Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity Enterprise ServicesPhysical SecurityCybersecurity News

The Need for Cybersecurity and Physical Security Convergence

By Maria Henriquez
skyline
June 3, 2020

Security leaders have been discussing the convergence of cybersecurity and physical security for years.

But what does it mean? According to “Physical and IT Security Convergence: The Basics,” convergence is a formal cooperation between previously disjointed security functions – cooperation is a concerted and results-oriented effort to work together.

Despite the fact that physical and cybersecurity are intrinsically connected, many organizations still treat these security functions as separate systems. Until recently this was justified because the technology to integrate physical and cybersecurity was not yet available. But now, the problem comes down to governance, making it a priority to create a single body for security policies, procedures and deployments, a Cisco report notes.

Scott Borg, Director of the U.S. Cyber Consequences Unit, says, “As long as organizations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organizational level.”

 

The Importance of Convergence

A recent Forbes article discusses how security is the new transformation imperative since the COVID-19 pandemic started sweeping throughout the world. “Highly integrated corporations can adapt to weather not just competitive challenges, but also unexpected market changes like what we are experiencing now,” writes Christopher R. Wilder, Senior Analyst-in-Residence, Security, for Moor Insights Strategy.

“Right now, most U.S. companies rely on patchwork systems, even to handle their most sensitive data and functions,” says Brivo CEO Steve Van Till. “Now that we are experiencing the formerly unthinkable, security threats, both cyber and physical, have been illuminated or exacerbated and the importance of efficient, integrated, and secure systems has been highlighted.”

Cybersecurity is critical for any system that exists online - which is about every system in existence today. To provide some perspective about how many physical and digital components are connected to the Internet, here is some research. In 2019, the number of active Internet of Things (IoT) devices reached 26.66 billion, up from 7 billion IoT devices in 2018 . Every second, there are 127 new IoT devices connected to the Internet, creating a larger attack surface, which threat actors can leverage to take control of and exploit.

The statistic doesn’t just include personal devices, such as smartphones and tablet computers – it includes sensors, cameras and devices used in security that are now IP-enabled because of the convergence of the IP network.

Therefore, says Brivo, physical security must take into account cybersecurity as this massive convergence can have a negative impact on the performance of the network if the network has not been properly designed and deployed to handle this increase in traffic. “Your physical security system has identification information for your employees or tenants, access data for your facility, and the actual functions to control access to the facility itself,” Van Till further explains. “That is why it is important to choose a physical security solution that is constantly maintained, penetration tested and cyber audited.”

 

Solid Security Posture

How does physical security help mitigate cybersecurity? “The right physical security solution helps any company meet compliance standards and follow proper protocols when it comes to visitor and identity management,” notes Van Till.

Knowing who is on your property or in your building and when, and ensuring they are authorized to be there, creates a safer space, for instance. Areas of the property or office that house sensitive information or equipment, like server rooms or HR offices with employees' personal information, can also be locked down to everyone except a few designated and trusted individuals.

 

How Brivo Meets the Most Rigorous Cybersecurity Standards

 

BUILD PRODUCTS (technology)

It becomes difficult for customers to manage their level of cybersecurity as locks, cameras, and other physical security devices commonly come from multiple vendors with varying attention to cybersecurity. One of the primary tenets of cybersecurity is to not trust input from other systems. Brivo designs their systems with cybersecurity as an explicit component.

They assume that networks used to communicate with controllers and management systems may be public, untrusted networks.

As such, they employ:

  • Techniques such as mutual client-server authentication (the strongest available encryption) for communications protocols.
  • Anomaly detection and monitoring to locate and terminate unexpected communications or processes.
  • Client-server TLS certificates to protect the content of communications between devices and provide mutual authentication between devices and servers - This means an unauthorized device or hostile server will not be able to negotiate a network connection to a device, much less change its operation or status.

 

DEPLOY APPLICATIONS (process)

Brivo designs, architects and codes their applications for cybersecurity from the start. They test for cybersecurity throughout the development lifecycle.

This includes:

  • Using automated code analysis tools on software prior to deployment
  • Continual scanning of deployed and upcoming software/systems for potential cybersecurity issues
  • Manual code and design reviews with developers and security experts

Brivo has frequent software deployments to provide new features and functionality to their customers. As availability is a major concern, Brivo also uses multiple physical and logical networks to ensure availability even in the case of region-wide disruptions, such as hurricanes or other natural or man-made disasters.

 

MANAGE BUSINESS (people)

As the old adage goes, a chain is only as strong as the weakest link. Therefore, Brivo takes cybersecurity into mind with their personnel and internal business processes.

This means Brivo:

  • Invests in technical and security training for internal developers, testers and other personnel
  • Uses the principle of least privilege to minimize the impact a rogue actor might cause - Personnel can only access systems and data they have a demonstrable business need to access (and that access is still monitored)
  • Use third-party audits and assessments of their software, devices, servers and business processes to validate that we meet industry standards, legal, and other compliance drivers

 

Achieving Convergence

There are many steps enterprise security leaders can take to achieve convergence. Enterprise leaders should look for a provider who makes cybersecurity a priority for how they build products, deploy applications and manage their internal business. Here is a checklist on what to look for:

 

1. Building network secure products:

While professional cloud-based solutions are designed to operate over public networks, systems originally designed for on premise installation may lack precautions like strong hardware security and data secure transmission with the system server.

If not done right, network devices can be entry points for malicious attacks when they require open inbound ports and allow unauthorized inbound communication.

According to Brivo, questions to ask your provider include:

  • Does the platform reduce my “attack surface” by eliminating the need to establish open inbound ports?
  • Can the platform prevent malicious attacks with bot monitoring and other security techniques for self-detection?
  • Can we transition to more secure mobile credentials to prevent keycard duplication?
  • For control panel authentication, is a unique digital certificate issued for each control panel during manufacturing?
  • Do you offer a higher level of device communication security such as 256-bit AES encryption (same level as banks) with Transport Layer Security (TLS) 1.2 or higher?

2. Deploy and Support Applications

The best providers, says Brivo, deliver 24/7 monitoring on a network with a multi-layered security model to provide redundancy, business continuity and risk management. Without proper support and active monitoring, you could face security breaches and costly service disruptions (especially for older systems).

Questions to ask your provider include:

  • Is the application deployed in multiple redundant data centers to make sure my building is protected?
  • Do you have active cyber defenses and a documented response plan?
  • Are current applications analyzed on a regular basis to determine their vulnerability against recent cyber attacks?
  • Does the application support two-factor authentication?
  • Does the platform enable automatic software and firmware updates?

 

3. Manage their Internal Operations

According to Brivo, cloud providers must go beyond the data center (AWS) provided features and accreditations and look at the certifications delivered by the application provider.

Providers need to limit internal employee access to their data center, as well as key areas like backup storage and server rooms to protect your data.

Questions to ask your provider include:

  • Can you provide evidence of your own audited data security controls in addition to those from your data center provider?
  • Can you provide evidence of third party audits and vulnerability tests on your software, hardware and internal processes?
  • Does the platform get an A grade in Qualys SSL cloud security and compliance tests?
  • Do you provide a service level agreement (SLA) guarantee for platform uptime?
  • Do you have strict internal personnel policies like monitoring what data and equipment your internal employees can access?

 

Preparing for Convergence

While preparing for this convergence, enterprise security leaders should keep in mind the following aspects, says Brivo.

  1. You cannot provide good cybersecurity without good building security, or if both the cybersecurity and physical security team continue to be siloed.
  2. Working together with your IT department improves your organization’s cybersecurity.
  3. Building a better relationship with your IT group helps you become breach-ready.
  4. There’s a lot to consider when handling risks: threats, scalability, reputational risks, disaster response, data privacy, etc.

As a reminder, to determine whether a manufacturer is providing good cybersecurity, look at how they build their products, deploy their products and manage their people and procedures internally.

Brivo, for instance, builds end-to-end security designed for IoT using the strongest encryption for communications. Their hardware uses embedded bot monitoring and real-time alerts to take immediate and corrective action. Brivo also deploys their applications with regular and automatic software updates and pre and post-deployment scans of software and systems. They enable business by monitoring and managing what employees can access, and religiously conduct third-party audits on software, hardware and internal processes. For more on how Brivo meets the most rigorous cybersecurity standards, see SIDEBAR.

To learn more how Brivo can help your organization achieve convergence goals and more, visit https://www.brivo.com/lp/call

KEYWORDS: convergence cyber security data center physical security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • digital-cyber

    Preparing For Physical and Cybersecurity Convergence

    See More
  • The Unstoppable Convergence Between Physical and Cybersecurity - Security Magazine

    The Unstoppable Convergence Between Physical and Cybersecurity

    See More
  • Single jigsaw piece

    Why insider attacks are indicative of a need for security convergence

    See More

Related Products

See More Products
  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

  • 150 things.jpg

    The Handbook for School Safety and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!