Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.
Physical security is often overlooked -- and its importance underestimated -- in favor of more technical threats such as hacking, malware, and cyberespionage. However, breaches of physical security can be carried out with brute force and little or no technical knowledge on the part of an attacker.
Physical security has three important components: access control, surveillance and testing. Obstacles should be placed in the way of potential attackers and physical sites should be hardened against accidents, attacks or environmental disasters. Such hardening measures include fencing, locks, access control cards, biometric access control systems and fire suppression systems. Second, physical locations should be monitored using surveillance cameras and notification systems, such as intrusion detection sensors, heat sensors and smoke detectors. Third, disaster recovery policies and procedures should be tested on a regular basis to ensure safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.
The internet of things (IoT) is widening the sphere of physical security as smart devices connected to business systems via the internet may be located outside of established secure perimeters. Isolating these smart devices can't be achieved in the same way as those within an organization's physical borders, so device location will play a key role in keeping equipment safe, secure and fully functional in the outside world. Appropriate safeguards such as tamper-resistant ID tags are often enough to deter the opportunist thief and can increase the chances of an item being returned. Motion sensors, tracking signals and tamper-proof locks can provide additional security for higher value or mission-critical devices.