IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Defining physical and logical security and how they can be integrated is a massive undertaking, because any attempt at a definition can cover so many different areas of technology, policy and best practise. It will also depend on the level of commitment and understanding that individual organisations have already invested in managing their security across both physical and logical access.
Building up understanding about integrated security currently involves speaking to different communities of users, and this is down to how organisations divide their security responsibilities: often the facilities and physical access will be handled by one part of the organisation, and security for logical access and the network will be the responsibility of the IT team. Getting these two teams to speak to each other will be as important as any act of integration between vendors or guidelines that are published. The BSIA’s guide has covered a lot of ground from the physical access perspective around integrating different physical security systems into one cohesive system. The next stage in this process will involve the IT security industry as a whole responding to this step along the road to truly converged security, with one central point of control across both physical and logical access.
There are a number of gaps still to be filled within this framework: integrating physical and logical access goes beyond using a single smart card to hold credentials for accessing multiple systems. Completely integrating logical and physical security policy involves the IT security and physical access systems being able to interrogate each other and define access based on user status and location. Converged security ultimately comes down to being able to classify user behaviour and create policies for employees to follow across both IT and physical access.
An example of how converged security can work is tailgating: this is where a user follows another employee into the building, but does not sign themselves into the physical access system. At present, this employee could log-in to the IT network, and there would be no record of their entry into the premises – causing gaps in overall security, increasing the potential loss of corporate data, and/or risking employee safety. Integrating physical and logical access can stop this behaviour: the identity management system can query the physical security database to see if a user has badged into the building, and if they are not listed as within the premises they can be denied access to the network until they have authenticated themselves.
The integration of physical and logical security is a concept that is becoming a reality, and it is a natural evolution for the protection of sensitive information, whether this is a database of patient information, a register of individuals at-risk or a corporation’s intellectual property. Using building access systems and IT security together can create an infrastructure that is more secure overall, while offering cost benefits compared to traditionally separate solutions. Auditing and reporting within this converged access environment is simpler: having a single overview of security, whether it is of buildings or IT assets, means that it is easier to track and trace employee activity. This considerably eases the burden of proving that employees are meeting company policy. A converged security system covering both physical access and IT creates an infrastructure where the whole is greater than the sum of its parts.
EBOOK: Lessons from IFSEC 2023 – Big Tech, Martyn’s Law and Drone Threats
Read IFSEC Insider’s exclusive IFSEC eBook and explore the key takeaways from the 2023 show!
Navigate the impact of Big Tech on access control, gain insights from Omdia’s analysts on video surveillance trends, and explore sessions covering topics like futureproofing CCTV networks, addressing the rising drone threat, and the crucial role of user proficiency in security technology.
There's also an exclusive interview with Figen Murray, the driver behind Martyn's Law legislation.
Let’s get physical…and logicalDefining physical and logical security and how they can be integrated is a massive undertaking, because any attempt at a […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources
