Sunday, February 5

Physical and Logical Security Convergence

I read an article today that made me think about the convergence of physical and logical security. I don't have the data, but I would imagine breaches made on physical or hard security outnumber what I'll call soft breaches due simply to the techniques involved. To overcome a physical obstacle, you need only to follow someone through a door who used their own valid key to get in. People seem to back away from confrontation and let you right in. I spent a number of years as a consultant travelling from enterprise to enterprise and at almost every one, people would let me in the building, onto the floor and I could usually just pick cube to sit down and fire up my laptop. No questions asked. I think a fairly simple solution can be implemented to provide a substantial value by connecting physical building security systems to network and/or PC logon. I have some architectures in mind if anyone wants to explore.

The article also reminded me that some of the best sources for new ideas are the organizations and industries that we serve -- and not always the expert community. I spend a lot of time listening to the identity management community. It might be worthwhile to spend some of that time reading trade and industry magazines and listening for real-world challenges that have yet to be solved.

[more info on this topic]

No comments: