Physical/logical convergence

Access & Identity Management Handbook 2019 Editor's Choice, Information Security, Integrated Solutions, Infrastructure

The question of convergence is nothing new to the physical security industry. It wasn’t too long ago that surveillance technologies converging onto the IP platform was the thing everyone was talking about and we have since seen a massive shift from analogue surveillance to IP-based surveillance – although analogue is far from dead. Similarly, we have seen almost all the areas of the physical security industry moving to IP as a way to better control connected systems and integrate with other products.

Today, however, we are seeing a new convergence game in town, one that will have a far greater impact than IP convergence ever had. One of the reasons for this is that nothing in this industry will remain unaffected. The convergence between physical and logical (or cyber) security will be a game changer, not simply as a result of new technologies available and new skills those in the industry will have to learn, but because it will change the way we do everything, from planning to design and all the way to installation and maintenance.

Another enormous challenge will be getting physical and logical security people and departments to work together and speak the same language. At the NEC XON summit at Sun City this year, Bertus Marais, divisional GM of XON Safety & Security, noted that the convergence of physical and cybersecurity is already a reality in many organisations. He noted that companies today are demanding a holistic view of their security operations and if the two worlds are separate, that simply leaves a gap in your security posture.

Everyone is involved

Roger Truebody.
Roger Truebody.

Roger Truebody also notes that physical/logical convergence is a discussion more people are having, but he says, it is a very difficult topic to deal with as a generality. The discussion is definitely growing, but the level of the discussions vary from industry to industry, and in some cases, company to company.

Those who see security as important to their future business success are further ahead of the curve due to various pressures they find themselves under, as well as past experiences of losing access to their systems (and hence losing money) due to a cyber-attack. Truebody adds that the point of contention in almost all discussions is not technical or skills related, but cultural.

The ‘IT guys’ and the ‘security guys’ have different priorities, personalities and challenges, and very different working cultures – even those working in the same company. Overcoming these differences is where the hard work starts.

Mark Walker.
Mark Walker.

Mark Walker, associate vice president: sub-Saharan Africa at IDC Middle East, Africa & Turkey, agrees, noting that the current allocation of duties among the physical and logical teams are still very much in their silos and the teams have a singular view of their tasks and roles in the organisation. He says it is also a question of turf, especially among senior people who are worried what may happen to their position if the silos converge.

What’s needed from both sides is a broader view of the business, adds Walker. Security personnel should start looking at security from a business and user point of view, expanding their concept of security to incorporate the whole business. To use a familiar term, he says they need to look at integrating all their security systems and platforms into a holistic enterprise solution. This will include everything, from data and network perimeter protection, through to facilities management and surveillance, and all the way to integrating the latest artificial intelligence (AI) solutions – such as predictive and/or behavioural analytics.

Starting the process

No matter the challenges, the convergence process is not one that will go away and companies that delay starting will only see their people, assets and systems more vulnerable and more targeted by more sophisticated attacks – because they are easier targets. Truebody says the starting point is to first sit down, talk to each other, and develop the will to make convergence happen.

Once you know that it is going to happen and have buy-in from everyone concerned, you can then start with a risk analysis that does a full audit of your physical, logical and business security risks. In a nutshell, Truebody says that once identified, you can then go further with impact analysis and so forth, developing integrated prevention, protection and recovery strategies.

However, he warns that while it may look good on paper, if the will and buy-in is ­missing, it will not happen as convergence is a significant clash of culture and ego – who is going to be the boss of the converged security department.

Walker echoes these sentiments, noting that getting the two cultures working from the same scorecard is the first challenge that has to be overcome. The parties need to get talking and raise general awareness at the top about the enterprise’s holistic security challenges.

The next step is to continue the communications while also acknowledging the scope of the task ahead. Then comes the strategy to converge the security function into one and the challenge of putting it all under one executive – a chief security officer (CSO) or someone with authority to speak to the board.

Walker also recommends that automating as much of the converged security function as possible is critical in terms of getting the best results, as well as streamlining integration challenges.

Small wins

While the convergence of physical and logical security is a complex operation and the chore of getting people from different cultures to work together is enormous, companies can also go for smaller wins to prove its effectiveness.

As an example, Marais said this convergence can simply be an application that logs your computer off, or activates a screen lock when it sees you are no longer sitting in front of it. This combination of physical and cyber is simple, but it can prevent unknown people using your computer, prevent ‘over-the-shoulder’ password stealing and even be integrated with physical access control in order to prevent you from logging onto your computer if you haven’t entered the building (or a trusted location). Similarly, if it notices you have left the building or your area of work without logging off, it can do so for you.

Vernon Fryer, CISO and GM Cyber Security at NEC XON, provides an example of convergence happening in some Cyber Defence Operation Centres (CDOC) NEC XON runs in South Africa and further up on the continent.

These CDOCs are examples of convergence in that one of their functions is to monitor IoT devices, which includes security systems, such as surveillance cameras and other electronic readers or sensors. The central server automatically monitors any number of devices over time and creates a base line of various data points. Should any of these standard readings change, the control centre is immediately alerted that something has changed and operators can investigate.

The readings under scrutiny include almost anything, and range from a simple change in state (from on to off, for example), through to changes in the firmware (in case malware is installed as happened in the Mirai botnet attack), to changes in a device’s configuration or if a device is accessed from a strange IP address.

Any changes are noted and investigated by the CDOC personnel, thereby ensuring the cybersecurity of physical security devices and other IoT systems. This relieves pressure on the operators and makes sure these devices remain in working order over the long term. Another integration Fryer says the CDOCs can perform is to integrate social media feeds to pick up trends, as well as to identify people caught on camera from pictures on their social media feeds.

One article can’t cover the full scope of the convergence between physical and logical security, but it is clear that this is a task we need to get to grips with. Physical security experts have to adapt to the IT world and all that entails, including learning the language and customs of what can be a completely foreign culture in the office next door. The result of this convergence will be a complete security strategy that protects organisations on all fronts from threats that are only increasing in size, scope and sophistication.



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SMARTpod talks to Armata’s Richard Frost
Technews Publishing SMART Security Solutions Videos
SMARTpod, the podcast by SMART Security Solutions, recently spoke to Richard Frost from Armata about the company's new 'all-in-one' cybersecurity bundle designed to relieve cyber stress in the SMB market.

Read more...
Here’s to a SMART 2025
SMART Security Solutions Editor's Choice News & Events
This is the final news brief from SMART Security Solutions for 2024, and the teams would like to take this opportunity to thank our readers, advertisers and partners and wish everyone a safe and secure festive season.

Read more...
Threats, opportunities and the need for post-quantum cryptography
AI & Data Analytics Infrastructure
The opportunities offered by quantum computing are equalled by the threats this advanced computer science introduces. The evolution of quantum computing jeopardises the security of any data available in the digital space.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
Axis introduces ACS Edge and cloud storage
Axis Communications SA Surveillance Infrastructure Products & Solutions
Axis Communications has launched two new solutions within the AXIS Camera Station ecosystem, AXIS Camera Station Edge (ACS Edge) and AXIS Camera Station Cloud Storage (ACS Cloud Storage).

Read more...
Physical security technology trends to watch in 2025
Technews Publishing News & Events
There are some exciting developments and significant changes, some technical and some operational, taking place in the market that security professionals should be aware of as they plan for the year ahead.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
AI-powered automation for an operational efficiency edge
Editor's Choice AI & Data Analytics IoT & Automation
In the fast-moving world of digital transformation, businesses are under immense pressure to accelerate their operations and adapt quickly to stay competitive in an era dominated by AI and technological advancements.

Read more...
2025 Southern Africa OSPAs entries now open
Technews Publishing Editor's Choice News & Events Training & Education
Entries are now open for the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs). The OSPAs are designed to be both independent and inclusive, providing an opportunity for outstanding performers, to be recognised and their success to be celebrated.

Read more...