Home > Security News > When physical and logical security converge
Security News:
EMAIL THIS LICENSING & REPRINTS

When physical and logical security converge

By Billy Hurley, Assistant Editor
05 Feb 2007 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

As the unending string of data breaches and laptop thefts in recent months has shown, today's threat landscape comprises far more than DDoS attacks, viruses and worms. To protect against the broad array of internal and external threats, more companies are considering security programs that forge closer ties between the physical and logical security realms.

In today's enterprise security market, mainstay physical security products like door access-control systems and closed-circuit cameras often rely on TCP/IP. "These systems aren't dedicated pieces of hardware running proprietary OSes anymore," said Forrester Research analyst Jonathan Penn. "They are built atop Windows or Linux."

RSA Conference 2007

Can't make it to the show? SearchSecurity.com staff members are on the RSA floor, on hand to deliver the latest RSA Conference 2007 news and updates.
When physical systems are connected to corporate IP networks, there is an obvious need to incorporate the IT shop into the management of those physical security assets. "You can't go on keeping IT in the dark on these deployments. If you do, you risk that your security systems are vulnerable to attack," Penn said.

This more holistic view of security requires cooperation between two security teams that have often been not just separate but sometimes at odds.

"Each can have a stereotype of the other, and that adds to the challenge of getting the two groups to collaborate," Penn said. Today's breed of logical security folk are frequently grad-school trained, specializing in fields like systems management. Physical security officers many times have law enforcement backgrounds and work with more isolated systems.

"There is a need, but the technology vendors have not been fast enough in meeting that need."
Steve Hunt, president of 4ai International
And it is the physical security group--perhaps uninterested or unskilled in managing IP networks--that is often looking for better ways to integrate with IT. "Convergence as a concept is not being driven by IT or IT security. The movement is being driven almost entirely by physical security champions," said Steve Hunt, president of research company 4A International. "They're the ones with the greatest pains and potential upsets."

It's not always about getting the two sides on the same page, either. Much of the security systems in Las Vegas, for example, have not been switched over to IP, said Brian Contos, CSO at ArcSight. "[Security officers] have to consider the risks of moving their entire operations onto IP. It is not as cut and dry as videotapes and hard wires," he added.

The availability of high-quality products to address this convergence is also a major hurdle.

"There is a need, but the technology vendors have not been fast enough in meeting that need," said Hunt, adding, "Even if there's an excellent technology, it still has to be approved by a systems integrator, and then go through the sales cycle."

An initiative that demonstrates how physical and logical security are converging is HSPD-12, a Homeland Security Presidential Directive requiring a single identity management card for federal government employees. "Some agencies are further ahead than others," said Tom Greco, vice president of enabling infrastructures for Cybertrust, a management services provider that produces HSPD-compliant identity cards.

The directive frees government employees from carrying multiple identity credentials. "HSPD-12, as a concept, is a great idea," said Hunt, "The trouble is there's no one helping to answer fundamental questions: What technology should I acquire? How do I deploy it? Who's going to pay for it? [But,] it's the first standard that's got some legs under it."

"As the deployment of these cards picks up, we'll start to see the enablement of applications," said Greco, suggesting a potential for growth. "Network logical access of this card will be leveraged by the physical."

Looking forward, experts say that addressing evolving threats to enterprise systems without an integrated security program seems inadequate, if not impossible. Physical and logical security teams have little choice but to work together, and there will be setbacks before integrated offerings become commonplace.

<< Return to our special coverage of RSA Conference 2007



Sound Off! -   Be the first to post a message to Sound Off!


Tags: Information Security JobsIdentity Theft and Data Security BreachesInformation Security Incident ResponseVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts