Best practices from the experts at Openpath
This article was contributed by Meraki technology partner Openpath.
In today’s security landscape, very few businesses are running without cybersecurity and physical security systems in place. However, as IoT technology continues to evolve, and more systems move into the cloud, companies need to constantly reevaluate their strategies.
Though cybercrime is the top concern when it comes to security, these incidents are often linked to oversights in physical security practices. A comprehensive approach to physical and cyber security convergence will help address the emerging threats of this new security landscape.
Understanding physical and cybersecurity convergence
Traditionally, physical security measures such as access control, security personnel, and surveillance are treated as standalone functions, with little regard for how data and IT systems are intrinsically connected to physical security. When applications and systems are increasingly mobile or cloud-based, it’s nearly impossible to achieve compliance for sensitive data and identity protection without an integrated physical and cybersecurity strategy.
A cyber and physical security convergence strategy employs measures to restrict access to certain spaces, along with cybersecurity practices to secure the IP network and limit access to sensitive data.
Physical security protects cybersecurity by limiting who has access to spaces where data is stored, and the reverse is also true. Physical security components connected to the internet, such as RFID key card door locks, smartphones, and video surveillance cameras, are common targets for hackers. A strong cybersecurity strategy safeguards the sensitive data that physical systems retain. Physical and IT security convergence addresses the interconnected nature of these components and treats them as one rather than as separate business entities.
Best practices for converged security
In order to successfully implement physical and IT security convergence, systems need to function together seamlessly. While physical security measures are important for preventing unwanted access, a physical and cybersecurity convergence strategy should also cover network devices, applications, and software that power smart, cloud-based devices and security systems as well as the people who manage, monitor, and make business decisions for these functions. To successfully implement a physical and IT security convergence strategy:
- Install access control and surveillance for any space that houses sensitive data, proprietary information, or personally identifiable information (PII), and secure key entry points, such as the front door, to prevent unauthorized individuals from gaining access.
- Ensure that both internal teams and security system providers adhere to best practices for cybersecurity, including using multi-factor authentication (MFA), least-privilege access models, stringent data storage and retention policies, required security training, active system monitoring and threat detection, and frequent vulnerability testing.
- Restructure security teams so that physical security and IT leaders work together to ensure the right technology is deployed and that the systems are functioning to maximize security across the entire organization.
- Establish formal collaboration to give teams a better way to share information from their prospective systems and apply those learnings holistically to improve both cybersecurity and physical security.
- Leverage data compiled from integrated systems for a more complete picture of security posturing across the entire organization.
Physical and IT security convergence aligns threat assessment for faster, more accurate incident response, plus shared goals eliminate redundancies for a unified team across physical and IT functions. By merging cyber- and physical security strategies, teams will be better equipped to navigate the emerging security landscape.
For a more detailed look at the impact of security convergence strategies, join our webinar for a three-part discussion on emerging security strategies.