classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018

Physical/logical convergence
November 2018, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure

The question of convergence is nothing new to the physical security industry. It wasn’t too long ago that surveillance technologies converging onto the IP platform was the thing everyone was talking about and we have since seen a massive shift from analogue surveillance to IP-based surveillance – although analogue is far from dead. Similarly, we have seen almost all the areas of the physical security industry moving to IP as a way to better control connected systems and integrate with other products.

Today, however, we are seeing a new convergence game in town, one that will have a far greater impact than IP convergence ever had. One of the reasons for this is that nothing in this industry will remain unaffected. The convergence between physical and logical (or cyber) security will be a game changer, not simply as a result of new technologies available and new skills those in the industry will have to learn, but because it will change the way we do everything, from planning to design and all the way to installation and maintenance.

Another enormous challenge will be getting physical and logical security people and departments to work together and speak the same language. At the NEC XON summit at Sun City this year, Bertus Marais, divisional GM of XON Safety & Security, noted that the convergence of physical and cybersecurity is already a reality in many organisations. He noted that companies today are demanding a holistic view of their security operations and if the two worlds are separate, that simply leaves a gap in your security posture.

Everyone is involved

Roger Truebody.
Roger Truebody.

Roger Truebody also notes that physical/logical convergence is a discussion more people are having, but he says, it is a very difficult topic to deal with as a generality. The discussion is definitely growing, but the level of the discussions vary from industry to industry, and in some cases, company to company.

Those who see security as important to their future business success are further ahead of the curve due to various pressures they find themselves under, as well as past experiences of losing access to their systems (and hence losing money) due to a cyber-attack. Truebody adds that the point of contention in almost all discussions is not technical or skills related, but cultural.

The ‘IT guys’ and the ‘security guys’ have different priorities, personalities and challenges, and very different working cultures – even those working in the same company. Overcoming these differences is where the hard work starts.

Mark Walker.
Mark Walker.

Mark Walker, associate vice president: sub-Saharan Africa at IDC Middle East, Africa & Turkey, agrees, noting that the current allocation of duties among the physical and logical teams are still very much in their silos and the teams have a singular view of their tasks and roles in the organisation. He says it is also a question of turf, especially among senior people who are worried what may happen to their position if the silos converge.

What’s needed from both sides is a broader view of the business, adds Walker. Security personnel should start looking at security from a business and user point of view, expanding their concept of security to incorporate the whole business. To use a familiar term, he says they need to look at integrating all their security systems and platforms into a holistic enterprise solution. This will include everything, from data and network perimeter protection, through to facilities management and surveillance, and all the way to integrating the latest artificial intelligence (AI) solutions – such as predictive and/or behavioural analytics.

Starting the process

No matter the challenges, the convergence process is not one that will go away and companies that delay starting will only see their people, assets and systems more vulnerable and more targeted by more sophisticated attacks – because they are easier targets. Truebody says the starting point is to first sit down, talk to each other, and develop the will to make convergence happen.

Once you know that it is going to happen and have buy-in from everyone concerned, you can then start with a risk analysis that does a full audit of your physical, logical and business security risks. In a nutshell, Truebody says that once identified, you can then go further with impact analysis and so forth, developing integrated prevention, protection and recovery strategies.

However, he warns that while it may look good on paper, if the will and buy-in is ­missing, it will not happen as convergence is a significant clash of culture and ego – who is going to be the boss of the converged security department.

Walker echoes these sentiments, noting that getting the two cultures working from the same scorecard is the first challenge that has to be overcome. The parties need to get talking and raise general awareness at the top about the enterprise’s holistic security challenges.

The next step is to continue the communications while also acknowledging the scope of the task ahead. Then comes the strategy to converge the security function into one and the challenge of putting it all under one executive – a chief security officer (CSO) or someone with authority to speak to the board.

Walker also recommends that automating as much of the converged security function as possible is critical in terms of getting the best results, as well as streamlining integration challenges.

Small wins

While the convergence of physical and logical security is a complex operation and the chore of getting people from different cultures to work together is enormous, companies can also go for smaller wins to prove its effectiveness.

As an example, Marais said this convergence can simply be an application that logs your computer off, or activates a screen lock when it sees you are no longer sitting in front of it. This combination of physical and cyber is simple, but it can prevent unknown people using your computer, prevent ‘over-the-shoulder’ password stealing and even be integrated with physical access control in order to prevent you from logging onto your computer if you haven’t entered the building (or a trusted location). Similarly, if it notices you have left the building or your area of work without logging off, it can do so for you.

Vernon Fryer, CISO and GM Cyber Security at NEC XON, provides an example of convergence happening in some Cyber Defence Operation Centres (CDOC) NEC XON runs in South Africa and further up on the continent.

These CDOCs are examples of convergence in that one of their functions is to monitor IoT devices, which includes security systems, such as surveillance cameras and other electronic readers or sensors. The central server automatically monitors any number of devices over time and creates a base line of various data points. Should any of these standard readings change, the control centre is immediately alerted that something has changed and operators can investigate.

The readings under scrutiny include almost anything, and range from a simple change in state (from on to off, for example), through to changes in the firmware (in case malware is installed as happened in the Mirai botnet attack), to changes in a device’s configuration or if a device is accessed from a strange IP address.

Any changes are noted and investigated by the CDOC personnel, thereby ensuring the cybersecurity of physical security devices and other IoT systems. This relieves pressure on the operators and makes sure these devices remain in working order over the long term. Another integration Fryer says the CDOCs can perform is to integrate social media feeds to pick up trends, as well as to identify people caught on camera from pictures on their social media feeds.

One article can’t cover the full scope of the convergence between physical and logical security, but it is clear that this is a task we need to get to grips with. Physical security experts have to adapt to the IT world and all that entails, including learning the language and customs of what can be a completely foreign culture in the office next door. The result of this convergence will be a complete security strategy that protects organisations on all fronts from threats that are only increasing in size, scope and sophistication.

  Share via Twitter   Share via LinkedIn      

Further reading:

  • From the editor’s desk: Converging access control
    November 2018, Technews Publishing, News
    Welcome to the Access & Identity Management Handbook 2019. We’re publishing this in January as opposed to our traditional end-of-year publishing schedule to make sure you have some bed-time reading for ...
  • Trust but continually verify
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Hi-Tech Security Solutions looks at access and identity management and asks some industry players what ‘zero trust’ and ‘least privilege’ access means.
  • Managing who, what and why
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security
    Today’s access control isn’t only concerned with who has access, but also what has access, why they need it and what they are doing with it.
  • Physical and logical convergence is a fact
    November 2018, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
    Convergence, the next buzzword? A dated buzzword? Is convergence ­merely ­integration on steroids? What is convergence?
  • The expanding role of IT in access control
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
    What role is IT playing in the world of physical access control and how far will its role expand in future?
  • Taking augmented identity to the world
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    Hi-Tech Security Solutions spoke to Gary Jones, VP Global Channel and Marketing biometric access and time solutions) at IDEMIA (formerly Morpho) about his career with the company and its new vision of Augmented Identity.
  • A scan of fingerprint biometrics
    November 2018, Technews Publishing, Access Control & Identity Management
    Given the increase in the use of fingerprint technology in public and private organisations, as well as some recent announcements on the reliability or lack or reliability of certain types of sensors and algorithms in the fingerprint biometric market, Hi-Tech Security Solutions spoke to some of the leading fingerprint biometric vendors in the market to find out more about the state of this market.
  • BIMS set to change identity ­management
    November 2018, Technews Publishing, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Local biometrics integrator, Ideco Biometric Security Solutions, has announced that its Biometric Identity Management System (BIMS) has been launched to market.
  • Tracking biometrics into a brave new digital world
    November 2018, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    The industry is increasingly transitioning from unimodal to more integrated multimodal biometric solutions for more accurate identity verification and faster real-time results.
  • A better approach to fingerprint biometrics
    November 2018, This Week's Editor's Pick, Access Control & Identity Management
    Not all optical biometric fingerprint scanners are created equal. The type of sensor used has a powerful impact on speed, accuracy, reliability and portability.
  • Your face tells a story
    November 2018, Technews Publishing, Access Control & Identity Management, CCTV, Surveillance & Remote Monitoring, Government and Parastatal (Industry)
    Facial recognition has advanced to the point where it can be rolled out over large areas and accuracy is no longer a hit-and-miss affair.
  • Key components of access control
    November 2018, Paxton Access, Access Control & Identity Management, Integrated Solutions
    Dan Drayton speaks to Hi-Tech Security Solutions about what the key components in modern access control systems are.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.