Not long ago, government agencies and other organizations had two sets of security guards: one group protecting buildings, offices, labs and other physical structures; the other monitoring networks for hackers and other cybercriminals. But that's changing. More and more, companies, government agencies and other organizations are looking holistically at their security management and practices.
This convergence of cyber and physical security, in part, has spawned the Open Security Exchange, a consortium of private-sector technology companies developing vendor-neutral interoperability specifications and best practices guidelines.
"There is no such thing as security if they're separate; one is increasingly dependent on the other," said Laurie Aron, OSE's vice chairwoman and strategic sales director at Software House. She said lines between cyber and physical security are blurring.
Eric Maurice, director of Computer Associate's ETrust Security Solutions and OSE's executive director, said "convergence" has two meanings. The first is technical convergence. Traditionally, physical security systems such as access control panels or surveillance cameras were operated on dedicated networks. But in recent years, organizations have begun to run physical security systems on their IP networks.
But running nontraditional technologies on such networks has raised concerns about performance and security.
"I'm aware of a few incidents where companies were putting in place a digital video recording system without changing the password," Maurice said. "Traditionally, you talk about hacking and spying as something very abstract. But, in this particular case, I can look at you working at your desk, and you won't even know it."
The second meaning of convergence refers to security disciplines. Security needs to be viewed in a strategic manner, Maurice said, because the majority of computer crimes are committed by individuals such as disgruntled employees or contractors who physically access unauthorized systems.
OSE officials are working with industry leaders to provide standards that allow physical and IT security systems to share information, something that is difficult to achieve, Maurice said.
Among the benefits of convergence, experts say, are consolidated security management and response, better detection and tracking, simplified forensics and consistent policies across the enterprise. Security tug of war Organizations have traditionally spent more on IT security than on securing facilities, experts say. They also cite cultural problems affecting the two security groups, among them a lack of collaboration, coordination and response.
Digg
De.licio.us
Slashdot
Technorati
