Addressing the growing cyber-threat landscape, HID Global has advised that it is increasingly important for physical and IT security teams to work together closely. This is in order to develop a comprehensive strategy for combatting both physical and cyber security threats. As more and more devices are designed to connect and share information, the physical security team needs to incorporate the IT team in their proposal, design, implementation discussions and decisions.
Security cameras for example fall under the domain of the physical security team, but now the Internet of Things (IoT) is connecting these with other devices that traditionally might not have been considered under the domain of the physical security team. Having devices like cameras connected to other systems and networks can deliver significant value by turning data into actionable information, but with that you open yourselves to broader public exposure and risk.
“Collaboration isn’t a one-way street. If the IT team hasn’t included the physical security team into their cyber-assessments and incident response processes, the business suffers,” said Chip Epps, vice president of product marketing solutions for IAM solutions with HID Global. “Every member of the physical security team should know what and where the critical technology resources are, and should have been deeply involved in the planning to protect those assets.”
Key factors to consider when shaping a collaborative strategy between the physical and IT security teams:
- Do the physical and IT security teams ultimately report in to the same organisation or Chief Security Officer?
- Has the IT team implemented more advanced security policies that incorporate location attributes, or information often available from physical access systems?
- Is there a regular, recurring forum to discuss and approve projects that cross the line between the teams?
- Are team members participating in any cross-functional projects with members from the IT or physical security team?
- Have either teams been surprised in the last year about the development of a project that they should have been consulted on?
- Is there collaboration on corporate compliance training or is there a separate curriculum/content?
“It is important to get ahead of the inevitable convergence between IT and physical access as cyber-security concerns escalate. The first step is establishing a communications channel, and developing the relationships and processes to make it work,” added Chip Epps.
By ensuring teamwork between the physical and IT security teams the overall security of the site is enhanced, leading to both customer and employee satisfaction.