Phygital Security: How To Achieve It?
Phygital Security: Security can no longer be just physical or just digital. By force of circumstances, also due to the pandemic and the consequent forced “digitization” to which almost all of us have been forced, we are now talking about “phygital” as regards security, with all the consequences of the case, first of all, the fear, and the very concrete possibility, of attacks by hackers and cybercriminals of all kinds and with all the specializations of the case.
In the last issue of resolution magazine, we have dedicated ample space precisely to the issue of integration, now mandatory, between traditional physical security and the most modern digital security, interviewing the main players in the sector to understand not only the air that pulls but what, in practice, the needs are and the needs of those who have been working on this market for some time, in order to better respond to the ever-changing demands of the end user.
The opening round table of the solution forum 2022 was also dedicated to the theme “Physical security, logical security, and privacy: are we starting from Covid?” and it has aroused considerable interest, a sign that the question, more than actual, is now imperative, because without this integration there cannot be security tout court. In this article, we want to summarize what they said,
How it comes out
The first request of the operators in the sector, reaffirmed more or less by everyone, is to seek as soon as possible an agreement, a pact, between producers, integrators, and users to create truly cyber-proof devices always continuously updated. Whether it is a dream or a utopia (given that products that are completely “safe” in this respect, as happens with cell phones or computers, get old during the journey we take to take them home), one cannot fail to try., as crime never lags behind.
The penetration tests that are performed in the real-time show, in fact, that digital security is never static but very dynamic. It is essential that starting from the end-user, the maintenance technician and the integrator are asked to include continuously updating the devices among the services offered.
At this point, producers have to adapt so as not to be cut off from the market. Precisely for this reason, it would also be desirable, our experts say, a truly “super parts” certification issued by a third-party body concerning the market players to guarantee the impartiality and correctness that are truly fundamental: in this case, in fact, it is too risky to rely on “do it yourself,” and the certifications issued by individual producers are not always unique and uniform. Another aspect not to be overlooked is that the firmware package of the devices is always aligned with the latest cybersecurity solutions: we could hypothesize a periodic update, as already happens, for example, with computers or mobile phones, which could perhaps be made mandatory.
Cyber secure by design
Starting from the very origins, many manufacturers already adopt what is called “safety by design,” Which is already in the design phase of the device: this is the case, for example, of numerous IP cameras that contain signing or an integrated firewall which, in the event of trivial errors in entering the security passwords, in any case, allows only subjects to enter “Authorized” or, again, the disabling of unnecessary ports and services.
A need, that of “security & privacy by design”, which today has become one of the first requests of the end user. Many manufacturers, then, provide a series of courses, obviously online during the pandemic but recently also in the present, with a final exam, in which, thanks to the special configuration tools, it is possible to check the level of vulnerability of the devices. Others have created a real network of qualified and always up-to-date partners precisely in terms of protection and cybersecurity.
Some argue, however, that the customers themselves should choose what level of safety to adopt, independently and according to the type of application installed, because, in this case, the too generalized “plug & play” can be at the expense of safety. some data.
And we conclude with the actuality. The coronavirus was a significant discriminator between those who were prepared for integrated management of physical and logical security and those who were not: an example for all is that of smart working. If you work with sensitive data (and today, which ones are not?) It is essential that they cannot simply pass through the always too large meshes of the “normal” web because hackers would really have too easy a life to snatch them.
Let’s take a very simple example. Mobile banking: during the various lockdowns, the credit institutions were also closed, and, therefore, the management of financial flows was entirely online. But the question arises: did all banks employees have the same security systems at home as the office network?
One figure that came up with preponderance during the pandemic: was the security manager. Who has become a real “director” to guarantee the safety of workers who could not carry out their tasks in smart working and, simultaneously, offer customers the continuity of services? All are trying to combine physical, logical, and, we can add, health security so that unwelcome people could not enter, sensitive data out, and, not secondary, also closing all possible doors to the virus.
What do we carry with us after more than a year of lockdowns, timid reopening, and new lockouts? Well, certainly the awareness that, by now, physical and digital security must become not only a single word but a single integrated reality. The road ahead is certainly not all straight,