IoT Marks the Convergence of Physical Security and Cybersecurity

By Kait Hobson
October 1, 2018

Incorporating the internet into the physical world initially began as a slow shift. It has since gained unprecedented momentum with the emergence of the Internet of Things (“IoT”). Multiple “smart” tools with computing capabilities have become smaller and cheaper, resulting in broader availability and utility. Large budgets were required for an industry to computerize a process just a decade ago. Today, it takes far less money and time. Moreover, it’s substantially easier for individuals to perform a majority of daily tasks on the web. All that’s required is a smartphone app and users can control home appliances or set office temperature.

Sophisticated sensors also play a major role in the convergence of physical and digital worlds. New sensor technologies, such as proximity, infrared, image, optical, temperature, smoke, and pressure sensors have surfaced. They facilitate the automation of numerous processes.

Agile software development brought together the devices—the sensors—and the web into a broader ecosystem that includes more vulnerable access points. In terms of security, the boundary between the physical and the cyber world is getting thinner.

Why Pay Attention to This Convergence?

Responsible IT personnel are justifiably concerned about new security challenges developing in the interconnected grid of physical devices. Multiple IT roles play a part in addressing the weaknesses. Hackers have more ways than ever to locate vulnerabilities in IoT devices.

A strong emphasis on IoT cybersecurity expertise arose recently due to the proliferation of enterprise applications and cloud-based platforms. Their practical application blurs the line between what’s required (security-wise) from a CIO, an internal IT security manager, a cybersecurity expert, a cloud service vendor, and an IoT solutions provider. Who is ultimately responsible and for which portions of the overall system of systems that is IoT? If a company deploys an IoT solution, do they also need to hire an IoT cybersecurity expert?

Traditional roles may become clearer and new security roles may develop as a result of the IoT revolution. Nonetheless, everyone included in the process must bear a certain portion of the responsibility for tightening security. Physical and digital security are integral to corporate security policies. And with the dawn of IoT, a binary distinction between physical and digital security is virtually impossible. All securitization procedures concern both physical and digital processes and spaces.

How is IoT Cybersecurity an Overall Security Challenge?

Smart devices offer ample opportunities to simplify business processes. They also expose new weaknesses in those same processes. If an intruder has more touchpoints to access a security ecosystem—encompassing both physical and digital objects—the risk grows exponentially as the number of connected devices, apps, and sensors increases.

The result is a much messier definition of security in a world of interconnected systems. If you think of IoT as one big system of systems, within which thousands of intersections are formed as new devices, users and apps are added, it’s easy to imagine the implications of a single security failure—e.g. a DDOS attack. Chain reactions—think botnets—occur.

Strengthening Security With IoT

If used in an efficient way, however, the multiple vulnerability points IoT exposes could also become a source of strength. Security participants in the IoT ecosystem can play a role by using these connectivity points to solve the real-world problems of members who communicate over the network. In this way, IoT is creating growth opportunities.

The main task confronting responsible IT security providers is to create barriers and checkpoints between the newly-converged physical and cyber worlds. You can now find many providers of combined security solutions that pay attention to both aspects.

If we can overcome these inherent IoT cybersecurity challenges, then the sky is the limit. The logistics industry is using asset tracking in the logistics management lifecycle to cut down on costs and amplify labor potential. Automotive industries have improved engines and other vehicle parts and accessories by tracking their performance in the overall system.

Real estate and facility management companies have automated building management. They’ve reduced maintenance and operational costs by implementing IoT solutions. Drones are used to improve citizen safety by accessing dangerous areas.

These are just a few examples of how IoT can be used to overcome current enterprise problems. Since we’re not moving back in time to isolated security environments, we must look strategically into a future of making IoT work for enterprise growth rather than against it.

5d08d831370a895c58eec465
template-9
container

Phone-based systems are not just a small-business solution. CEO of Kisi, Bernhard Mehl, comments: “If you see the average of three doors connected then that might seem low but, in reality, one door relates to around 50 employees—so those are locations with about 150 people on average, including satellite offices. That’s quite significant.”

Mobile Access Control Adoption by Industry

Kisi examined which industries are investing the most in mobile access control technology. To do so, the average size of mobile access control installation projects by industry were measured. Commercial real estate topped the list with 23.5 doors running mobile access per facility. Education management came in last with 1.0 door running mobile access per facility. 

Physical Security Statistics: Mobile Access by Industry


The number of shooting incidents at K-12 schools, according to the CHDS, reached an all-time high at 97 incidents in 2018—compared to 44 in 2017. Cloud-based access control companies, like Kisi, offer a lockdown feature for active shooter situations or emergencies, making it an effective protective layer for places that are targeted, such as religious institutions, which come in near the top of the list with 4.0 doors running mobile access per facility. 

Based on industry size, it makes sense that commercial real estate tops the list, with 23.5 doors running mobile access per facility. Cloud-based access control enables these larger organizations to scale more seamlessly and allows large organizations, like telecommunications, to deploy the most manageable IT solutions available, eliminating the need to create and manage a business’s own IT infrastructure over time.

“Commercial real estate is, of course, the driver of mobile adoption since they have the largest buildings,” Mehl adds. “The key here is to show that mobile-first technologies are not a risk but an innovation that brings positive ROI and allows agencies to reposition their buildings as forward-thinking establishments.”

The scalabelilty and ease of use in onboarding an organization allows many different types of industries and businesses of different sizes to adapt a cloud-based access control system, either using keycard or mobile credentials for access. 


Mobile Access Control by State

Looking specifically at the United States, Kisi analyzed in which states companies are investing the most into upgrading to smartphone-enabled access systems. Of the currently installed base of access control readers, around 20 percent will be mobile capable by 2022, according to a recent IHS report. Cloud-based systems, like Kisi, are future-proof—allowing over-the-air updates in real time and unlimited scalability for users.


“Mobile unlock technology makes you think of the major tech hubs like New York, San Francisco or Los Angeles,” Mehl adds. “Looking at which states have the largest projects, it’s surprising and refreshing that those are not the typical ‘tech cities, and yet that’s where access control technology really makes an impact.” The fact that the largest projects are seen in states outside of the typical tech startup landscape is evidence that mobile access control is highly applicable across industry sectors.


For further questions about this study, reach out to Kait Hobson (kait@getkisi.com)

Kait Hobson

Workplace Innovation

Stay updated with Kisi about news and feature releases

Free access to our best guides, industry insights and more

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Access Control Technologies
Useful Resources
Features