Every company that uses computers has data and networks to protect. These are extremely important, but intangible items that can only be stored on a wire or a disk. What about the rest of the company‚Äôs physical assets, the stuff. All the physical assets that make up a company’s total of assets include property, buildings, equipment and furniture, as well as paperwork and snacks.
IT is concerned about protecting network, data and access. However, even the most robust infosec policies, firewalls, and pentests, nothing can stop someone from getting into your building to steal desktops, paperwork, and servers. It is much easier to gain network access if you can bypass the firewall and connect directly to a network port. Physical security and infosec are closely related. Physical security controls are the individual layers that protect the organization’s assets.
It is helpful to think of them as layers. Each control is important and serves its purpose. While some controls have greater effectiveness than others, none of them is sufficient. It is the same as a multi-layered security stack protecting a server, including firewalls and IPSes.
A server’s security system must be balanced with the user’s convenience. An admin must approve each login from every employee before it can be used to reduce intrusions. However, this is a big inconvenience for everyone and an expensive expense for IT. A guard shack that checks every vehicle entering the property might also help to prevent intruders. But at what cost? It is a huge expense to hire guards and waste everyone’s time. There may be very little security benefit. When the returns begin to diminish, some level of risk must still be acceptable.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start trainingLet’s take a look at some physical security controls you might want to implement.
1. Fences
I can hear you yelling, “BORING! I was hoping for robots with lasers to patrol our darkened halls and vaporize intruders at all times of the night!” First, it’s not a bad idea. We agree that fences can be boring. But, remember our premise of a multilayered approach to security. Fencing can be the outermost layer and prevent someone from ever getting near the building.
2. Cameras
This is a better option than fences. It plugs in. A security camera system provides both a historical record and an active deterrent for anyone who goes where they shouldn’t. For the first, at least enough cameras should cover all entrances and exits. For the latter, they should be visible from a distance.
Forget the old grainy black-and-white security tapes. Modern camera systems can record HD video onto hard drives, and allow for immediate queuing up timestamped footage. Do you want to know who walked in the side door at 6 a.m. on Tuesday? You don’t have to search for the right video tape or rewind to the correct spot. Simply enter your date and time into the app to access your footage.
Did we mention that modern cameras can be connected and powered by ethernet? There are no special tools or need to run new cabling. You can simply reuse network drops you already own. Some include motion-based recording software and infrared recording at nights. It doesn’t make sense to store unchanging video of a door you’re not using for 16 hours per day on your hard drive.
3. Alarm Systems
We recommend lots and lots of ears piercing sirens and spinning red lights. A robot voice should also be heard shouting “INTRUDER ALERT!” INTRUDER ALERT!
Alarm systems are essential, however.