There is increasing discussion about the convergence of information security and data privacy. But information security has also been closely aligned for years with physical security. What has this progression looked like and how is it relevant for security practitioners today?
To talk about the convergence of information security and privacy from both operational and career perspectives, a recent episode of The Virtual CISO Podcast features Rosemary Martorana, CPO at Corning. Hosting the show is John Verry, Pivot Point Security CISO and Managing Partner.
The progression of security
Having worked in the physical security space with the US Department of Homeland Security, Rosemary has a unique perspective on how privacy, cybersecurity, and physical security relate.
“I think physical security and information security were married long before data privacy joined the party,” considers Rosemary. “In fact, you can see a progression over time. Most regulations started with physical security controls, like limiting access to certain spaces. Then we added information security controls, so now limiting access to certain systems within those spaces. Now we’re seeing data privacy layered on top. So, protecting who has access to certain information within those systems within those spaces. It’s almost like concentric circles.”
This three-way relationship encompasses not just regulatory programs, but also insider risk or intellectual property protection programs.
“You really need all three—physical security, information security, and data privacy—baked in, in order to have that successful program,” Rosemary observes. “It’s that three-legged stool. You can’t have one without the others.”
Changes with COVID and cloud
With recent transitions to remote working and cloud-based applications, physical security has morphed in several ways. For example, working from home moves people out of office spaces that are protected by physical security controls like badge readers and CCTV. This effectively increases reliance on information security from the corporation’s viewpoint.
“Corning as a corporation got a little creative with our physical controls when it came to the pandemic,” Rosemary relates. “For instance, in New York state, there were certain requirements around making sure that people were attesting to not having COVID-like symptoms if they were going to enter a facility. So, we leveraged some of our physical security technologies to make sure we were able to comply with that regulatory requirement.”
Rosemary continues: “During the pandemic people getting very creative in all of their applications, both online and physical controls, to contend with this new atmosphere we found ourselves in. I think you’re going to see more changes like that. I think the physical security space is becoming the more nimble and adapting to what we’re seeing in the information security space.”
To hear this podcast episode with Rosemary Martorana all the way through, click here.
Interested in the convergence of physical security and cybersecurity? Here’s a related blog post: Why Physical Security and Cybersecurity are Converging