Integrating Physical and Logical Security, Why Is It So Hard?


This entry was posted by on .
Integrating_Physical_and_Logical Security_Across_IT_OT_and SCADA

One of the most common mistakes in the view of integrating physical and IT security is not recognizing how a company’s charter impacts security in the company.

For example, take the charter of a software company.

What is the charter of a Software Development Company?

In a software development company programmers develop software that the company sells. This is the core function of the organization, and aligns with the company charter. The software development group will have a variety of tools used in software development, such as development interfaces, test and development servers, and other tools to help build products for the company.

Supporting, and parallel to the development group is IT. IT in this scenario is comprised of a help desk, server support, email, portal support, etc. IT is NOT the revenue producer for the company, and as such is not as influential as the development group when it comes to acquiring tools to secure the organization. Additionally, they may use many of the same tools as the development group to accomplish their specific mission, which is availability of services to the organization.

There are other functions in a company that are not the cash cow, such as HR, Facilities Management, Accounting, and possibly other non-revenue generating groups in the company. These other functions are recognized as critical because they help the company function by keeping things running smoothly.

Few companies actually see security as a critical function of the company

In a small business, where multiple roles fall to a single individual, it is not uncommon to have no dedicated security department. In today’s world, corporations can outsource so much of their business that they don’t have ownership of many of the things that keep them secure. An example is a small company based in a large multi-tenant facility. In this case, security is entirely outsourced.

As a tenant of the building, physical security is included in the general rent/community fee. This is similar to condo services where someone mows the lawn and maintains the buildings for you. Oh, and by the way, they also deal with the gates, guards, and cameras, or lack thereof. As a result, the typical small commercial company doesn’t even think of security. It is not something in the business plan.

The Gap in Security

How then is one to actually bridge this gap? Is it actually a gap? In fact, it appears not as a gap but a pure absence in business culture. Typical business management degree programs barely mention security, so it is not thought of as integral to the business. The issue as a result is that today’s companies have little foundation to embrace this discipline.

Even in the IT realm, IT and IT Security are not always happy bedfellows. It has taken decades to get IT as a business function to embrace security. The same amount of time has passed in getting software developers to design security into their developed products. In the physical security industry, only in the past few years have physical access control and CCTV systems begun to support IP networks and systems integration.

It is encouraging to see how many companies now offer products that integrate well. While there are still going to be certain logical silos, it is easier than ever to bring certain services from one discipline to the other. Products remain purpose built, and should, to be as effective as they can in their specific functions. By creating the best purpose built products, like building controls, camera systems, production systems, and companies can maximize their effectiveness and efficiency.

Tools like those offered by AlertEnterprise allow companies to actually bridge that gap, allowing independent companies to leverage security practices across multi-tenant facilities, across corporate functional silos and across disparate technology solutions.