Best Practices for Physical Security Devices

Physical security devices are an integral component of a corporate physical security program. These devices ensure not only the security of buildings and operations but also the safety of an organization’s people. With a growing range of IP-connected devices—including perimeter security, physical access control systems, doors and locks, mantraps and turnstiles, emergency push buttons, CCTV, and visitor management systems—security practitioners need to be thoughtful in how they install, deploy, and manage these devices.

To effectively deter, detect, delay, and respond to threats, interconnected physical security devices require a robust and integrated technical infrastructure, including networks, switches, and storage solutions. For effective continuity of operations, a lifecycle management framework helps manage health, configuration, and security to minimize technical disruptions and ensure proper cyber protection.

This article discusses physical security devices and recommends best practices for implementing and managing them to protect against physical and cyber threats.

Summary of key best practices for physical security devices

Your single pane of glass for enterprise physical security management

Learn More

• 

  Monitor the health of physical security devices and receive alerts in real-time 

• 

  Automate firmware upgrades, password rotations & certificate management 

• 

  Generate ad hoc and scheduled compliance reports

Develop a layered and robust physical security defense

An effective physical security defense will use layered, tiered, and overlapping physical security devices to mitigate and respond to threats. Within a multi-modal security device environment, it will be essential for security programs to incorporate effective device management approaches to ensure operational readiness.

The five Ds of physical security

The figure below illustrates what are sometimes called the “5 Ds” of physical security:

• Deter: Visible barriers, technology, and/or personnel to prevent an incident before it occurs
• Detect: Systems that allow early and/or real-time alerting that an incident is occurring
• Deny: Physical barriers that prevent an attacker from accessing a facility
• Delay: Barriers, doors, and other hardware that slow down an attacker
• Defend: Active measures, such as security officers, that respond to an incident in progress

Perimeter defense, physical access control, CCTV systems, intrusion detection systems, and lighting all work together to create concentric layers of security. (source)

Assess your organization’s optimal physical security design

The design, layout, and implementation of physical security devices should be driven by the organization, its operating environment, and the threats it faces. Security practitioners should avoid using a one-size-fits-all approach and implement tailored and customized strategies.

Here are some security assessment questions to consider:

• What are our vulnerabilities, what is the frequency of threats we face, and what are the likely impacts from threat actors?
• What is our operating environment? 
• What is the security culture of the organization?
• Is there organizational buy-in?

For example, mantraps are generally considered the gold standard for controlling entry into an area, but they are ill-suited for an office lobby where directional flow and access outweigh the need for greater verification. 

An overlooked consideration is the importance of conducting penetration testing to ensure that security technology, processes, and people are operating in sync. This validation testing can be as simple as asking a security officer to try to gain unauthorized access to a building or as complex as having a third-party assessor that will conduct open-source intelligence gathering, on-site reconnaissance, and social engineering to try to penetrate the facility. Regardless of the methodology, it is important that security practitioners assess and remediate deficiencies. 

Continually reassess for new physical security devices

Physical security technology programs should incorporate innovation as a necessary and needed component of a well-run program. Security programs should regularly reassess their risk management standards, the needs of the business, and the effectiveness of their current security devices and deployments. 

Start with the basics, by asking “What problem am I actually solving for?” Before adding any new security devices, security practitioners should take a measured approach that ensures that they are actually solving a problem as opposed to just adding layers of complexity.

With the proliferation of interconnected physical security devices, corporate physical security programs must consider the necessity of a device management system. This system can replace the need for manual updates, patching, and siloed device management. By streamlining device monitoring, security practitioners can better ensure operational continuity and resilience.

Implement active perimeter defenses 

Technologically advanced physical security programs are redefining the concept of passive perimeter defenses. Physical security devices are now allowing static defenses to become active, sensing, and smart.

Automate with smart physical controls

Intelligent perimeter defenses now include sensors, cameras, and automated decision-making systems, which are giving physical security practitioners better options for creating concentric layers of security. These solutions can augment or even replace security officers by identifying vehicles that are allowed, authenticating individuals that are permitted entry, and providing flexible and dynamic responses to different situations.

Here are some examples:

• Automated smart gates should be integrated with card readers, biometric scanners, or license plate readers and ideally positioned as the first layer of security to authenticate individuals and/or vehicles.
• Automated smart bollards should be integrated with license plate readers and placed in areas with the potential for high vehicular traffic to reduce the risk of ramming attacks or accidental injury to pedestrians.
• Automated smart mantraps need to be integrated with CCTV and sensors to authenticate users and provide multi-layer verification for accountability.

Implement real-time detection with sensor-integrated fencing

Smart fencing integrating intelligent CCTV technology, vibration/motion sensors, and real-time smart monitoring can turn a passive deterrent into an intelligent threat detection system. Unlike traditional perimeter fencing that serves only as a deterrent, the next generation of smart fencing can help distinguish between genuine threats or nuisance alerts. Smart fencing creates a more robust and tailored layer of defense, reducing the need for guards to conduct exterior patrols and freeing them up to provide better incident response. 

While smart fencing is an integral part of an effective layered physical security defense, these questions should be considered before installation, primarily due to the cost:

• Does the facility or location need high-security smart fencing?
• Does the addition of high security fencing raise the risk profile of the location?
• Does the security team have an adequate ongoing OPEX budget for fence maintenance?
• Does the installation of high security fencing have any environmental and/or code compliance that might impede or delay construction?

Smart fencing in action: Sensors, cameras, and sirens detect a perimeter breach, while an intelligent platform monitors the devices behind the scenes. (source)

Add physical security infrastructure monitoring

With the addition of smart physical security controls and fencing, it will be increasingly necessary for organizations to monitor and manage all of these physical security devices in a single, easy-to-use, cloud-based environment. Instead of using multiple on-premises servers or fragmented systems from each device manufacturer, a unified dashboard system allows security teams to have all their information in one place. A unified platform also helps reduce cost and complexity by ensuring that cyber anomalies, issues, or alerts are centrally configured and pushed directly to the eyes of the appropriate teams.

Securithings device management provides a unified dashboard for alerts. (source)

Deploy flexible physical access control technology 

Organizations should reevaluate their physical access control needs. With greater availability of biometric and multi-authentication systems, security practitioners now have a greater choice in customizing a purpose-built system for their organizations.

Use open-architecture physical access control technology

Open-architecture physical access control systems offer greater flexibility, scalability, and value than proprietary, closed systems. Most organizations will benefit from interoperable and plug-and-play systems that can mix multiple vendors, add new technology, and adapt to new systems without having to implement a full replacement program. If the business needs change, open-architecture systems allow the physical access control system to better adapt to changes in locations, users, and the availability of technology while also reducing the dependency on a single vendor or system.

Make a business case for open-architecture access control 

While the benefits of an open-architecture system are evident to security, it is important for security practitioners to get buy-in and support from across the organization. Security practitioners should have a business case prepared to highlight their needs.

Highlight the current challenges:

• Proprietary, closed systems lock the organization into specific vendors, designs, and hardware.
• There can be limited integration opportunities for access/authentication management, visitor management, CCTV, and other sensor-based technology.
• Managing and adapting to the threat landscape is costly and time-consuming.

Highlight the benefits of an open architecture system:

• Interoperability/cost-effectiveness: The system can use a mix-and-match technology to better suit the security needs of the organization.
• Scalability/future-proofing: The system can expand to new sites more effectively, as there is no “requirement” to be locked into a specific vendor or system.
• Cybersecurity: Newer systems are engineered with cybersecurity in mind.
• Operational efficiency: The system can be monitored and triaged from a central location instead of multiple on-premises environments.

Implement device management systems for monitoring systems

Open-architecture physical access control provides measurable benefits but must be paired with an effective cloud-based monitoring system. The inherent traits that make the system user-friendly and ready to use can also introduce cyber risks if the diverse systems of hardware/software are not installed, configured, and updated regularly. Because the system can use multiple vendors, hardware configurations, and technologies, security practitioners must use a platform to centralize data, standardize alert monitoring, and maintain consistent hardware/software updates across their operational environment. By providing continuous monitoring, real-time updates, and automated patching, a cloud management system can limit administrative and technical burden, but also ensure operational continuity and resilience.

Securithing monitoring systems provide an effective cloud-based system for monitoring multiple devices and configurations. (source)

Use next-generation CCTV technology

Next-generation smart CCTV and intelligent video management systems (VMSes) are creating better and more integrated platforms, providing real-time alerts, facial recognition, and new capabilities instead of solely recording footage. Adding CCTV security devices to an organization still requires a clear understanding of the business and its threats.

Implement smart CCTV technology

CCTV has moved beyond the traditional ability to view and record. New smart CCTV systems are combining advanced edge analytics with motion, facial, and gait detection to provide faster real-time alerts. These advancements in security technology—such as facial recognition or weapons detection—allow security practitioners more robust tools to better predict and respond to incidents.

Here are some specific steps that can help when implementing or integrating new CCTV technology:

• Assess your organization’s security objectives: Determine whether smart CCTV will be used for security, safety, or a combination.
• Deploy edge-enabled CCTV technology: Use cloud-based edge-enabled cameras that allow for faster processing and better detection capabilities.
• Integrate with IoT and other systems: Use CCTV systems that can be integrated with other security systems.
• Deploy advanced video analytics: Implement data analytics to reduce manual review and provide faster incident investigations and root cause analysis.

VMS platforms record, manage, and analyze video, while SecuriThings monitors and secures the physical security devices behind those streams.

Conduct a site feasibility assessment for CCTV placement

As security practitioners install and update the latest generation of CCTV technology, they should remember that weather, building layout/design, and field of view are still important for ensuring optimal coverage. Do the following:

• Define the purpose/intent of the CCTV placement. Is the CCTV being installed for deterrence, investigation, compliance, safety, operations, etc? 
• Collect site materials, including floor plans, site maps, and any other documentation to have a high-level understanding of the location.
• Engage with site leadership to understand any non-obvious risks, specific/non-standard use of rooms or locations.
• Identify critical areas, like entrances, exits, elevator lobbies, server rooms, or other high-value or critical areas.
• Conduct procedural review to determine how new smart CCTV will be integrated with existing policies and procedures for maximum effectiveness.

Ensure compliance with data privacy rights

Protecting privacy, data rights, and video accessibility while adhering to two-party/all-party consent for audio recordings of CCTV footage should be an essential consideration when installing and/or updating CCTV systems. Organizations should clearly communicate where CCTV is placed and what it is used for. They should also specify that data is collected only for business/security reasons and access and usage are restricted through training, user identification, and role-based access management. 

Security practitioners should partner with their legal/compliance stakeholders to conduct a data protection risk assessment to identify risks, ensure that CCTV/VMS meet information technology standards, implement appropriate monitoring technology to ensure operational continuity, and ensure that security staff are adequately trained on proper usage.

Integrate physical intrusion detection systems with other security devices

New smart physical intrusion detection systems are providing security teams with greater contextual analysis and insight with their alerts. Unlike prior alerts that might only say “glass break,” newer systems are providing video review and analysis to aid in root cause analysis. 

Deploy smart physical intrusion detection technology

Smart physical intrusion detection systems (IDSes) use some combination of heat, motion, sound, and pressure to trigger an alarm response. Unlike prior iterations of IDSes that did not provide contextual analysis, technical advancements are now allowing users to filter out “false positives” and provide real-time responses that include integrated CCTV feeds and auto-locking door capabilities. 

Integrate environmental and IoT alarm monitoring

Physical security devices are moving beyond just monitoring for breaches or intrusions. As modern physical security programs evolve, security practitioners are now being tasked with monitoring for heat, temperature, smoke, water, equipment usage, or outages. Before security practitioners agree to undertake additional responsibilities, they should conduct an assessment of their capabilities.

Here are some areas to look at:

• Freezer/cooler alarms: What are the expectations for the security officer who responds, and are they expected to take any immediate/direct action that might increase their liability?
• Water leaks: Do security officers know where the control panels or post indicator valves (PIVs) are located? 
• Smoke detection: Do security officers immediately notify emergency responders, or are there any internal protocols (for example, in manufacturing or biotechnology sites) that need to be followed?
• Equipment malfunction and/or misuse: Who is ultimately responsible for the equipment?

Use security lighting as a cost-effective deterrent 

Security lighting is an underutilized physical security device that security practitioners might not always think about. As part of an effective overall corporate physical security strategy, security lighting should be regularly assessed. 

Integrate intelligent security lighting

Well-placed motion-activated and sensor-equipped security lighting can provide effective deterrence while minimizing electricity costs. Consider these options:

• Pole-mounted lights: Best suited for parking lots or large open spaces to provide a continuous standard level of lighting; can provide for indirect illumination for CCTV.
• Wall packs: Best attached directly to a building to cover walkways and pedestrian areas, and can provide more direct illumination for CCTV.
• Flood lights: Best suited for parking lots or large open spaces. When they are controlled by timers, the changing light levels can make CCTV footage harder to interpret.
• Infrared lighting: Best suited for areas that require night CCTV coverage; may be used with traditional lighting as a deterrent.

Physical security lighting review

Annual lighting surveys can help evaluate whether illumination levels support deterrence, camera visibility, and overall safety. A physical security lighting review should check lux measurements, uniformity ratios, and follow a zoning/grid method. 

Here are some specific practices for a lighting survey:

• Define or identify high-risk and/or critical areas.
• Conduct an overall survey of the area and use a structured, grid-like approach to ensure consistency.
• Conduct a lighting survey at dusk or low light for best results, and use standardized height measurements.
• Assess areas of low light for impact on pedestrian safety or CCTV visibility.
• Identify brownouts, burnouts, and/or technical issues with existing lighting.

Last thoughts

Physical security devices play an essential role in mitigating risks to an organization and ensuring the safety/security of persons, assets, and operations. The next generation of smart physical security devices offers more integration capabilities, greater functionality, and better response capabilities for security teams to make more informed decisions.

Adopting and adapting various security devices and technologies requires a centralized platform for management. Physical security teams should ensure that they are implementing not only security technology but also the backend infrastructure and processes to ensure that security devices are operationally resilient.