Getting physical...and logical
David Fowler
Whose responsibility is it when an intruder walks out the door with assets that he could access from a machine inside a lab? The correct answer is both physical and logical, yet people in these departments are still either resistant to collaborate openly, or don't recognize the risks of not pooling their knowledge and technology. To date, physical and logical security systems have run in siloed form – separate networks, applications and staff.
The new reality is that physical security is now running on the IT network, so a breach of the network can jeopardize both physical and IT systems making security collaboration essential to minimize corporate risk. Put bluntly, if someone can hack either the physical security system, or the logical side it puts both systems at risk. To date, most have kept these two networks separate, but with more and more IP-enabled devices, this network convergence opens up potential for more risk that exposes both entities. Physical security teams often don't have the IT security experience, so they need the IT expertise and capabilities. At the same time most IT security teams don't understand the challenges of physical security so they need to partner to assure they can understand and meet their requirements. The alternative is two security strategies instead of one, opening up seams between the two that can be exploited.
In the end, having a physical security and a logical security strategy that are not tightly aligned is like having a house where you lock the front and back doors but leave the windows open.
