Building Consensus for a Smarter, Stronger Security Strategy: Insights from the Frontlines

Jun 11, 2024

Shama AmsContent Marketing Manager

The Cloud PhysSec Leader Forum brings together experts from physical security, IT, and cybersecurity to tackle emerging security challenges in unique and engaging settings. At one event, held at Gateway Classic Cars in Dallas, members shared innovative tactics to safeguard people and property. Their focus: harnessing technology responsibly, with clear buy-in from key stakeholders.

Key takeaways

Overcoming the cost hurdle
Bridging the public trust gap
Adopting a multi-layered approach to perimeter security
Adapting to an evolving security landscape

Overcoming the cost hurdle

A recurring challenge highlighted during Forum events has been gaining buy-in from the C-suite for investment in physical security systems and operational measures. Stephanie Mignano, Director of IT Manufacturing Systems at Integer Holdings Corporation — a global leader in medical device manufacturing — shared her insights on how to overcome this cost hurdle.

Recommendation 1: Craft a business case around reducing pain points

To build an effective case for security investment, start with a series of conversations with site operators so you can both understand and articulate their pain points.

Describing the approach of one of her team members, Mignano noted, “...he went in, he got on the floor, he talked to the operators, he understood what are the pain points of the company and of that site and what's going on”.

Conducting internal surveys and becoming a subject matter expert on operational pain points makes it easier to build a strong business case for security investments. Mignano continued, "He [the same team member] was able to put together a really good business case. That's what the aha moment for me was, so that we can start building that for ourselves”.

“He went in, he got on the floor, he talked to the operators, he understood what are the pain points of the company and of that site and what's going on."
Stephanie Mignano, Director of IT Manufacturing Systems at Integer Holdings Company

Recommendation 2: Embrace the power of the pilot

According to Mignano, pilot programs have been the “number one” approach to generating support for new products. She noted that a smaller operational scale and relatively modest initial investment have been key to successfully expanding projects as interest grows across different teams when a system is seen to work.

She noted, "And now they're coming to us asking us, hey, how do I get this new system? How do I roll it out? How do I get this technology? I hear it's great." As the demand for new technologies grows internally, it creates a more robust business case for expansion.

Conducting internal surveys and becoming a subject matter expert on operational pain points makes it easier to build a strong business case for security investments. Describing the same team member, Stephanie remarked, "He was able to put together a really good business case. That's what the aha moment for me was, so that we can start building that for ourselves."

Bridging the public trust gap

Forum members have consistently highlighted the need to embrace innovative, AI-enabled security tools in a lawful and privacy-respecting manner to secure buy-in from the C-suite, employees, customers, and the wider community. Richard Balducci, CISO at Integer Holdings Company — a global leader in medical device manufacturing — outlined his approach to striking this balance.

Building public trust by deterring misuse

There is a public trust gap in AI systems today, particularly around their potential use by government and business. A 2023 KPMG study that tracked public attitudes in 17 different countries found that 61 percent of respondents were wary about trusting AI systems, and one-third of respondents lacked confidence in government and commercial organizations to develop, use, and govern AI.

However, as many Forum members mentioned, AI-enabled security solutions often play a key role in threat detection and proactive mitigation. This is why, as Balducci noted, "We've got to use this technology, but we've got to use it responsibly." To do this, Balducci advocated for strict legal penalties against technology misuse suggesting that, "You've got to make the consequences to those that misuse this technology so severe that other people thinking of doing those things will think twice about it and not abuse it."

Setting visible, functioning, and legally binding boundaries, as Balducci suggests, could be a critical step in overcoming the public trust gap regarding the use of AI technologies in security.

Adopting a multilayered approach to perimeter security

Forum members have stressed the need to mitigate key security risks by building on feedback from site operators. Glenn Master, Head of Asset Protection, Security & Crisis Management at McLane Company — a wholesale retail supply chain distributor — drilled down on specific tactics he’s used to manage security risks at his company.

Understand the risk landscape to secure the perimeter

Among the top physical security risks Master noted were unauthorized access and active shooter threats. To mitigate these risks, he recommended a multi-layered approach consisting of patrolling officers, CCTV, perimeter fencing, and access control systems.

However, as Master acknowledged, "Justifying the upfront cost of physical security can be difficult, even when explaining the potential risks and remediation costs." His advice? "Conduct a thorough risk assessment and work closely with operators to identify their specific security challenges. This can help build a stronger case for C-suite buy-in."

"Conduct a thorough risk assessment and work closely with operators to identify their specific security challenges. This can help build a stronger case for C-suite buy-in."
Glenn Master, Head of Asset Protection, Security & Crisis Management at McLane Company

Adapting to an evolving threat landscape

Forum members have highlighted the need to remain on the front foot of a rapidly evolving threat landscape by adopting technologies that facilitate early detection and mitigation and implementing regular employee training and drills to prepare for emergencies.

Cole Miller, Regional Asset Protection Manager at McLane Company shared his approach to implementing such risk mitigation measures.

Enhance safety through enhanced preparedness

Conducting routine security training and emergency drills for employees can increase vigilance, situational awareness, and emergency preparedness. Miller emphasized the importance of employee safety as a top priority. "The biggest threat we really face is…employee safety."

"An effective security team should always have proper training to deal with threats."
Cole Miller, Regional Asset Protection Manager at McLane Company

To counter these threats, which can range from ex-partners and disgruntled employees to complete strangers, Miller stressed the value of automatic alerts, third-party support, effective access control systems, and regular employee training to address unforeseen events.

"Third-party security can really be a big help along with access control," Miller explained. "An effective security team should always have proper training to deal with these threats."

Gaining buy-in for critical security infrastructure can be a daunting task for security professionals. They must leverage frontline experience to build a compelling business case for innovative solutions at the executive level, while simultaneously assuring broader stakeholders of responsible use. As Forum members have suggested, a systematic, scalable approach to security focused on addressing specific frontline concerns is key to protecting people and property in a privacy-respecting manner.