybrid system can pose challenges. These can include the migration costs involved in governing and managing integrated systems as well as difficulties with staffing, training, awareness-building and reliance on third parties, the Info-Tech report stated.
Info-Tech said the benefits of integration outweigh the risks. “Considering the security risks organizations face, many [companies] are unifying physical, cyber and information security systems to gain the long-term overall benefits a consolidated security strategy provides,” Siahaan wrote in the Info-Tech Research report.
Info-Tech recommends bolstering a company’s security posture by assembling the right team to ensure successful implementation of an integrated security system; developing a physical security system that is interoperable with most technologies; identifying the best strategic, realistic and risk-based architectural design; and understanding how to measure and report metrics that will provide insights into how the security systems are performing.
