During an era when physical and cyber security programs at a company are ever more integrated, it means that physical security teams will face more scrutiny and accountability from IT teams. It’s something that a firm’s physical security leaders need to be aware of as they devise strategies for their companies.
Roy Dagan CEO and co-founder of SecuriThings, writes about this in a SecurityInfowatch.com article — “Is your physical security tech stack ‘enterprise ready’?” Given the fact that physical and cyber are less siloed, physical security professionals have to make sure they are as on top of modern Internet-centric protocols.
“The integration of physical security into the IT infrastructure means that physical security teams are now subject to greater scrutiny from IT professionals, auditors, and other stakeholders,” Dagan writes. “As a result, physical security is expected to meet the same enterprise-level standards and practices as those in the IT field. This places pressure on vendors of physical security devices to ensure their products are fully compliant.”
He highlights ways physical security teams can become IT review ready.
This involves making sure device information is “accessible for monitoring purposes,” meaning that information like current firmware version, projected end-of-life, and warranty details, among other important data, is made capable of easy review.
Dagan also writes that physical security teams have to “identify specific attack surfaces of physical security devices and systems,” ensuring all important information is available for IT review to address any potential vulnerabilities and cut them off at the head. Complementing all of this is the fact that physical security managers must conduct health and performance monitoring across all devices and systems.
“Accessible performance data should include CPU usage, network utilization, RAM usage, PoE consumption, etc. Careful monitoring helps IoT devices maintain sufficient memory and power to perform their tasks 24/7. This requires real-time device accessibility for ad hoc monitoring, and advanced tracking and alert capabilities,” he writes.
Users of a company’s systems have to allow remote password management, the ability to upgrade firmware remotely, and maintain security certificates automatically.
Finally, Dagan writes that physical security experts have to shore up devices against newly emergent threats and standardize audits and technical logs for all devices.
“Physical security departments should screen potential hardware purchases, confirming they have the eight capabilities above. When manufacturers design these features into devices, making them enterprise-ready, they help physical security protect the organization much more effectively,” he concludes.
Peter Cavicchia II 