Story image

Interview: Telstra on why the electronic and cyber security worlds must converge

19 Jun 2017

Forget the old ways of managing security. Isolation is a thing of the past - at least when it comes to electronic and cyber security. They are rapidly converging - but how will the two work together?

SecurityBrief spoke to Telstra's Neil Campbell, director of global security solutions. Next month he will be speaking about the convergence of electronic and cyber security at the Security Expo & Conference 2017 in Sydney.

Physical security started as a mechanical, analogue world, where checking locks was a physical task. Now we're in the 21st century, where security is much more of an issue - a central monitoring station can now use a combination of video and electronic door access to keep an eye on controls and access.

"The challenge that these two industries have in converging is how each industry grew up. One started through the internet and the other one started by rattling locks. You have a very different set of capabilities that you almost never find in the same organisation," he explains.

He believes that the two different worlds have collided because technology is making it much easier to do things centrally. The two don't need to be functionally together, they just need to be better aligned. That is part of Telstra's role.

"A managed security service is about ensuring your customer has the right combination of passive and active controls in their network and that you're monitoring them centrally," he says.

"Take electronics security staff for example. If you build using this system and implement this control solution - if and when the IT people are looking at identity, they'll be able to plug into what you've built."

"You're preparing yourself for integration, you're not doing integration as one project. I suspect that will be the path to success for all organisations. It's not to try to bring the two together on a project by project basis, but to make sure they have a strategy where each group considers the others and how they can interoperate in the long run."

Whether it's intrusion prevention or catching fraudulent activity in the act, Campbell cites user behaviour analysis (UBA) as a prime example of how electronic and cyber security meet in the middle.

"If we share data from electronic security systems and cyber security systems, then we see if Peter uses his swipe card in a building in Melbourne and half an hour later logs on to a system in Sydney locally, then we know something's wrong. Either somebody took Peter's card or somebody took Peter's login ID."

"If we add video such as facial recognition to the mix, we know for certain whether that was Peter with his card or not. If it was, then we know the thing that happened in Sydney was out of policy."

"It might be that Peter shares his credentials with somebody because that's a more efficient way to do his job. That's probably against policy so we need to know about it or address it. Or it may be that his credentials have been compromised, in which case we really need to know and do something about it with urgency."

Campbell also says the Internet of Things (IoT) can be a controversial term in the world of electronic security. What those in the industry may call smart devices, they don't necessarily agree those devices are part of the IoT.

"Depending on how they're managed, that may be true. If it's a very isolated system that may be true. But even if it's a small network of smart devices that is communicating over a proprietary protocol - i.e. not internet protocol (IP), it's really a precursor to IoT."

"Even things that you think 'that's analogue', they've become part of IoT. An analogue video camera - if at some point you digitise the signal and make it accessible to an IP network, it's now part of IoT."

When you put electronic security and IoT together, suddenly you have convergence. But you only really need one mindset:

"I don't have to get it perfectly right in one project, I just need to start thinking about interoperability in the long run."

Neil Campbell will be speaking at the ASIAL Conference, part of the Security Exhibition & Conference in Sydney that runs from July 26-28.

He will be further discussing electronic security, cyber security and how they can no longer operate in isolation.

What: The Security Exhibition & Conference 2017
When: July 26-28
Where: International Convention Centre, Sydney
To find out more and secure tickets, visit http://securityexpo.com.au.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.