Benefits of Converged Security for Business
Modern security threats target blind spots at the intersection between physical and cyber security. Security convergence is the approach to countering them effectively for your business.
If you go to work in a physical workplace, take a moment to visualize your entrance on any given morning. You get out of your car or public transit at the start of your workday and walk to your company’s building. On your way in, you pass a CCTV security camera and use your magnetic keycard to open the external door and again to access the elevator. You make it to your workstation, connect to the company wifi, and get to work.
This is a standard and familiar process for many, but at each of these mundane points, physical and digital security may be at risk. The keycard system can be tampered with by force or by cyberthreats. Keycards themselves can be stolen and used to gain access. Unauthorized actors could monitor or remotely disable cloud-connected internet of things (IoT) security cameras. And wifi networks have known vulnerabilities depending on their configuration. You might think that these security risks fall into distinct buckets—physical security and information security—but that siloed approach isn’t as effective against sophisticated attacks as one that practices security convergence.
What Is Security Convergence?
Security convergence is the integration of all types of security, both physical and cyber, under one umbrella.
Traditionally, physical security is handled by one distinct group within a company that oversees what most people think of when they hear “security,” such as guarding against intruders, fires, natural disasters, workplace violence, theft, and other scenarios that threaten the physical well-being of an organization.
Cybersecurity, or IT security, is tasked with performing a similar function but in cyberspace. Password protection, phishing defense, and network security fall to this group, often a part of the IT department’s response planning. This makes sense at first glance as cyber work is highly specialized, so many organizations silo all digital security within that department and do not cross-pollinate with others.
However, recent trends have shown this to be less than secure. As illustrated in the example above, these physical and electronic security systems interact so heavily throughout our workday that separating the responsibilities between two independent groups doesn’t make much sense. Security convergence happens when all of these functions roll up into one team’s responsibilities with a perfect, holistic view of the security landscape.
These days, corporate assets are increasingly information based. Even if the company in question is a physical manufacturer, it likely has digital tools and information that are critical to running the business—supporting production schedules, design documents, employee contact information, and more. When you used to store this information on paper in filing cabinets, physical security was the sole star of the show—but that’s no longer the case. Here’s how you can converge resources to make your approach to security more efficient and effective.
What Is a Convergence Risk Assessment?
You can use a risk assessment framework to examine your operations and determine what threats your organization is most and least likely to encounter so you can prepare effectively. Security teams can initiate a threat assessment for any portion of the business, but a convergence risk assessment is uniquely holistic. Traditionally, physical and cybersecurity silos within an organization could look at the same scenario and come up with different, or even conflicting, recommendations. A truly convergent risk assessment, however, unifies those two functions so that they can work in unison instead of in parallel.
Benefits of Converged Security
Security convergence is a relatively new concept in the business world. Still, there are already many known benefits of focusing on convergence in your own security efforts.
Strengthen overall security
Generally, the convergence of physical and digital business functions is a boon for modern business, but it can also leave an organization vulnerable if there are gaps in security preparedness. Without converged security efforts, malicious attackers are likely to exploit these gaps.
When security is converged, however, risk management can predict and protect against hazards by training employees to spot suspicious events and by enacting measures to prevent strange media from entering the secure internal network.
You might already train your employees to create strong passwords and identify phishing emails, but cyberattacks can also present themselves in the physical world. One infamous cyberattack strategy involves leaving a physical USB drive in the parking lot of a building. The attacker then hopes that a curious employee will pick it up, bring it inside the building, and insert it into their work computer, thus granting the attacker access to the company’s wifi network.
Improve business continuity
By converging multiple types of security and preventing a wider range of intrusions, companies can avoid business-stopping threats more reliably. Physical security and cybersecurity are important for preventing damage or loss to an organization, but they are also needed to keep the business running.
Often, intersections between information and the physical world are points of vulnerability. For example, a timekeeping machine where employees sign in and out of their shifts is likely connected to the internet for easy recordkeeping. However, while a physical security team would provide access control so no unauthorized people could use it and a cybersecurity team would look after the online recordkeeping software, there could be risks at the point in between. What if an employee made an error that cascaded to the rest of the system? Or what if an employee used a compromised keycard that allowed hackers an entry point? All of these things could easily damage or temporarily cease your organization’s ability to function.
Converged threats are more than just a hazard to your people, facilities, and assets—they are also a threat to the continued operation of the business as a whole. Hence, converged security efforts are critical to ensure business continuity.
Optimize cross-functional communication
Any security convergence effort hinges on efficient quality communication. Whereas in traditionally secured businesses, the various silos of a security apparatus communicate only within themselves, a converged security architecture must forge new avenues of communication.
The purpose is to break down the walls between various security functions and to allow connections between them. Security professionals such as CSOs, CISOs, loss prevention leaders, facility management, all of these departments, roles, and employees must come together to form new, converged security solutions to threats identified in your risk assessment. As this effort proceeds, it will become clear that the old way of delineating security responsibilities does not fully match the new security management protocol.
This is not to say that all security roles in an organization should be on a single coalesced team; that would likely be chaotic. Rather, a convergent security philosophy will enable security personnel to think about their role as a part of the whole instead of just a part of their security department. While doing so, they would be free to give and receive information from counterparts throughout the organization, becoming more aware of the business’s overall functions and increasing the ease at which security information flows.
The New Style of Security Operations
As the world has been integrating online capabilities into every facet of business, organizations are vulnerable to a wider variety of security threats than ever before. The old way of arranging security control systems hasn’t kept up with the new reality, but there is a way to adapt. A new, converged style of security organization can be the answer to this changing threat landscape for your organization.