By Nachiket S Vaze

The concept of Converged Security is relatively new, and this word started buzzing from around 2015 onwards. Let’s understand this concept with an example.

Let’s say there is an organization called M/s ABC Corporation. Now this ABC Corporation has a very competent departments – Physical Security & Information Technology or IT. The team members of these teams are competent and professional.

Now let’s imagine that the organization is facing the challenge of frequent accidents in its production areas and the location of the organization is surrounded by slums wherein the general crime rate is quite high, and same is reflected by the number of cases of thefts and pilferage in the organization. The organization’s leaders wanted to have an analytical tool which would give them a realistic solution by analyzing the root causes leading to the incidents/accidents/ thefts etc. and as part of this effort, they want their property covered with a state-of-the-art CCTV system.

The objective is to get the live actionable data for accident prevention & theft prevention. The responsibility for getting these installed goes to the physical security team.

Now remember, this security team is competent and professional. So, they identify the locations where the cameras should be installed, considering required distance and quality of output from each camera along with the analytical features which were needed for the system. All the considerations are now in place, the new design for the CCTV system is ready for installation and commissioning. The organization has installed approximately 100 CCTV cameras and a CCTV monitoring station.

Surprisingly, after going live, the system started to face problems like:
  1. Intermittent recording.
  2. Freezing video feed.
  3. The machines which were connected to the IoT and were undergoing industry 4.0 transformations also started facing bandwidth issues.

The overall performance of the IT infrastructure also started to decline considerably and at the same time the IT team raised concerns that there is suddenly heavy traffic on the business network.

What has happened here?

Ok, so what has happened here?

This new CCTV infrastructure was directly connected to the existing business network without measuring the capability and load capacity of this network leading to the collapse of the entire business network with the impact of significant down time and loss to the organization.

In the greater sense, the above issue occurred because:
  1. There was visibly no communication and coordination between the physical security team, IT team, Safety and BCM teams leading to lack of accurate problem identification and arriving on accurate solutions.
  2. All the departments were working within their own silos and the vision is limited to their departmental level only.

 Image- https://www.cisa.gov/publication/cybersecurity-and-physical-security-convergence

Image- https://www.cisa.gov/publication/cybersecurity-and-physical-security-convergence

Let’s take the same example from different approaches, but in this case, the security team approaches the cyber/ IT team, safety and BCM teams with the mandate they had got from the management. The physical security team proposed the solutions which were enhanced by the other teams, and they arrived at a holistic solution which when implemented gave the organization the required data. On the analysis of the generated data, they identified the time zones of the accidents leading to various interventions like-

  1. Supervisor rounds during the accidents time zone.
  2. Scheduling of the tea breaks
  3. Increased patrolling round by security martials during identified high risk timeline.
  4. Deployment of security martials at strategic locations for theft control.

So, from above example, we can infer that, when all the organization’s different departments work in collaboration with open communication and coordination towards achieving a single aim, we can say they are converging, and such a security process is known as CONVERGED SECURITY.

Image- https://www.cisa.gov/publication/cybersecurity-and-physical-security-convergence

A few of the benefits of Converged Security are:

  1. Secure Enterprise– It enables an integrated view of security threat so leaders can align the security posture accordingly.
  2. Efficiency– Connected physical and cyber security functions reduce the duplication of the efforts and contribute to productivity improvement.
  3. Versatility– Streamlined security function leads to cross-training and overall knowledge base of the organization increases.
  4. Strategic Alignment- Risk and threat management is fully aligned under holistic strategy.
  5. Shared Information- Security functions share information and best practices while working to integrate and operate as one unified team.
  6. Common Goals- Single security program under one set of shared practices and goals to secure cyber-physical infrastructure.

It is also interesting to note the history of this concept, it all started with outselling of “Digital Video Recording” over VCR from 2003 till early 2004, and from 2004 till some next 10 years up to around 2015, all the systems were being migrating from “Analog to Digital” and this era was termed as Era of Migration in IT security domain.

This was also the time when these digital-migrated systems were integrating with a lot of other systems.

Since 2015 a lot of convergence between physical and cyber security systems are happening across the globe, and same forecasted for next 10 years or may be more- approximately between 20 billion to 50 billion* devices are currently connected to the cloud and this number is increasing exponentially.

Quite a few organizations have now looked forward to building the Converged Security Centers which will get the continuous data from Cyber Security and Physical Security teams which will be combinedly represented into a single dashboard with actionable information.

These centers will not just be about the technology, but it will integrate people and processes to technology.

Concept of converged security is the future and relevance of physical security will depend on how fast they can align themselves with the business objectives and collaborate with multiple stakeholders especially with cyber security team for securing the organizations.