Physical/logical convergence

Access & Identity Management Handbook 2019 Editor's Choice, Information Security, Integrated Solutions, Infrastructure

The question of convergence is nothing new to the physical security industry. It wasn’t too long ago that surveillance technologies converging onto the IP platform was the thing everyone was talking about and we have since seen a massive shift from analogue surveillance to IP-based surveillance – although analogue is far from dead. Similarly, we have seen almost all the areas of the physical security industry moving to IP as a way to better control connected systems and integrate with other products.

Today, however, we are seeing a new convergence game in town, one that will have a far greater impact than IP convergence ever had. One of the reasons for this is that nothing in this industry will remain unaffected. The convergence between physical and logical (or cyber) security will be a game changer, not simply as a result of new technologies available and new skills those in the industry will have to learn, but because it will change the way we do everything, from planning to design and all the way to installation and maintenance.

Another enormous challenge will be getting physical and logical security people and departments to work together and speak the same language. At the NEC XON summit at Sun City this year, Bertus Marais, divisional GM of XON Safety & Security, noted that the convergence of physical and cybersecurity is already a reality in many organisations. He noted that companies today are demanding a holistic view of their security operations and if the two worlds are separate, that simply leaves a gap in your security posture.

Everyone is involved

Roger Truebody.
Roger Truebody.

Roger Truebody also notes that physical/logical convergence is a discussion more people are having, but he says, it is a very difficult topic to deal with as a generality. The discussion is definitely growing, but the level of the discussions vary from industry to industry, and in some cases, company to company.

Those who see security as important to their future business success are further ahead of the curve due to various pressures they find themselves under, as well as past experiences of losing access to their systems (and hence losing money) due to a cyber-attack. Truebody adds that the point of contention in almost all discussions is not technical or skills related, but cultural.

The ‘IT guys’ and the ‘security guys’ have different priorities, personalities and challenges, and very different working cultures – even those working in the same company. Overcoming these differences is where the hard work starts.

Mark Walker.
Mark Walker.

Mark Walker, associate vice president: sub-Saharan Africa at IDC Middle East, Africa & Turkey, agrees, noting that the current allocation of duties among the physical and logical teams are still very much in their silos and the teams have a singular view of their tasks and roles in the organisation. He says it is also a question of turf, especially among senior people who are worried what may happen to their position if the silos converge.

What’s needed from both sides is a broader view of the business, adds Walker. Security personnel should start looking at security from a business and user point of view, expanding their concept of security to incorporate the whole business. To use a familiar term, he says they need to look at integrating all their security systems and platforms into a holistic enterprise solution. This will include everything, from data and network perimeter protection, through to facilities management and surveillance, and all the way to integrating the latest artificial intelligence (AI) solutions – such as predictive and/or behavioural analytics.

Starting the process

No matter the challenges, the convergence process is not one that will go away and companies that delay starting will only see their people, assets and systems more vulnerable and more targeted by more sophisticated attacks – because they are easier targets. Truebody says the starting point is to first sit down, talk to each other, and develop the will to make convergence happen.

Once you know that it is going to happen and have buy-in from everyone concerned, you can then start with a risk analysis that does a full audit of your physical, logical and business security risks. In a nutshell, Truebody says that once identified, you can then go further with impact analysis and so forth, developing integrated prevention, protection and recovery strategies.

However, he warns that while it may look good on paper, if the will and buy-in is ­missing, it will not happen as convergence is a significant clash of culture and ego – who is going to be the boss of the converged security department.

Walker echoes these sentiments, noting that getting the two cultures working from the same scorecard is the first challenge that has to be overcome. The parties need to get talking and raise general awareness at the top about the enterprise’s holistic security challenges.

The next step is to continue the communications while also acknowledging the scope of the task ahead. Then comes the strategy to converge the security function into one and the challenge of putting it all under one executive – a chief security officer (CSO) or someone with authority to speak to the board.

Walker also recommends that automating as much of the converged security function as possible is critical in terms of getting the best results, as well as streamlining integration challenges.

Small wins

While the convergence of physical and logical security is a complex operation and the chore of getting people from different cultures to work together is enormous, companies can also go for smaller wins to prove its effectiveness.

As an example, Marais said this convergence can simply be an application that logs your computer off, or activates a screen lock when it sees you are no longer sitting in front of it. This combination of physical and cyber is simple, but it can prevent unknown people using your computer, prevent ‘over-the-shoulder’ password stealing and even be integrated with physical access control in order to prevent you from logging onto your computer if you haven’t entered the building (or a trusted location). Similarly, if it notices you have left the building or your area of work without logging off, it can do so for you.

Vernon Fryer, CISO and GM Cyber Security at NEC XON, provides an example of convergence happening in some Cyber Defence Operation Centres (CDOC) NEC XON runs in South Africa and further up on the continent.

These CDOCs are examples of convergence in that one of their functions is to monitor IoT devices, which includes security systems, such as surveillance cameras and other electronic readers or sensors. The central server automatically monitors any number of devices over time and creates a base line of various data points. Should any of these standard readings change, the control centre is immediately alerted that something has changed and operators can investigate.

The readings under scrutiny include almost anything, and range from a simple change in state (from on to off, for example), through to changes in the firmware (in case malware is installed as happened in the Mirai botnet attack), to changes in a device’s configuration or if a device is accessed from a strange IP address.

Any changes are noted and investigated by the CDOC personnel, thereby ensuring the cybersecurity of physical security devices and other IoT systems. This relieves pressure on the operators and makes sure these devices remain in working order over the long term. Another integration Fryer says the CDOCs can perform is to integrate social media feeds to pick up trends, as well as to identify people caught on camera from pictures on their social media feeds.

One article can’t cover the full scope of the convergence between physical and logical security, but it is clear that this is a task we need to get to grips with. Physical security experts have to adapt to the IT world and all that entails, including learning the language and customs of what can be a completely foreign culture in the office next door. The result of this convergence will be a complete security strategy that protects organisations on all fronts from threats that are only increasing in size, scope and sophistication.



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
From the editor's desk: Showtime for Securex
Technews Publishing News & Events
We have once again reached the time of year when the security industry focuses on Securex. This issue includes a short preview, with more coming online and via our special Securex Preview news briefs. ...

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
Digitising security solutions with AI and smart integration
Regal Security Distributors SA Technews Publishing Integrated Solutions
The Regal Projects Team’s decades of experience and commitment to integration have brought the digital security guard to life as a trusted force for safer, smarter living.

Read more...
Smart cities and the role of video security
Surveillance Integrated Solutions
As cities around the world continue to embrace smart technology, including IoT that not only connects to people, but also the surrounding activity, the integration of advanced video security systems is crucial to ensure safety and efficiency in environments.

Read more...
From the editor's desk: We’ve only just begun
Technews Publishing News & Events
The surveillance market has expanded far beyond the analogue days of just recording and/or monitoring screens. The capabilities of surveillance technology today extend to black screen monitoring with ...

Read more...
The future of the surveillance channel
Duxbury Networking Technews Publishing Elvey Security Technologies SMART Security Solutions Surveillance
The video surveillance market has evolved from camera-based specifications to integrated solutions that solve customers’ problems. Moreover, the growth of AI and cloud has changed the channel even more, with more to come.

Read more...