The Nuances of Information Security and Privacy

By Leon Ravenna, CISO, KAR Auction Services, Inc.

The Nuances of Information Security...

 Data Security across the Enterprise

By Kas Nader, CIO & SVP of Global Technology,...

Data Security across the Enterprise

Software-Defined Security: The Missing Piece in Your SDDC Strategy

By Shishir Singh, VP, Network Security, Intel...

Software-Defined Security: The...

Establishing a Best-in-Class Global Security Infrastructure

By Tim Callahan, SVP, Global Security and Global...

Establishing a Best-in-Class Global...

The Key to Fighting today's Security War

By Jamie Smith, CIO, University of Phoenix

The Key to Fighting today's Security WarJamie Smith, CIO, University of Phoenix

As the old adage goes, “War never changes.” While that may be true, war does evolve and those who do not evolve with it become extinct.

This is especially true in the war for enterprise security. Organizations of all shapes and sizes, across all industries, are fighting a constant security war–both physically and digitally. This war is not new and the end user has not changed, but the way in which the war is fought has.

Today’s security threat landscape has evolved and criminals’ tactics along with it. Every security asset now falls under both the physical and information security teams. Internet of Things, connected devices, and smartphones are now terms in both teams’ vocabularies. Fleets have become rolling data centers, critical systems on wheels. Protecting these assets is the responsibility of both groups.

More than just tangible assets have changed. Today’s employees are essentially sensors. Security teams understand where they are and what they are doing and can protect them, but now they also must consider the cyber vulnerabilities they present. Through corporate laptops and phones, employees now have microphones, cameras and other things to protect on that endpoint.

Physical and information security have become so intertwined that it can be difficult to tell them apart, yet collaboration and collocation remain a key hurdle for organizations. This is where security teams fall behind in fighting today’s war.

For years–even today–many organizations employ separate physical and information security teams.

 Despite working toward the same shared goals and objectives, physical and information security teams often work in separate locations and may not completely understand the other’s world.

CIOs and CISOs have to understand that users are getting phished every day and that cyber threats are becoming more sophisticated. This includes understanding behavior and the convergence of behavior and being able to tie that all together in one place. Reaching this goal can be accomplished through collocation of teams.

A great metaphor of the need to converge today’s physical and information security teams is the failure of the Maginot Line. After the First World War, France built a massive and intricate series of bunkers to form an impenetrable border. At the onset of the next military conflict, this seemed like a plausible and effective defensive solution, because the last war contained a very slow-moving threat. However, in World War II, the enemy just drove around it or flew over it. Clearly, France was fighting the last war.

Despite working toward the same shared goals and objectives, physical and information security teams often work in separate locations and may not completely understand the other’s world

Similar to how France’s defensive border fortification became a liability as war tactics evolved, the archaic idea of separate physical and information security teams leaves enterprises vulnerable. Simply put, information security isn’t about defending the perimeter anymore. It’s understanding that the war on security has transitioned from a slow-moving threat to a dynamic, fast-moving environment.

Because of the external threat environment, organizations have no choice but to combine physical and information security team and cross-train them to understand each other’s responsibilities. It’s much more important for employees on both sides to speak the same language and work together.

This whole notion of having separate dashboards and reporting tools and these bespoke physical security systems really does not make sense anymore in today’s world. As much as possible, security leaders must physically collocate the teams and ensure that they are cross-trained. We know there are not enough security professionals today. Therefore, in order to protect enterprises, security teams have to be built by combining the knowledge and skill sets of both groups.

The physical security teams have to be much savvier on what it means to live on a network, know how to cooperate with that and put telemetry in there that doesn’t cause issues. Similarly, InfoSec should learn what it means to do closed support. By doing this, employees can become T-shaped resources that are broader than their one deep area of expertise. This shared knowledge allows for better communication and more effective security solutions.

Culture is also an important factor in successfully collaborating and collocating teams. Teams have to want to collaborate. Culturally, they should understand, with empathy, each other’s worlds and backgrounds. The cultural hurdle can be difficult to overcome, although, once people are located in a shared space and focus at the same thing, they can overcome a lot of the initial obstacles and turbulence.

Whether ready for it or not, security organizations today are charting a path in creating collaborative, collocated teams. It doesn’t really exist, but it is going to exist soon. It is vital that leaders respond and build that well-rounded professional. At the end of the day, being just in one of those two camps is not enough based on where the threat environment is.

We cannot keep physical and information security separate anymore. Companies must make sure they are not fighting the last war.

 

Hiding in Plain Sight: The DNA Molecule as Next-Generation Cyber-Physical Network Security

By Judy Murrah, CIO, Applied DNA Sciences Inc

Hiding in Plain Sight: The DNA...

When Physical Security Meets Information Technology

By Anthony Joy, CIO, Cleveland Metroparks

When Physical Security Meets...

Leveraging Digital Monitoring to Boost Physical Security Efforts

By Lawrence Mallory, Director, Physical...

Leveraging Digital Monitoring to...

The Modern World of Data Centers

By Keith Engelbert, Chief Technology Officer,...

The Modern World of Data Centers

follow on linkedin follow on twitter Copyright © 2019 www.enterprisetechnologyreview.com All Rights Reserved | Privacy Policy
Top