Going, going, gone are the days of closed, proprietary systems and devices in access control. Due in part to the increasing sophistication of hackers, cyber security is a reality that every enterprise across each vertical must not only take into consideration, but incorporate into its overall security strategy and plan. Adequate network protection is clearly a need with corporations across the globe facing cyber vulnerabilities before and after data breaches, but also necessary is physical security. Therefore, it is imperative that critical security decisions be made from a stance of in-depth understanding of intricate threat matrixes in which physical and IT security infrastructures easily collide. This has caused corporations and businesses to lean heavily on CSOs and CISOs.
CSOs have the crucial task of addressing the security needs and challenges for businesses, and clearly communicating these efforts with senior management, while a CISO bears the duty of structuring IT security initiatives through employee awareness programs, software and network protection and secure, mobile enterprise objectives. CISOs are often seen as having siloed control over information security, while physical security leaders have control over facility security. Unfortunately, this can lead to finger pointing in the event of a security breach.
Cyber threats of varying degrees abound as do physical security threats, and criminals are becoming more and more sophisticated by the day. An interdependency between cyber and physical security does in fact exist, meaning each relies on the other for overall success of security efforts. Think of it this way: attackers who are able to gain physical access to a company’s computer can almost always take advantage of this to exploit data by plugging a memory device into the physical computer terminal.
It is impossible for CSOs and CISOs to each be experts in the other’s respective field, so they must learn to form relationships, work together and co-exist within organizations. Both should be dedicated to learning each other’s culture and leverage their knowledge and departmental expertise to focus on physical security as well as risks to actual data. To make the collision of responsibilities for CSOs and CISOs easier, closed, proprietary access control systems and devices are being replaced with IT-centric, unified identity management solutions that eliminate segmentation and incorporate the IT department.
After all, CSOs and CISOs are indeed fighting the same battle: that of a changing security landscape.