Many electronic security manufactures have tools that can use meta-data to analyze business processes, and IoT sensors can alert you to defective equipment or other risks. It is important to capitalize on these types of capabilities and potential synergies across your entire security structure (as well as potential partners) to implement an effective supply chain security program. Disparate and siloed organizational structures who do not capitalize on these macro synergies may eventually appear unnecessarily expensive and inefficient.
As highlighted in a technical paper released by Mitre, the ever-changing strategy of our adversaries involves ‘blended operations that take place through the supply chain, cyber domain, and human elements.’ While the nature of these attacks and their methodologies may be well understood in hindsight, the coordinated effort at all levels to prevent, identify and mitigate them is still evolving. A true risk-based security approach, the report defines, ‘should be viewed as a profit center for the capture of new business rather than a “loss” or an expense harmful to the bottom line.’ While compliance with stringent security standards can be costly, it should not be overlooked in favor of short-term savings and putting future business success or national security in jeopardy.
Moving towards a more collaborative and data driven approach is the logical way forward. The tools and competencies available today are crossing traditional boundaries to be more proactive and preventative rather than reactionary The use of tech enabled tour systems, incident management programs, communication applications, AI software to overlay cameras and access control systems, and remote guarding capabilities,, provide much more than efficient programs, but also enable better data collection, leverage interoperability, and yield higher ROI. Coordinating the use of physical security and technology across organizations to analyze this data, process and utilize that information in collaboration with information security stakeholders increases the ability to mitigate risk throughout the organization.
Successful convergence of information security and physical security departments can present several points of failure, as is the same with any organizational change. While their primary areas of focus are inherently different, there are synergies that can be found in connecting the two and both should be singularly focused on protecting the business across the enterprise. Aligning the larger security mission through a uniformed approach provides valuable and timely insight. Leveraging best practices and a shared services model that assists leadership in evaluating potential IT/security risks associated with business decisions that impact the ability to secure your supply chain. The key takeaway is that this results in doing more, protecting more, and providing a larger value-added service to previously disparate groups such as HR, facilities and IT. Ultimately, evaluating potential risks before significant investments are made. Evolving to a risk management philosophy that incorporates this overarching view of physical, informational, and organizational security on both the internal and supply chain side of our business relationships can be a net positive outcome of increased regulatory scrutiny. It is up to our risk management professionals to pursue this end state and capitalize on inevitable policy changes.