In any business, security duties and responsibilities may be spread between different departments to fulfill different needs. The physical security, IT, compliance and facilities departments all may have different responsibilities falling under the heading of ‘security’ to protect employees, assets and company data. While physical security helps keep potential threats at bay by controlling access and surveilling the facility, IT protects the network and servers from hacking, and facilities makes sure that the building itself is maintained and doesn’t pose any risks.
Prevention has always been a goal for security; proactively averting threats to the business reduces the need for response and remediation and is a the most desirable risk management model for any organization. With today’s technology, IT can install firewalls on the network, while physical security could implement facial recognition software to prevent former employees from entering the building. Compliance regulations ensure that all departments meet standards for protection and prevention.
Every department in an organization that manages some aspect of security has a stake in becoming prevention-focused, yet often the process is not centralized or integrated between departments. This siloeing of preventative measures can be extremely harmful to security efforts across departments.
Removing siloes can bring about better communication and better workflows across an entire business. If your IT team is looking at replacing or upgrading network equipment, bringing the physical security team into the process is not only helpful, it’s essential—as many physical security systems now run on IP networks, changes in IT can often have effects on the physical security team’s devices. If a Power over Ethernet (PoE) switch becomes overloaded due to a network upgrade, for example, it may cause stress on the access control or video surveillance system, leading to loss of data or temporary malfunction of devices. Risk and audit teams can be a major asset to other departments by communicating with them about possible vulnerabilities and how to assess and manage them, which can lead to ultimately reducing the number of audits and making those that occur much more efficient. If physical security is kept regularly updated by facilities operations, it will be easier for them to determine what locations are important, require updated security procedures, or need higher levels of security overall.
There are many ways to be proactive about prevention across departments. Determining QA metrics and sharing them throughout your business can help to ensure everyone is on the same page, as can consistent tracking of performance across these metrics and determining quality of service capabilities for each department. Automation can also be an aid—automated verification of systems’ functioning combined with communication between departments creates efficient visibility of any issues that may crop up and easily disseminates them across all the departments that may need to be notified. If information is easily shareable, it is more easily acted upon by anyone attempting to prevent issues.
Security has come a long way from patrols and guard dogs, but the increase in reliance on technology has sometimes led to separation of responsibilities in a way that causes problems to arise. Preventative security measures should be shared between departments to ensure that they are efficiently put into place and that best practices can be easily enacted to increase the safety of all employees, assets, visitors, facilities, and data.