Industries of all shapes and sizes have been obsessed with digital transformation for a few years now. As enterprises begin to embrace the Internet of Things, cloud-enabled Big Data, predictive analytics and mobile-first solutions, the security threat landscape is more digital than physical in nature.
Government agencies are learning to adapt to the digital revolution as well, and they must face the question that an increasing number of enterprises are attempting to answer: Should physical security and IT cybersecurity departments merge?
Of course, agencies should be taking a risk-based approach to security. Both physical security and cybersecurity focus on building up an organization’s risk tolerance while embracing innovation. A malicious actor entering through a door and one entering through a network can be equally damaging to the security and reputation of an agency. Whether there are one or two departments assessing and mitigating agency security risk, the organization itself must have domain expertise and specialists that understand various aspects of physical security and cybersecurity. The skills required to manage the entire risk portfolio cannot be handled by either department as traditionally constituted.
RELATED: How can government agencies enhance physical security via video analytics?
Agencies Can Consolidate Security Expertise
A unified security department brings together complementary skill sets and enables a more effective physical security model. Take, for example, a common physical security device, the IP motion sensor. Because this device sits on an IT network, a typical network administrator can determine the relative health of the device and whether it is operational. However, it takes a security professional to understand the optimal placement of the sensor, why such a device may be delivering false alerts and what action should be taken when an alarm is triggered. Both the network specialist and security specialist provide value to the security organization.
Borrowing a page from the Department of Homeland Security, many leading organizations are modeling their global security operations centers into fusion centers that bring together all areas of security — physical, cyber and privacy — to accomplish more together. The idea here is simple: While physical security and cybersecurity are sometimes overseeing different assets, efficiencies in risk management are clear.
The Advantages of Security Convergence
If one team manages passwords for an agency and another team manages access control cards, these siloed resources would in essence be performing the same task: managing identity. A converged security department would instead have an identity team. Members of that team could specialize in physical access control or logical access; however, they would benefit from the same identity management guiding principles, abide by the same privacy guidelines and provide the agency with a single point of contact for stakeholders on all aspects of identity management.
Rolling up various security silos into one big happy family and achieving the efficiencies promised can go more smoothly when one person sits at the top. A chief security officer can be the single point of contact when an agency’s secretary, chief of staff or other executive leader needs to have someone on speed dial to answer security questions.
DIVE DEEPER: How can technology enhance real-time situational awareness for cities?
Achieving an Alignment of Functions
A single chief security officer arms the entire function with a vision aligned with the agency’s overall goals and a roadmap to achieve that vision. Bound up in that roadmap are all the strategic and tactical aspects of the security function, such as compliance and vendor management.
As agencies consider their overall security strategies in this digital age, it is paramount for them to recognize that traditional physical security or IT departments alone are not equipped to handle the entire agency risk portfolio. If they decide to consolidate risk management into unified security teams, they should ensure they have domain expertise across physical security and cybersecurity, in addition to the burgeoning area of data privacy, and they should also have a single point of contact that can align the security function with the overall goals of the government agency.