Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
December, 20208 IN MYV EWIn an age of mobility, agility and cloud-centricity, our industry is currently grappling with a generational shift in attitudes towards the relevancy of physical security. Yet, failure to do enough in this area still poses disastrous consequences to the enterprise. In this article, we will provide some insight into this challenge and some practical principles to address it.It goes without saying that heading up the job of securing an enterprise in the world of today is a pretty tough gig. In many ways, the CISO has enormous expectations placed on their shoulders to be a multi-faceted wizard who has to out-think, out-strategise and out-do every person that has it in for the organisation. To paraphrase the defender's dilemma, "the attacker only has to be right once; the defender has to be right 100% of the time."Now, whether you might actually believe this fatalistic point of view misses the point ­ the real point is that this is a perception commonly held by those holding the purse strings. Reality might placate our sense of dignity, but perception pays the bills.The current challenge is that history is working against us. From the ground-shaking booms in personal computing, off site data centres and the emergence of the internet, through the turbulent waters of BYOD/T, de-parameterization, cloud, IOT and beyond, it is easy for the lay user inhabiting their ergonomic hot-desk collaboration space fully immersed in their omni-channel customer experience to be under the impression that we've transcended from anything as mundane as the physical. It might also be easy for beleaguered security professionals to look around and question whether indeed we have ceded the battlegrounds of physical security, thus we should retreat from the ramparts and heads towards the safety of the keep where we have the fires of Zero Trust architecture to keep us warm at night.And yet, physical security is hardly something a CISO can ill-afford to be trivialised.Whether it's about limiting the ability to plug a tiny rogue device in the corporate network, protecting sensitive physical records or stopping someone from stealing disk drives to crack your enterprise passwords, physical security addresses a myriad of risks, whose consequences range from those that can seriously undermine the rest of the enterprise security program, to those that can directly harm the mission of the enterprise itself, or even threaten the safety and well-being of its people. The methods and techniques to exploit these holes are only getting more accessible, easier to use and cheaper to acquire. THE PRACTICAL PRINCIPLES OF PHYSICAL SECURITY ­ APPLYING TRIED AND TRUE PRINCIPLES TO NEW CHALLENGESBY HARLEY AW, CISO, PHOENIX HSL
< Page 7 | Page 9 >