Konvergenz in drei Dimensionen: Was ist das und warum brauche ich das?
March 15, 2022
Every second, 127 new IoT devices connect to the internet according to Security Magazine. And that’s not including personal devices like smartphones or tablets. The cyber-physical world is here to stay – and it brings with it an ever-expanding attack vector, plopped in the lap of the modern enterprise to try and protect.
Inaction isn’t an option. The negative impacts of a security incident threaten your company’s ability to deliver crucial goods and services, stay afloat financially, protect the health and safety of employees and visitors, and maintain customer trust. With such far-reaching consequences stemming from increasingly multimodal security vulnerabilities, it’s time to take charge in all directions.
Let’s explore how convergence can help you protect your enterprise – and why it works best in three dimensions.
Convergence is a must
Security is everyone’s concern, but legacy frameworks for governance, risk mitigation and compliance (GRC) have yet to catch up. These frameworks, attached to individual departments, tend to exist in isolation from one another, which in and of itself presents a security risk. Gartner named the push for closing security siloes as one of the top 9 security trends last year due to an uptick in incidents, threats and vulnerability disclosures outside of traditional enterprise IT systems.
Convergence, on the other hand, merges systems, practices and policies so that departments can operate from shared data and coordinate actions related to policy enforcement, risk prevention and compliance measures.
Access every benefit.
Survey participants identified the following top 5 benefits of convergence:
- Better alignment of security with corporate goals
- Enhanced communication and cooperation
- Shared practices and goals across functions
- More versatile and well-rounded staff
- More efficient security operations
Don’t go it alone – and don’t converge manually, either
While most professionals recognize the need to bring together the various security functions at their enterprise, they haven’t necessarily sprung into action, either.
In a survey of more than 1,000 professionals with senior roles in physical security, cybersecurity, disaster management, business continuity and related fields conducted by The ASIS Foundation and sponsored by Alert Enterprise, only 24% indicated that they had converged physical and cyber security functions. (Of those that did converge the two, however, 96% reported experiencing positive results.)
Part of the problem is that many companies still insist on integrating their systems manually – which is the equivalent of trying to build a smartphone by wiring together a pager, camera and flip phone. But with the right partner – and the right integrations – convergence can happen without a rip and replace or a Promethean in-house effort.
Make it three-dimensional for maximum impact
Even as leaders begin to recognize the value of convergence, they’re generally still only gaining visibility in two dimensions, rather than three. Why? Because they’re focusing on joining cyber/IT and OT security functions by replacing the historically isolated GRC frameworks that govern both. But a truly effective approach requires a third dimension – the inclusion of GRC as it pertains to physical security. Plus, as a subset of the IT side of convergence, companies should make sure they’re actively incorporating HR GRC. The human resource department typically houses a company’s workforce identities and core employee data – which determine both digital and physical workspace access.
A three-dimensional approach to GRC brings together IT/HR GRC (like SAP), OT GRC and Physical GRC to create one converged solution for coordinated threat detection and response practices across your enterprise – no matter how large or complex.
Close silos, clarify discrepancies – and create a single source of truth
3D GRC affords your organization the opportunity to identify and eliminate security gaps between physical and digital workforce systems. From there, you can create one consolidated view of workforce identities, threat detection and access-related data. As a result, when there’s an issue, everyone works from the same information.
In contrast, when different GRC frameworks operate in silos, departments are more likely to deploy misaligned solutions because they only have a fragmented perspective of the problem. 3D GRC can help your organization identify root cause faster and move as one to mitigate potential risk.
Solve more business problems – together
Eliminating silos and strengthening your company’s security posture are just the beginning of what you can achieve with 3D GRC. When all three functions move as one, tackling pressing business challenges becomes much easier. Here are just some possibilities:
- Automating employee access to digital and physical workspaces according to regulations and company policy – from hire to retire
- Accelerating and streamlining onboarding and offboarding for all employees (including contractors)
- Empowering employees with self-attestation solutions to reduce troubleshooting burden on physical security and IT
- Saving on invoices by precisely tracking when contractors enter and exit field sites
- Digitizing safety procedures and automating visitor authentication for added efficiency
