- SOAR 101
In Part 1, we looked at the status quo of security systems as they are used in organizations, the reality that automation should be a baseline rather than a novelty in today’s security landscape, and we explored why centralization is essential.
In Part 2 below, let’s look at how and why organizations need to think beyond Incident Response, and what it means to “centralize.”
With increasing digitization, the need for enterprise-level centralization extends beyond incident response. The convergence of physical and cybersecurity will increasingly pressure businesses to Centralize by Design. Combining physical and information security is simply more efficient and effective.
Every single aspect of our lives is steadily being digitized, connected, and capitalized. We are “emitting data every second of every day” (Poppy Crum, Chief Scientist, Dolby Labs): our carbon dioxide emissions, heart rate, sweat response, and the list goes on.
For consumers, this sea of data will improve convenience and quality of life. We can control devices with voice commands. We can tour the world without leaving the house.
For businesses, these actionable insights can be both profitable and benevolent. Healthcare providers could very soon use speech data to detect diseases. Law enforcement authorities could differentiate between a mental health crisis and violent aggression. A Wisconsin firm has already been testing microchips embedded into their employees to replace company badges and corporate logons.
However, in the wrong hands, this goldmine of sensitive data could be used to manipulate innocent citizens. Our bodies could be taken as ransom by complete strangers on the other side of the globe.
As the primary controllers of sensitive public data, organizations have greater responsibility than ever before to protect consumers’ data privacy and integrity, which in turn requires a careful reevaluation of security strategies, business structures, and corporate policies.
For example, as more companies employ biometrics for authentication and authorization to replace conventional RFID access cards, who is responsible if an insider steals the biometric data of an employee to gain unwarranted access to physical facilities or intellectual property? Physical security? Information security? Risk management? Human resources? What if security operations were outsourced to an overworked Managed Security Services Provider?
With a centralized security infrastructure, the incident can be consistently tracked, investigated, and resolved, even as it crosses between these different domains within the organization.
As another example, consider the case of a stolen office laptop. Once the thief obtains the physical device and the proprietary data it holds, the case is both a physical theft and an information security breach.
With a centralized enterprise security system, the security team may follow a preconfigured incident response playbook to guide the responder through the appropriate actions. Through third-party device integrations, an orchestration platform could automatically disable the stolen laptop or monitor the suspect’s activity, such as attempted access to certain networks or sending suspicious files.
Physical and cybersecurity teams can then collaborate on the forensics investigation to cross-reference access control and video management systems to pinpoint how the theft occurred. The entire process, including all evidence and logs, would be documented in a comprehensive audit trail for any authority to review upon request. Should such incidents recur frequently, link analysis can highlight relationships, undetected physical or digital vulnerabilities, and apply corrective actions to prevent future events.
The need for greater physical and cybersecurity has and will continue to change the corporate arena. Protecting company assets, citizens’ data, and physical safety can no longer be an afterthought.
As the line between the physical and digital worlds continues to blur, it’s easy to imagine that dual physical and cyber attacks will soon become the norm. The only appropriate countermeasure is a centralized environment that combines physical and cyber safety and security responses.
A security camera can sense an intruder and deter the attack by locking entrances and cutting off power while alerting nearby patrol guards or law enforcement. Remote monitoring systems in mental health institutes can detect when a patient is growing aggressive and call for assistance before the problem escalates to a physical attack. The surveillance system in Guiyang, China, can identify and locate any individual among its population of 3.5 million in just 7 minutes using facial recognition.
High-tech solutions are already detecting and deterring potential incidents to prevent or mitigate their impact.
Given the possibilities, organizations have an opportunity to significantly strengthen their security postures and improve the safety and wellbeing of their employees. The tools are there; we just need to use each effectively.
We must reevaluate security strategies to meet the stringent needs of the digital age, with a shift in our outlook on security.
Ultimately, companies need to Centralize by Design. The enterprise’s departments and systems need to be designed around a central control hub for efficient and effective governance of people, processes, and technology.
The wealth of tools available can provide valuable information from real-time logs, databases, intrusion detection systems, integrity monitoring systems, and much more. If all this information is collected in one central source, it can be analyzed to provide meaningful, actionable security intelligence.
It’s time to take a step back and reevaluate our business operations and their impacts on our security postures.