I think IT security and physical security are converging. It’s a part of the overall trend towards the integration of technology with our everyday lives. It just shows how separated certain aspects of corporate business have been from the technology that could, or does, underpin them. You see there a separation from the mission, or from the types of activities that you would undertake, that’s emblematic of larger issues within an organization.
When you think about separating the securing of information assets and how you prevent cyber security issues from occurring and then make a distinction between that and how you protect the rest of your physical infrastructure, it highlights this sort of divide between technical skills and business or mission oriented skills that probably shouldn’t be there. Security is security whether you’re protecting information assets as a company or the physical assets of the company. Having a divide there because of the skills required to accomplish the objective doesn’t make a lot of sense. The value gained by intertwining those activities is immense. For example a lot of organizations own data centers and within those data centers there’s security, network firewalls, and information technology approaches that you’re going to use to safeguard that information. Unfortunately, all that is moot if somebody can get physical access to the keyboard or physical access to the facility. You’re going to be hard pressed to prevent them from being able to affect the processes and mission critical applications that your business needs to support its everyday activities. So there really is no reason to have those things split. It’s simply a function of the types of skills used to perform them and so I think it’s natural that the convergence is occurring. I think we’ll see more of that convergence over time in areas where technology and the business have previously been split. You’ll see more embedding of technical skills with mission skills to create the right combination to get the job done. I’m curious to see what other areas people have noticed where they see an unnatural split between mission and technology.
-Photo by Sudhee
Great post. I don’t know if this is where you’re going, but it actually reminded me of the story of the Stuxnet virus, which was smuggled into an Iranian nuclear facility on a thumbdrive, then started interfering with certain functions of the system once loaded.
Thanks, it seems silly once you look a bit deeper at it to have the separation that exists in many organizations between these two types of security because of situations just like that which you are mentioning. Thanks for providing the link out.