Security have different meanings to different people. When one talks of security in Southern Africa the average person invariably thinks of alarm systems, CCTV systems, Access Control systems and Guards. When one discusses security with an IT professional the topic invariably turns to firewalls, anti-virus software, anti-malware and control of access to the IT infrastructure. It seems then that security is similar yet dissimilar in many ways. One being in the physical realm and one being in the virtual realm. Same and equal yet not.
But is this correct? It certainly is a confusing subject for those who have little or no experience in any format of security management and even professionals in their respective fields have trouble viewing the bigger picture.
I recently had the pleasure of attending a security presentation in Namibia hosted by Westcon Security Solutions. Featured were the physical side of security with presentations on CCTV and Access Control but what got me thinking was the presentations on Unified Threat Management for the virtual environment. Why is it that we view these security issues as separate subjects? Why is there no cohesion between physical and virtual environments? With the rise in popularity of smart handheld devices the virtual realm is becoming a fact of daily life yet we choose to view the physical and virtual realms as two separate and distinct entities that has to be secured independently from each other.
Let me provide you with an example of what I am alluding to.
A Datacentre has an alarm system to warn of physical intrusion onto and into the premises where the centre is situated. It also has a CCTV system on the perimeter and in key areas to identify who is on the premises. To restrict access to certain areas Biometrics are installed – give the good guys access while keeping the bad guys out while keeping a record of who went where at what time. Of course there are then guards patrolling the grounds, monitoring the CCTV and Access Control system and an Armed Response unit waiting to be summoned. The purpose of this is obvious – keeping a physical intruder getting to the hardware installed inside the Datacentre. Sometimes these systems are incorporated into a single management system but more often than we like these systems operate independently from each other.
Inside the Datacentre is installed physical hardware firewalls to prevent hackers and malware from gaining access to whatever data is stored on the servers. To prevent other types of incursion some form of software is installed that has anti-virus, ant-malware and anti-spam functionality usually with a software firewall functionality as well. System administrators then configure user access by granting certain rights to certain users which is then protected by password. Once again many of these different systems are incorporated into a single management system called Unified Threat Management but sometimes they are independent systems operating as standalone.
With all of these security systems installed there is no cohesion between the physical environment and the virtual environment. Although both have similar functions they just do not provide the end-user with a single solution but rather a product set of solutions.
For many years now the physical security environment has strived towards.