Traditionally, the task of providing security to a business is charged to specialist employees, either in a physical security department or a cybersecurity department. But this division is fast becoming obsolete, and the answer to evolving threats may lie in security convergence.
What is security convergence?
Security convergence is the practice of an organization combining its physical security and information security. For the longest time, companies have kept these two functions in separate teams, or “silos,” which ironically has left gaps that attackers can utilize.
Security convergence aims for a more holistic solution.
The USA’s Cybersecurity and Infrastructure Security Agency (CISA) defines security convergence as “a formal collaboration between previously disjointed security functions.”
CISA strongly advocates for security convergence, noting that “organizations with converged cybersecurity and physical security functions are more resilient and better prepared to identify, prevent, mitigate, and respond to threats.”
Pooled knowledge, resources, and data from previously disparate teams create a unified response. The Command structure is also simplified, and there’s less risk of the two departments seeking their own goals over the business.
The need for security convergence in 2023 and beyond
Organizations have become more dependent on technology for their business than ever before. The arrival of the Internet of Things (IoT) has only accelerated this movement. Unfortunately, this also means that security threats now transcend familiar domains.
CISA confirms that “the adoption and integration of IoT devices has led to an increasingly interconnected mesh of cyber-physical systems which expands the attack surface and blurs the once clear functions of cybersecurity and physical security.”
The agency further notes that “a successful cyber or physical attack on industrial control systems and networks can disrupt operations or even deny critical services to society.” As our technology evolves, so does the danger that comes with it.
It is estimated that by 2030, there will be around 50 billion connected IoT devices. However, response to the possible risk has been slow. Only about one-fifth of organizations in the USA, Europe, and India say they have fully converged physical security, cybersecurity, and business continuity.
Factors driving security convergence
All is not lost, as more corporations see the benefits of security convergence. Circumstances may also force businesses to upgrade and converge to overcome stronger threats.
Synergy and clarity
Security convergence creates a much stronger security system overall. It doesn’t just bring together strengths but also complements them, as experts cover each other’s weaknesses and share knowledge.
Security gaps are covered because one team handles all security, leaving less room for role confusion.
Smart devices like phones aren’t as special now, as the IoT also connects doors, factory equipment, vehicles, etc. The line between the security of these things is disappearing, and attackers are adjusting.
Attacks are increasingly becoming combinations of physical and cyber techniques. Companies can apply security convergence to combat them.
A secure environment is where business operations thrive. It’s simply good business sense to update. Customers see this as a brand that values data protection, and the teams themselves become valuable by learning new skill sets and becoming more equipped.
Security convergence leads to lower costs by eliminating redundancies. Automation reduces the number of people in a security team by having fewer people instead of having multiple roles.
Security vendors are also converging, as today, many handle both jobs in the physical and cybersecurity sphere.
Streamlined onboarding and offboarding
New employees will require access to multiple assets to do their work. Failure to onboard them properly will result in risks to security and company information.
It’s the same with weak offboarding. Employees may leave with company assets or access to enterprise systems. The worst-case scenario is this data could be sold to competitors.
Security convergence methods
Achieve a successful security convergence through the following methodologies:
Install access control
Installing integrated access control and video security will provide immediate protection to sensitive information. It’s an element of physical security that can be used to protect digital assets.
Through this, security teams can monitor who accesses data sites, and any unauthorized presence will alert them at once. The entire process is streamlined and made more efficient for security convergence.
Mobile credentials are becoming popular as most people own smartphones. Due to the effects of the pandemic, a touchless method also adds convenience and safety. Security and IT teams need only set up credentials that new employees can access on their phones.
A warehouse security system is also recommended. This system enforces security measures and integrates with other cyber and physical security tools.
Integrate policies and systems
As physical and digital security become less distinct concepts, it makes sense to merge the corresponding security teams. The advent of cloud-based technology brings many threats and gaps in protection for divided teams to handle.
Your new integrated and converged security system should contain both physical and cyber systems. Doing so will allow you to leverage data together for a more comprehensive security operation.
Implement best practices
A successful cybersecurity and physical security plan involves awareness of both strategies. Employees with access to sensitive information must be educated on both best practices.
Here are some best practices companies implement when converging their security systems:
- Revisit how your security teams organize at a high level and identify gaps that could be solved with streamlined avenues of communication.
- Conduct a security assessment to identify vulnerabilities, whether by yourselves or a third party.
- Make sure software and hardware are regularly patched and updated. Company devices like employee laptops require cybersecurity installations.
- Educate employees to be aware of and critical of phishing scams, malware attempts, and ransomware.
2. Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P. and Sikdar, B., 2019. A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access, 7, pp.82721-82743.