By AMAG Technology, Director of Enterprise Sales, Vik Deol
From our evolution of adolescent to adult, the “Keep Out” mantra has been a constant reminder in our daily lives. “Keep Out,” having taken the form of a security precaution, has never left our side since our childhood tree house. As an individual we are concerned about intruders entering our homes. A community center is concerned about trespassing by harmful individuals. A company guards against infringement of its intellectual property by a third-party. A country is concerned against confidential data breaches. The world has consistently proven that we must maintain our own security measures by way of locked doors, privacy and exclusivity, reminding us that the famous words on each childhood tree house, “Keep Out” stay true today.
Security practitioners are tasked with various objectives to keep us safe. A physical security executive’s job within a global company, for example, is often seen as challenging as we start to understand the complexities of what their job entails to satisfy the mission of keeping areas secure and most importantly, people safe. As we take a step into the IT department, departmental duties also reflect a comprehensive program to ensure security. Yet not always are we taking an in-depth approach to tackle objectives together. People sit in different departments with different job titles with different ideas, yet many times have the same requirements to satisfy.
For example, if a physical security administrator maintains all his physical access logs on a daily log and monitors each person – yet doesn’t take into account HR information for newly hired and fired individuals – it is highly likely the new individual will be kept out and the fired person is still going to have critical access. On the IT side of the house, if the IT department is careful to ensure network traffic is securely managed, but does not take the appropriate protocols for understanding whom has physical access to their data centers by working with physical security, watching external traffic is truly a waste of time.
A company cannot progress if security management is not comprehensive. For instance, if inventory is being stolen, theft is certainly going to negatively impact the bottom line of a business. In intellectual property, the penalties can be far worse. Now imagine if a company like Facebook has an individual wrongly access one of their main data centers, the damage to a company’s reputation and personal data could be detrimental as data breaches have exemplified.
The challenge to “keeping out” is that we aren’t always given advanced alerts as to when someone has ill intent nor are we handling events in an automated manner, ergo? We must present our programs for security in a holistic manner so our teams can make judgment calls or have a deeper understanding of each particular identity and their potential risk to the company.
This common theme of “Keep Out,” often a corn-crib approach, is still applied in its simplest form today as stockpiles of information and processes are constantly disjointed. Keeping devices, people, technology and processes connected are the only feasible way to secure infrastructures regardless of industry. This evolutionary step is no longer something ‘to consider’ – keeping connected is mandatory.
Success in security incident management truly relies on being able to identify, interpret, notify, and mitigate to closure. Upon receipt of closure, a process should incorporate lessons learned within the future standard operating procedures. Deployed solutions need to be able to do the aforementioned in a manner where all of these objectives are met alongside effectively managing the integration of personnel, process and technology.
The transformation and understanding of the phrase “keep out” changes and adopts different strategies as our history evolves, yet to secure a childhood fort, each point of entry needs to be secure. Each person in the fort needs to know the plan, the process, the procedures and whom has what responsibility. While we try to strike a balance between keep out, keep safe, and keep secure in our organization, each person or groups of individuals do not typically need to be watched, but each identity must be managed and needs to understand their role if an event occurs. Whether it is an everyday visit to one’s office or a temporary sales person visiting for a lunch meeting, management of identities is a vital function that shouldn’t ignore anyone. Visitors, intruders or employees all have the same goal – to get access – and it is a company’s job to make sure that access is managed to the best degree possible. The common goal of “keep out” now not only applies to security, IT, HR, facilities, but even contractors, consultants and facilities that need to be a part of the overall solution.
While the famous words on the tree house, “Keep Out,” remain true, how we approach, communicate, mitigate and deploy security has changed. For a corporation, college campus or even a country, it’s imperative to construct a collective model for security management that gives a grander vision into identities and their access rights across the enterprise. When deploying technologies, or incorporating a new technology, insist your department works with others to let the appropriate people in to the areas they need while keeping the not so appropriate on the other side of the fence.
Stay secure and stay connected my friends. – Vik