Forget the old ways of managing security. Isolation is a thing of the past - at least when it comes to electronic and cyber security. They are rapidly converging - but how will the two work together?
SecurityBrief spoke to Telstra's Neil Campbell, director of global security solutions. Next month he will be speaking about the convergence of electronic and cyber security at the Security Expo & Conference 2017 in Sydney.
Physical security started as a mechanical, analogue world, where checking locks was a physical task. Now we're in the 21st century, where security is much more of an issue - a central monitoring station can now use a combination of video and electronic door access to keep an eye on controls and access.
"The challenge that these two industries have in converging is how each industry grew up. One started through the internet and the other one started by rattling locks. You have a very different set of capabilities that you almost never find in the same organisation," he explains.
He believes that the two different worlds have collided because technology is making it much easier to do things centrally. The two don't need to be functionally together, they just need to be better aligned. That is part of Telstra's role.
"A managed security service is about ensuring your customer has the right combination of passive and active controls in their network and that you're monitoring them centrally," he says.
"Take electronics security staff for example. If you build using this system and implement this control solution - if and when the IT people are looking at identity, they'll be able to plug into what you've built."
"You're preparing yourself for integration, you're not doing integration as one project. I suspect that will be the path to success for all organisations. It's not to try to bring the two together on a project by project basis, but to make sure they have a strategy where each group considers the others and how they can interoperate in the long run."
Whether it's intrusion prevention or catching fraudulent activity in the act, Campbell cites user behaviour analysis (UBA) as a prime example of how electronic and cyber security meet in the middle.
"If we share data from electronic security systems and cyber security systems, then we see if Peter uses his swipe card in a building in Melbourne and half an hour later logs on to a system in Sydney locally, then we know something's wrong. Either somebody took Peter's card or somebody took Peter's login ID."
"If we add video such as facial recognition to the mix, we know for certain whether that was Peter with his card or not. If it was, then we know the thing that happened in Sydney was out of policy."
"It might be that Peter shares his credentials with somebody because that's a more efficient way to do his job. That's probably against policy so we need to know about it or address it. Or it may be that his credentials have been compromised, in which case we really need to know and do something about it with urgency."
Campbell also says the Internet of Things (IoT) can be a controversial term in the world of electronic security. What those in the industry may call smart devices, they don't necessarily agree those devices are part of the IoT.
"Depending on how they're managed, that may be true. If it's a very isolated system that may be true. But even if it's a small network of smart devices that is communicating over a proprietary protocol - i.e. not internet protocol (IP), it's really a precursor to IoT."
"Even things that you think 'that's analogue', they've become part of IoT. An analogue video camera - if at some point you digitise the signal and make it accessible to an IP network, it's now part of IoT."
When you put electronic security and IoT together, suddenly you have convergence. But you only really need one mindset:
"I don't have to get it perfectly right in one project, I just need to start thinking about interoperability in the long run."
Neil Campbell will be speaking at the ASIAL Conference, part of the Security Exhibition & Conference in Sydney that runs from July 26-28.
He will be further discussing electronic security, cyber security and how they can no longer operate in isolation.