There has been a lot of interest in converged security over the past few years and as the technology has advanced and matured, businesses are starting to show more interest in streamlining their security processes.
Organisations are starting to realise that physical and IT security convergence can offer some great benefits across many departments.
IT and security managers have found they can save money with a system that is tailored to their users' physical and electronic security needs and so creates a more productive and efficient work environment.
There are still businesses that see converged security as a ‘nice to have’– as the security systems most companies have in place seem to ‘work well enough’.
Market demand continues to grow for more effective solutions to secure buildings, information and people. There is increasing identity theft, financial data fraud, network attacks and regulatory compliance pressures that businesses must be protected against.
There have been many stories of physical and technology security breaches, such as employees leaving laptops on trains or leaving postit-notes with passwords on the device the password is supposed to be protecting.
There have also been cases of employees revealing valuable information, both business and personal, via a social network they believed to be private.
No matter how up to date and secure a business thinks its technology and physical assets are, it must assess the business risks on a ‘worst case’ scenario with particular focus on the immeasurable ‘human factor’.
So where do you start? With so many technologies available such as smart cards and tokens, USB flash memory drives - offering smart chips for portability of digital certificates, and biometrics to ensure card holders are the card owners – there are numerous ways to protect against physical and technological vulnerabilities.
One of the benefits of converged security is the integration. This tackles the most common business driver for security - risk management. An integrated approach to security systems that sit within an organisation’s boundaries may be the first step.
If building access is tied in with employee access to network resources then staff will be more inclined to sign in each day, strengthening physical security while protecting access to information assets.
Physical security products are increasingly IP-enabled to offer interoperability with other network devices, applications and databases.
Companies such as Imprivata and Overtis address the issues of deciding which technologies to use for which vulnerabilities and how to integrate them all by providing solutions such as single sign on and door access control, which integrates with HID access and ID management solutions as well as data tracking/analysis software.
Data is now the new currency in the business world. Everyone is more aware of how valuable it is and despite an increase in data loss incidents in 2008, this has almost halved in 2009.
Businesses are starting to realise that protecting electronic information needs more than just electronic security. Businesses need to take a step back and take a holistic view at what they are trying to protect; it is not just a building, a laptop, a file, a password, it is an organisation and its information.
Businesses need to identify where the high risk areas are, such as server rooms and individual servers and work outwards. The convergence of physical and IT security systems can be very beneficial, especially for the banking and finance industry.
As with all security solutions, businesses must focus on the risks and threats relevant to them, ensure they have a fool proof security system in place and that staff are fully educated on regarding the risks involved with their day to day work.
An integrated security solution can enforce policies that include barring users from accessing systems if they haven’t been registered as physically entering that same area.
Employees will always create risks for business so assessing current and future risk posed to a business is imperative to making sure the correct infrastructure has the most up to date and application-aware security solutions.