The Digital is the Physical
In the old school of enterprise security, the magic was in a moniker: 3Gs: Guards, Guns, and Gates. And as technology slowly (ever so slowly) crept into the business, the work of security integration expanded the “Gates”, layered them, connected them, automated them, until in some cases, the other two are superfluous.
This is more than just a technological infusion. It’s a response to the very real corporate security risks that are diversifying, complexifying, and increasing in consequence. And with this exponential increase in challenge, comes an equally accelerated growth in responsibility for business leaders. We’ve spoken before about how today security sits at the intersection of the CDO, the CTO, and the CSO. Throw a CISO in the mix if there is one.
Data + IT Infrastructure + Physical Security is the 3D playing field that enterprise security must play on today.
Replacing Cameras
And yet, the industry is still riddled with camera-replacers and fence-fixers. Read the next 500 articles about “piggybacking” through entries and how corporate campus leaders don’t want to do anything about it. Throw in some stats about how terrifying the world is and add some condescending finger-wagging and you have a well-crafted thought leadership piece.
Security leaders, and those of us who are responsible for these systems across the country, can’t just throw “AI” or “Cyber” on our services page and call it a day. Very real and solution-oriented protocols like OSDP and CIP are readily available and yet adoption rates are disastrously low.
Why? Because your average integrator is out here replacing cameras.
Cloud and IoT
Industry leaders should know the statistics. Three years ago over 15% of cybersecurity breaches had a physical security component. Today, it is likely much worse. Modern campuses are a complex network of IoT devices and smart technologies. Nearly all of them connected to the cloud in some way. While cloud security gets stronger and stronger every year, backed by the technological power of AWS and Google Cloud, the weak points in the physical security net become more tantalizing.
The physical is the digital and the digital is the physical.
To continue to treat these two as separate domains is both a defiance of reality and a recipe for breach of duty of care. For Fortune 1000 companies and critical infrastructure, it is not a matter of if a sophisticated attack but when. What will it be?
- An infected USB drop?
- A piggybacked entry through a vintage Wiegand gate?
- A spliced ethernet drop line?
- A compromised control room?
- An inside actor’s access to weak login protocols?
Honestly, it doesn’t matter. No one is protected by risk whack-a-mole. Today’s security leaders need end-to-end visibility of their integrated cyber and physical threats. Where to begin:
· Get trained on the protocols. SAGE trained its entire team on OSDP.
· Partner with firms that actively testing the latest SecTech.
· Invest in an end-to-end (including supply chain) cyber/physical threat analysis. Our partners at Arch Access are a great place to start.