File under: Well, of course
Goverment Computer News gives us the following headline today: Physical security and cybersecurity go hand in hand Revelatory, I know. And I'm not trying to bust on GCN. I think they're among many who are just now coming to the same conclusion. And this isn't even about "convergence." It's about making sure you control access to your data center, keep track of your laptops, make sure people don't just walk out of your facility with USB drives filled with data they're not supposed to have access to. The thing is, public companies are way out in front on some of this because of Sarb-Ox regulations, which require that you have an audit trail of who had access to what data, those same regulations put in place by the U.S. government, but apparently not practiced by the U.S. government. Shocker. This seems to be the crux of the problem:
In the early days of computing physical and cyber security were one and the same. Mainframe computers were locked in computer rooms and accessed by hardwired dumb terminals. But as computers became smaller, smarter and more ubiquitous, property and data were dealt with separately and there traditionally has been little reintegration of physical and cyber security. Today, data in any form can be the most valuable asset in any organization, government or private, and the proliferation of devices on which it resides means that physical security is becoming as critical to protecting it as cyber security.There seems to be a logical problem with that paragraph. As in: At first, we locked the doors to the computer room, then computers got smaller, so we didn't worry about controlling access to them anymore. Huh? Anyway, what's done is done. And if anyone read my live blog of the Focus event last week, you'll remember that this obliviousness to the importance of protecting data is widespread, according to Dan Dunkel:
â€œOne major concern is that $200 billion annually in intellectual property theft is occuring. U.S. doesnâ€™t manufacture much anymore. Itâ€™s our technology and intelligence, and itâ€™s getting ripped off by the Chinese, the Russians, the Israelis, the French. Itâ€™s a huge, huge problem.Sure, intellectual theft can happen via hacking, but it can also happen via someone walking off with your laptop. This is why it's not surprising to me that every time I ask about biometrics, integrators tell me they sell most biometric access systems for the protection of data centers and data rooms. The data needs protecting more than anything else the facility. As in, from GCN:
True, breaches caused by hackers can generate huge losses and big headlines. The recent hacking of Heartland Payment Systems Inc. potentially exposed data from hundreds of millions of online transactions a month for an untold number of compromised persons. But donâ€™t ignore the physical risks. One of the largest government data breaches occurred with the 2006 theft of a Veterans Affairs laptop containing records of more than 26 million persons. That incident has cost the VA $20 million in a settling a class action suit.I'm not sure why people are just making this connection now, but it's worth reiterating, so kudos to GCN for putting it out there to their readership.