What is Physical Security?
Cybersecurity, an Internet Age concern, is now emphasized over traditional physical security. This, however, is a big mistake because the real world still poses just as much of a threat to your property as the cyber world. Physical security, or the protection of your assets from physical damage and in-person theft, therefore remains vitally important and this is reflected in its development into a $30 billion industry. The separation between physical and cyber defense has been narrowing, though, with the development of the Internet of Things (IOT) and advanced artificial intelligence (AI). As a result, physical and IT security are becoming much more integrated.
Importance of Physical Security
Physical security is primarily dedicated to protecting your property from people, those working within your organization and those from outside it. Security teams endeavor to keep your buildings safe from the outside public, your sensitive work areas free of third party workers and your own employees out of areas they don’t belong in. This is done through prevention and rapid detection and response to threats. These security measures are important because attackers could damage assets, steal essential equipment like servers, access sensitive information, or even sabotage your critical equipment with malware. A notable case in Chicago, where a colocation site was burglarized four times in just two years, only highlights the real world threats firms face today.
Physical Security Methods
Two primary means of physically securing an area are surveillance and controlled access. Surveillance entails monitoring areas with guard patrols, CCTV systems and movement/sound sensors. Quite complex sensors, like infrared, pressure and temperature variation detectors, can be used for high-risk areas. Access control starts with basic things like good fences, strong building walls and secure doors and windows. Barbed wire, patrolling guards and warning signs further dissuade opportunists from attempting a break-in. With this said, the CEO of security consulting firm TrustedSec David Kennedy cautions businesses not to put all their security at the front door, leaving the rest of their facility vulnerable to attack. He notes that many firms completely ignore other access points, allowing them to go unmonitored and unprotected. Kennedy also thinks it’s important to realize that security is only as good as your employees’ ability to recognize and handle threats. Therefore, he advises that employees be trained to be skeptical and to always follow proper procedures.
There are numerous complex ways to control access, but nearly all of them can be overcome. ID cards are easily stolen or counterfeited and while radio frequency identification (RFID) and near-field communication (NFC) technology can make them harder to duplicate, even they aren’t a great security option. As Kennedy cautions, “RFID badges are easily cloneable.” He suggests using a RFID card with a magnetic strip, that has to be swiped, and a pin number to strengthen access security. While biometrics, using facial, fingerprint, iris, or pulse recognition technology, are becoming a popular way to secure entry points, Kennedy warns against using them too. Facial recognition can be overcome with sophisticated masks, fake fingers can fool readers and iris readers can be tricked using a photo and a contact lens.
AI and IOT Link Physical Security with Cybersecurity
Increasingly, physical security is becoming part of digital security. Many surveillance systems are now connected to the internet. Logs are also often digitally maintained. Drones are increasingly used to patrol facilities and security firms are looking to fully automate such surveillance in the future. Additionally, Kennedy notes primary security concerns have now shifted away from mere physical asset/location protection to information security. He also asserts that AI logic is being employed more in threat detection.
IT and Physical Security Teams Must Work Together
New internet-connected security devices have many potential backdoors increasing a business’ vulnerability to hackers. As Kennedy explains, this makes it even more important that IT and physical security teams work together to uncover and solve these issues. This necessity has led some companies to create security operation centers (SOCs) that address both digital and physical security threats. However, security expert Steve Kenny of Axis Communications asserts that the main trend today is a centralization of control in a few efficient control centers.
Sam leads our team of advice columnists and is responsible for providing our readers with sound advice on matters concerning security, especially online.