Questions? Contact Us

 

Latest News

Featured News & Events

What is gained from Cybersecurity and Physical Security Convergence?


It amazes me that I still sometimes hear people talking about cybersecurity (logical security) and physical security as if they're separate issues to address and manage. Today, in our connected world, that's not the case at all. Our digital world has produced a convergence of physical and logical security that brings value to how you protect your most valuable assets, both in business and at home.

First Things First

You absolutely need both. You wouldn't protect your computer from malware and not lock the front door of your house. And on a business level, you can't address PCI compliance, by simply encrypting cardholder data, setting up secure systems and controlling digital access to data. You also must protect access the physical components containing cardholder data such as storage media, point-of-sale devices, laptops, data centers, and buildings and rooms that contain cardholder data, etc.

Over time, it became clear that linking physical security with logical security was the way forward, whether we're talking about the Ring phenomena, which essentially turned the doorbell into an Internet of Things, WiFi home security system, or the badge system to get into an office or building.Linking logical with physical offered businesses several opportunities for added value in the areas of reduced risk, improved efficiencies and reduced operational costs.

Where's the Value?

A starting point for any security strategy designed to reduce risk is a risk assessment, which ultimately identifies the most important assets that need to be protected and where they are located. For example, if you're a business that has cardholder data to protect, one element of your security system must be controlling access to the data at both the physical and logical level. To address this, you can incorporate multi-factor authentication which means to access the data and the resources it's stored on, you must have something – such as a badge to enter the building and the data center itself. You also must have something you know – such as a password that grants access to the network holding the cardholder data.

This blend of physical and logical security greatly reduces risk of data loss by strongly controlling access to the information on multiple levels with a single system.

The convergence of physical and logical security also can greatly improve operational efficiencies. One of the best examples of this is the provisioning and deprovisioning process for employees. With single source of truth to manage identities, employees can get everything they need to be productive for the business quickly – whether it's a badge for building access or access and authorization to use various applications and IT systems within the company. More importantly, when there is a termination or a change in roles, that employee's access can be revoked or changed quickly to help ensure security of both the physical and the digital / logical assets.

Finally, operational costs can be streamlined when physical and logical security blend. For example, security operations teams can be cross-trained and duties shared; it's easier to negotiate budgets and have a holistic view of short-term needs and what could be moved to the next budgeting round; and information sharing can improve insight for a "big picture" view that could be more informative and telling than if the physical and logical systems were siloed.

If you examine your security initiatives, you're sure to see a convergence of physical and logical. Take a closer look and assess what you're doing to make sure you're getting all the value you can from where you've blended security. Questions? Need a consultation? Contact us.  

Tips for Optimizing PCI Compliance
ZZ Servers Announces Phase One of Scalable Redunda...

Related Posts

 

Tag Cloud

members area recovering data Alarm ZZ Servers search infrastructure computing in the cloud data protection CentOs passwords eCommerce education vyatta router firewall filter security PCI HIPAA support Internet Corporation Sysadmin bash Business Solutions management Health Care Cybersecurity business solutions cyber monitoring computer networks personal information businesses multi-factor authentication follow.The HIPAA Privacy Rule employee training DEF CON black friday cloud HIDS logical security phishing Ubuntu ICANN cyber liability insurance phishing attacks Disaster Recovery Plan teensy business Geekend Charleston IT Solutions motivation Small Business ipad Compliance video BSides Zendzian health care providers dsbl shared hosting Accountability Act physical Car Hacking physical security PCI Hosting embedded shared folders windows 7 small business Debian PCI compliance Healthcare Records Credit Card Security business community Scalable Redundant Cloud Infrastructure IT services mail server Online Business Security SSL anti virus spf Continuous Monitoring TLS Positive Customer Impact credit card Medical Solutions shared secure hosting INFOSEC World Backup Day data privacy Payment Card Industry email accounts hosting control panel credit cards stolen activesync Interworx-CP computer security ZZ Servers Co-Founder Announcement security circles HIPAA solutions permissions Cybersecurity malicious software IT solutions Medical Records log files Internet Business Planning compliance Reports change Las Vegas National Cyber Security Awareness Month cyber protection Health Insurance Portability intrusion detection Server Mangement network lamp trends IT security iphone HIPPA DRP Cloud Computing IT Services business solitions Shmoocon arduino caller-id smartphone Presentation shared server TiaraCon David Zendzian PCI Data Security Standards dss Information Technology IT security command line cyber monday HIPAA Solutions PCI Audit GDPR cyber PCI Compliance Web Hosting Email assesment Assigned Names apache Cybersecurity Business Solutions vps spoofing Control Panel InterWorx OSSEC Vulnerability Credit Cards openssl Domani Names PCI information technology PCI Solutions Firetalk backup solutions HIPAA amazon ec2 exchange social engineering PCI Service Provider credit card payment password VPS Servers healthcare solutions Internet infrastructure PCI DSS 3.2 two factor authentication vulnerability scanning Xen cloud infrastructure spam qsa Home Depot Breach cli protect data compliant hosting Windows cybersecurity Hackers Linux Hosting data breach safe computing pci complliant hosting cyber security QSA sender policy cell phone email blackberry eCommerce Solutions kerio