Forward Thinking Enterprises are Merging Physical and Logical Security

By: Ken Elefant, Partner at Sorenson Ventures

Security is important: every board meeting agenda includes time dedicated to security, and every enterprise needs good physical security. Physical access is actually an important factor in cybersecurity. Without good physical access control, a competitor could walk into the building, take equipement and gain access to private data and intellectual property. However, it’s not just outsiders that businesses should protect against. According to Verizon’s 2019 Insider Threat Report, 57% of data breaches involve somebody from inside the organization. Employee data theft is a surprisingly common source of data breaches, with the majority coming from non-leadership roles. Safeguarding IT and server rooms, or anywhere protected data is stored, with more granular access permissions is a smart way to prevent data from falling into the wrong hands to begin with.  

The beauty of a cloud-based access control system in an enterprise organization is the ability to manage multi-location businesses from one interface. The cloud platform centralizes everything through system integrations (including security cameras, alarm systems, space booking apps, and tenant management), and gives businesses access to unprecedented amounts of data.

As more and more businesses make the move to the cloud, however, this creates additional infrastructure to manage, and there is a growing list of cybersecurity threats with more information than ever being transferred over the Internet. The best way to ensure a business is protected is to merge physical and logical security strategies to create a full end-to-end experience.

The number one concern for enterprise security is risk mitigation—stopping a breach before it happens. However, an all-too-common problem for today’s overworked IT teams is the amount of information coming in, with no way to organize or prioritize the most serious threats. Integrated cloud security platforms take some of the burden off the IT team, so that the system identifies the most pertinent problems and notifies the appropriate people. A proactive security posture applies physical heuristics to let teams focus on the right threats, and respond quickly and efficiently. 

Another benefit of using an integrated, cloud-based security system is allowing data from multiple sources to be automatically ingested and analyzed across the entire enterprise. Real-time data is great for recognizing immediate threats, but data that shows facility use over time is equally valuable. Business intelligence is essential to continued growth and success, so the ability to instantly analyze and customize the data that makes sense for the business gives leaders a huge advantage not only in threat mitigation, but also in making informed decisions at every level of the organization. 

The benefits of the cloud in the post-pandemic enterprise
Now more than ever, businesses are relying on their security teams to keep workplaces safe. Access to real-time data enables faster, more accurate responses to COVID-related concerns.

For example, entry activity data from a cloud-based access control system proves an easy way to audit and enforce staggered team shifts, with a clear snapshot of who has access and when. Because the entire system is managed in the cloud, security teams can adjust permissions and door schedules instantly in response to business needs.

Density management is another tactic businesses are adopting in response to the pandemic. An access control system with occupancy tracking capabilities can measure usage on each floor of a building, and send alerts to managers and tenants as spaces approach capacity. The cloud-based platform makes it easy to integrate with other tools like people sensors and space reservation apps to enhance the social distancing component, and enable more advanced response strategies such as contact tracing. 

A cloud-based access control system also requires less manual setup than an on-prem system, which means businesses don’t need to work with an internal IT team to execute advanced security strategies.

Use case: a fully integrated security posture with Okta and Openpath
Merging physical and cyber security components is a great concept, but how does it work in a real-world situation? One use case is the integration of Openpath’s cloud-based access control and Okta’s identity management solution. These two platforms work together seamlessly to cover both the logical element (identity management) and the physical component (access control) for an end-to-end security strategy.

With Openpath’s cloud-based system, businesses are able to see anomalous entry behavior quickly, such as access at a weird time, or a request to enter a restricted area from a user without the right permissions. When integrated with Okta, that information is enhanced with additional details, such as that the person attempted to access payroll records, or sensitive customer information. The integration lets administrators access all of this information as a complete picture, rather than having to put the pieces together themselves. When it comes to security, this means a quick response time and the ability to prevent a breach before it occurs. 

Key takeaways
Establishing a future-proof security posture gives enterprises more flexibility to adapt to challenges, and prevent expensive data breaches before they occur. In merging cyber and physical security components in the cloud, organizations can automate processes and streamline operations at every level of the business. A fully integrated, smart physical security system will benefit more than just the security team. Automations take the burden off of IT and HR teams, while better access to data analytics improves ROI and decision-making from managers and C-suite executives.