So reception allows the person in overalls to enter to fix the vacuum cleaner system. Without a trackable visitor’s badge, the unidentified person quickly disappears into the technical facilities.
The above hypothetical example demonstrates how physical and cybersecurity have become one. Indeed, today ‘corporate security’ is regarded as one concept, where the security of employees, premises, production, operations, and data are intertwined more than ever before.
“It’s clear that no modern CSO can work without information technology. IT is a part of all modern security systems, bringing together security areas which earlier were separate and distinct,” says TietoEVRY CSO Jari Pirhonen.
Treating different security disciplines as one is vital to ensuring an organization’s competitiveness and productivity.
Treating different security disciplines as one is vital to ensuring an organization’s competitiveness and productivity. But CSOs and CISOs everywhere face a complex challenge. As physical and cybersecurity merge, they must relearn certain aspects of their roles and responsibilities.
“With IT, security has access to the most modern security applications and potential: advanced analytics, machine learning, and pattern matching. Such technologies need a cloud platform to function. Which in turn means that cyber and physical security people need to work together to make it all function,” says TietoEVRY Lead Cloud Advisor PeteNieminen.
Two changing paradigms
With overall security being supported by myriad technologies and IT systems, the CSO needs to understand how they all work together.
Procurement also becomes more than simply weighing the merits of each individual piece.
“This is an area that needs further attention. Everything works in concert nowadays. When purchasing a new system, one needs to know what questions to ask the vendor to make sure it ties in with all the other existing stuff,” says Pirhonen.
Not only are systems merging, but the very things they protect are changing.
An increasingly remote workforce requires that an organization’s security scales with it, securing their people and the data they use and produce.
“This shift in the ways of working is redefining security from the traditional division between physical and cyber into a division between traditional and mobile ways of working,” says Nieminen.
The role of the cloud
As enterprises move greater portions of their IT infrastructure to the cloud, lots of data of goes with it. Understanding data’s critical nature, its classification and protection are more and more vital.
The public cloud is secure, no matter what sceptics are saying. However, only a few realize the nature of cloud security.
“The public cloud is secure, no matter what sceptics are saying. However, only a few realize the nature of cloud security. One can never outsource the final mile of security of the whole system the organization uses; it is up to the organization how to secure the multiple systems, which include both cloud and on-premise systems,” says Nieminen.
“Furthermore, the public cloud is in a constant state of evolution. One needs to consider how to stay on top of security and not permit the emergence of new attack surfaces in an uncontrollable way.”
Physical and cyber – equally important
As work used to be very strongly tied to a physical location, security was also very much on the physical realm. With the shift to remote and mobile work, the importance of data and interconnectedness of everything, cyber and physical security are merging.
With the shift to remote and mobile work, the importance of data and interconnectedness of everything, cyber and physical security are merging.
“Physical security will remain as important as cybersecurity. What changes are ways of working, the emphasis of things to be protected, and that physical security is moving into being provided by new technologies. All of these mean changes to the role of security and the CSO,” Pirhonen says.