Dec 29, 2011
Victim of Circumstances
Remember the days of strolling into a client's building and meeting him just outside his office for lunch? Try that now and you're likely to be tackled by a security team maintained by building management. And therein lies one reason the 334 respondents to our InformationWeek 2012 Physical/Logical Security Survey haven't integrated these groups--today, physical security is normally outsourced. Companies don't build buildings for themselves much anymore, especially in metropolitan areas. And when you lease space, building management firms usually handle everything from key card provisioning to fire alarms and cameras. Even most Vegas casinos outsource physical security monitoring.
Not coincidentally then, most of the protections our respondents have put in place match the services these firms provide: 80% have fire and burglar alarms, 74% have cameras, and 69% have electronic door locks.
Where respondents fall short is in use of newer technologies. Biometric controls, for example, are used by just 10%, and PC-based proximity detectors by a mere 5%. Geolocation policies, which reduce the available access points to a network based on physical location, are in use by just 12%. RFID isn’t doing much better. And integration of SEIM and access-control systems? Shy of 20%, even though new logging products, such as those from ArcSight, LogLogic and Splunk, can give IT great insight. For example, when an employee uses his key card to badge in to a door, the door sensor sends a log event to the log management system, which can then correlate the event with a login via Active Directory to the worker's PC. Furthermore, some systems allow scenario-based control, where a user who badges in to a second location without badging out from the first location will have her badge disabled automatically. Sadly, not many are using this integration.
No matter how good your building's security team, your organization's data is your responsibility. Given new attack vectors and mobility work patterns, now is a great time to review your physical controls. (R3621111)
Survey Name InformationWeek 2012 Physical/Logical Security Survey
Survey Date September 2011
Region North America
Number of Respondents 334
Purpose To examine the convergence of the physical and logical security paradigms