Physical Security

Introduction

Source Source

So far, in many articles, we have discussed the software part of Cyber security. Physical security is the hardware part of cybersecurity. It shouldn't happen that we have a world-class security system in place to protect from hacks and prevent vulnerabilities, but one day a person comes and steals the hardware from the warehouse where all the data was kept. You can imagine how embarrassing that would be. For this reason, physical security is as essential as digital security. If you have watched the web series Mr. Robot, you would know that in one episode, the hacker tries to blow up the whole data center as it was not hackable; if the owner of that data center had read this article before, then might be the data center could be saved. Hahaha!!

Physical security refers to protecting people, their property, and physical assets from any event that could incur loss or damage. Now, let's learn more about the principles and measures of physical security.

Measures of Physical Security

Physical security always prioritizes the prevention of damage and loss. The physical security framework is made up of these main components:

Access Control

Access control puts limitations and rules on who has access to the sites, facilities, and resources. It controls the exposure of assets to authorized personnel only. The methods to implement access control can vary vastly. Some of the ways to implement access control are discussed below.

Physical access control system: We can use barricades, strong gates, hardened walls, etc., to protect the facility from robbery, vandalism, or any terrorist attack. Not only this but methods like hardened walls can also help reduce the damage during a natural disaster. Earthquake-proof buildings can be used to prevent damage. Placing locks in sensitive areas can also help in different kinds of dangers.

Digital access control system: Biometric locks can be placed in different building parts according to need. It can be used to verify the level of access of the employees and accordingly allow or deny their access requests. This can protect from internal threats to some extent. Cameras and facial recognition systems can monitor the restricted areas to alarm the security personnel of any danger.

Policies for access control: It is essential to have a set of rules and a system based on which access to restricted areas is granted to the users. In case of any discrepancy, the person's authorization can be checked manually using the rules and system put in place. This helps prevent any harm to the workflow.

Surveillance

The surveillance system includes the security personnel, patrolling, burglar alarms, camera movements, heat sensors, and even keeping logs of people accessing different areas. The surveillance methods can vary from company to company based on their risk and the advanced surveillance techniques the company is willing to spend on. Modern surveillance techniques include pressure sensors, temperature sensors, infrared sensors, proximity sensors, optical sensors, etc., which helps get a broader perspective on the activities in restricted areas. Surveillance systems can prevent any unwanted events. In addition to that, it also helps analyze the occurrences of those events to patch up any security leaks or to catch the culprit. Some modern surveillance techniques are discussed below:

Image recognition and AI: We can use an image recognition system on the CCTV feeds and track the movements inside the company premises using artificial intelligence on a large scale to get more efficient results on any suspicious activities.

Alarm system and sensors: Alarm systems and sensors can be placed in sensitive areas to alert the security personnel of unauthorized access. Modern technologies have enabled many advanced sensors, which makes the security system more robust.

Testing

Testing of the physical security systems is crucial for every organization. There are DR (Disaster Recovery) plans and policies in every company. But these policies need to be tested to get insight into improving the security systems and test the systems' efficacy. This is the only way to ensure that the DR policies will be effective in the time of need. The most common example can be a fire drill. These are necessary to improve the coordination between people, and it makes sure that people understand their responsibilities and roles at the time of need.

Apart from the above mentioned physical security components, some more critical physical security aspects are discussed below:

• Intimidation: Methods to discourage the intruder can be used. This helps in preventing the damage without much work. Some methods include building a vast and open facility where security personnel are visible from every corner. This incurs a feeling of fear in the intruder, which discourages the act they are going to do.
• Security personnel: They play a crucial role in every step of physical security. They are needed to administer the electronic access control, respond to alarms, monitor video footage, etc.
• Employee awareness training is essential as a negligent employee can lead to a significant cybersecurity breach. The employee possesses many company secrets and information about the physical structure. If this information gets into the wrong hands, it will not be suitable for the company.
• Locking server room: All the crucial data critical to keeping business running are stored on the servers, so it is vital to provide extra security to the server room. This also prevents any tampering of company data.
• Building secure guest wifi: It is crucial to isolate the company network from any external use as it may give hackers a chance to exploit the company network.