THE BENEFITS AND BEST PRACTICES OF PHYSICAL AND CYBERSECURITY CONVERGENCE

What is security convergence?

Physical security and cybersecurity have traditionally been treated as different roles; however, the rise of interconnected systems is driving the need for these previously siloed teams and systems to work together. 

Security convergence (or converged security) is the approach of integrating cybersecurity and information technology strategies with physical security measures to increase awareness and strengthen protection of facilities, people and data in a holistic way.

In other words, converged security combines the efforts of safeguarding physical assets, such as by limiting access, installing video surveillance and using intrusion detection, and protecting digital assets like computers, networks and applications. 

As more physical systems now rely on Internet connectivity and local networks to operate, with IoT integrations and cloud-based systems among the top 2023 security trends, security convergence is more important than ever. The changes in the way businesses work, together with greater use of public cloud, highly connected supply chains and use of cyber-physical systems have exposed new and challenging attack surfaces, which leaves organizations more vulnerable to attack. Going a step beyond traditional approaches to security monitoring, detection and response can help manage this wider set of risks.

One of the key pillars of security convergence is that both the physical security and cyber security teams within organizations share an objective — to secure critical assets. Although the two teams approach this goal from different perspectives, organizations can achieve the maximum level of protection by converging teams and systems.

However, it’s important to note that the goal of security convergence is not to combine two security departments into one. Instead, converged security should create a policy that combines the efforts of both departments to ensure they are prepared to work in a unified way to prevent and manage threats and provide the organization with a consistently comprehensive view of its overall security.

Developing a security convergence strategy

Successfully implementing security convergence in an organization starts with a detailed plan that takes into account all the systems, teams and threat responses already in place, and defining new goals that combine all those efforts. CISA recommends three integrated phases to security convergence that can overcome those barriers:

• Communication — In this phase, teams review leadership roles, establish a convergence team and enable information sharing. They also involve senior executives in the plans to gain their commitment to convergence.
• Coordination — At this stage, security leaders formalize convergence team roles and responsibilities, identify linked assets that are vulnerable to both cyber and physical threats, conduct a vulnerability assessment and carry out gap analysis.
• Collaboration — The convergence team can then prioritize improvements, develop joint policies to minimize risk and align strategies going forward.

Barriers to security convergence

Despite the strong case for convergence, a recent study found that not all organizations are prepared to make this organizational adjustment. The greatest difficulties in rolling out converged security strategies typically center around:

• Dispersed business locations and teams 
• Budget constraints
• Personnel or skillset issues
• Confusion over roles and responsibilities

However, the benefits of rolling out converged security can far outweigh the initial challenges, especially with the proper planning and execution.

Setting goals for security convergence

It’s important to set strategic goals for security convergence so that all stakeholders, including senior executives, buy into change. Key goals include:

• Develop a stronger security posture: The most important aim is to eliminate information gaps that attackers can exploit by improving visibility into all risks, particularly in interlinked applications. Increased visibility will enable teams to predict threats more easily and respond proactively before they escalate. 
• Improve crisis management: The increasing level and complexity of security attacks means that organizations face challenges on many different fronts. The aim of convergence is to enable security organization teams to manage crises in a more coordinated way and avoid the risk of oversight in areas where physical and cybersecurity intersect.
• Strengthen business continuity: Security risks are also business risks. Any type of breach can affect business continuity and damage company reputation, which can lead to loss of revenue and customer confidence. That makes assured business continuity an important goal for security convergence.
  Increase knowledge transfer: A longer-term aim of security convergence is to develop broader skills in the security team. Increased communication and knowledge transfer can help accelerate that process and build well-rounded security skills.
• Improve efficiency and lower costs: Through convergence, organizations aim to improve efficiency by eliminating duplication of effort and reducing the time spent dealing with crises that could have been avoided through shared intelligence. Converged teams can also reduce costs by standardizing on common security tools.

Information sharing is key

Information sharing is also critical to a successful convergence strategy. As proactivity and efficiency are core goals of security convergence, many organizations leverage the immense amount of data produced by their IoT and cloud-based solutions for actionable intelligence. 

Smart access control systems, for example, provide security teams with comprehensive data on access to campuses, buildings, restricted areas and infrastructure, plus insights into movements within an area that can help security teams detect unauthorized entry so they can respond to physical threats. The data from access control systems also enables teams to identify unusual patterns of behavior, which may represent potential threats that require a proactive response. 

Cybersecurity teams also receive regular threat updates as well as recording data on attacks or hacking attempts. Bringing the two sets of data together gives the converged teams a 360-degree view of threats to the business, eliminates gaps in situational awareness and provides a holistic picture of security threats at every level.

Best practices for converged security

To successfully implement a physical and IT security convergence strategy, it’s essential to follow recommended best practices: 

• Implement consistent security policies. As well as sharing threat information, both teams should develop joint policies that ensure consistent, integrated standards of security across the organization. The policies should be communicated to employees and backed by security awareness training throughout the organization.
• Deploy access control, video surveillance and motion sensors for any space that houses sensitive data, proprietary information, or personally identifiable information (PII). 
• Ensure that both internal teams and security system providers adhere to best practices for cybersecurity, including using multi-factor authentication (MFA), least-privilege access models, stringent data storage and retention policies.
• Maintain active system monitoring and threat detection, and carry out frequent vulnerability testing.Leverage data compiled from integrated systems for a more complete picture of security posturing across the entire organization. 

Leveraging cloud-based solutions for converged security management

There’s a reason cloud-based solution adoption and security convergence are both rising trends across industries. Convergence can progress more smoothly if security teams use the cloud for managing both cyber and physical systems. 

• Less on-site management: Because cloud hosting companies can manage, maintain and upgrade the software for both security functions, this frees up security teams to focus on developing convergence and progressing other strategic initiatives. 
• Greater integration capability: Most cloud-based systems support open architecture, making it easy to integrate disparate physical and cybersecurity systems and software into a single seamless solution that can be managed through a single dashboard. 
• Remote operation: The cloud also offers security teams the flexibility of remote management, which helps solve for the frequent challenge of managing converged security across many dispersed locations. Teams can monitor security from any location, such as responding to access requests, making changes to permissions and responding to alarms and notifications even when they are not on-site. 
• Easier to scale: Cloud-based solutions can also eliminate the barrier of scaling operations up or back. If increasing threat levels mean coverage has to be increased, additional security cameras, sensors or secured access points can be managed from the cloud without adding dedicated infrastructure.

How Security as a Service (SECaaS) simplifies convergence management

Cloud enablement can also support Security as a Service (SECaaS), which can help to accelerate security convergence by managing both physical and cybersecurity through third-party Security as a Service providers. 

What is a Security as a Service model? 

Security as a Service in cloud computing is an outsourced service that enables internal teams to use advanced security tools through a single dashboard while the service provider manages the systems.

Security as a Service or SECaaS is an umbrella term that incorporates other more specific services, including Physical Security as a Service (PSaaS) and Endpoint Security as a Service. 

PSaaS providers take responsibility for day-to-day management and updating of security hardware such as video cameras, sensors, electronic door locks and access control systems, while internal teams can manage security functions such as user access levels, issuing guest passes or accessing security data and video footage. 

Security as a Service providers can offer many different categories of service, including network security, vulnerability testing, data loss prevention, continuous monitoring and identity management, among others.

Why should businesses consider working with Security as a Service provider? 

Adopting SECaaS provides internal teams with a wide range of benefits. They gain access to the services of highly skilled security professionals using the latest security tools. The services are available on demand so that internal teams can add services or scale up resources without delay or disruption. Using SECaaS for day-to-day security management frees internal resources, allowing teams to focus on strategic tasks. 

Because SECaaS covers both physical and digital security functions, the service can help support a security convergence strategy by providing continuous monitoring and complete visibility of any security events in a building or on the network.

Most Security as a Service providers operate on a subscription model, with varying tiers of service depending on the size or security needs of a business. The benefit here is that when needs change, it’s fairly simple to add or remove services to a SECaaS or PSaaS subscription, so you only pay for what you use. 

When selecting a Security as a Service provider, It’s important to ask questions and make sure they provide the services your business needs. Some things to compare include: 

• Quality of service provided
• Response times when an incident is detected
• Availability of 24-hour monitoring
• Coverage of both physical and cybersecurity functions
• The provider’s own security levels and protocols

Is your organization ready for security convergence?

It’s no longer a case of physical security vs. cybersecurity, but converging the two to form a future-proof security strategy. A converged security strategy can provide your business with a number of important benefits by strengthening security posture and eliminating any gaps in security coverage that attackers could exploit. Converged security is particularly important if your organizational systems feature a number of vulnerable areas where cyber and physical systems are interdependent. 

While there may be initial organizational or resource barriers to convergence, it’s important to remember that professional services are available that can work with internal teams to provide essential services and support so that teams can focus on convergence.