Implementing A Converged Physical and Logical IT Security Strategy
Trends in Convergence
One of the most importand trends in security is convergence, the merging of physical and logical access to corporate facilities. Therefore, new-generation equipment and software combine the monitoring and management of physical and computer security. As a consequence, employees will use only one employee ID to access the buildings and equipment.
This requires a holistic approach to information security – analysing risk and security across the organisation to ensure that users follow policy across both physical and network access. This converged approach to security addresses issues that cannot be met by physical security or IT departments working in silos, but instead has them working together.
In a converged security world, the over-riding concern is that users conform to the organisation’s overall security policies – examples of this can include preventing ‘tailgating’, where users don’t badge into the organisation’s building access system and follow other members of staff into the premises. Converged security systems can also be used as part of an overall deprovisioning strategy – if a user’s IT access privileges are tied to their building card, taking this card away from them can effectively stop an ex-employee getting back into systems after they have left the premises.
Main points of this panel discussion:
- Drivers for change – regulation of access across both physical and IT worlds; the need to manage internal access
- Compliance – the need to prove that security policy is enforced
- Defining policies in a converged security environment
- Linking physical access to network security – single sign-on, strong authentication, integration with physical security systems
- The role of converged security systems within overall security strategy
- Moving from IT security to information security – the role of physical and IT security policies within an overall framework