In the world of increasing security threats, we’re attacked at both the physical and logical fronts. Logical damages hit organization reputations, goodwill, and company brand and trust, whereas physical damage at macro level impacts human lives and the economy. The Mumbai attacks in 2008 (often referred to as 26/11), the London public transit attacks in 2005 (often referred to as 7/7), and of course 9/11, are the real life examples that pointed to deficits in physical security controls.
When we closely examine and measure many current physical security controls, we often identify weaknesses and realize that the controls really do not provide the reliance we are looking for. It’s become important for an organization to adopt a layered approach when building its physical security controls.
Many physical security controls are reactive in nature and often times the responding professionals may not be as skilled when following a standard operating procedure for a response. To address this situation, if the organization implemented a layered approach to physical security controls, response to complex incidents in real-time will probably reduce the risk.
Here’s a macro view of a layered approach:
- Level 1 – Basic controls in place
- Level 2 – Converging physical security in a single integrated system with automated standard operating procedures
- Level 3 – Enable systems on an IP backbone and build strong IT security controls
- Level 4 – Building KPI framework for physical security controls
With these levels, we are building a maturity framework for physical security systems, starting with basic physical security controls followed by convergence of the same on a single integrated platform that can be accessed, monitored, SOP enforcement on a web interface from any Web enabled IP device. With this Web advancement it’s important to build an IT security layer around physical security controls. This results in a true state where there is convergence of both physical and logical controls.
Benefits to an organization by following this approach typically include:
- Integration of current hybrid physical security controls in a single unified framework that delivers enforcement of procedures on the ground across systems
- Delivery of strong coordination during incident management
- Compliance with regulatory physical security control needs
- Delivery of audit trail from systems that helps in delivering forensic investigation in real-time
- Monitoring and improvement of physical security control operations
- Delivery of real-time incident analysis, operation analysis
Attacks are distributed across the enterprise both at a physical and logical level. For security to be effective, it must be organized to react quickly to resolve issues across the enterprise. There is a definite need for systems that can enable a rapid response to security breaches and prompt investigation of events. Convergence may be the answer!