Archive for May, 2009

CPTED – Physical Security

Sunday, 10 May, 2009

This month, I’d like to discuss a topic that is somewhat being set aside when talking about security – Physical Security. We all know and agree that the physical aspect of security is as important as any facets of security, be it technical or logical, and administrative.

As a security professional, we should be very aware and concerned that the security we protect, such as critcal data and confidential information through the technology like firewall, DLP, IDP, and the like can as easily be compromised as someone stealing the physical server, damaged by natural or environmental calamities, or broken by infrastructure faults. So, physical security must not be ignored and should also be incorporated in the security policies as well as included in any security discussions.

Physical security must be implemented based on the model of a layered defense. The idea is, before unauthorized entity can access the valuable asset, they should go through layers of layers of physical barriers before reaching the spot. If one of the layers fails, the others will protect the asset. So layers of defense should move from the perimeter towards the asset.

I am a firm believer that security should not be a patched-approach, rather, it should be part of the architecture. Similar to software applications, I believe that one of the best ways to stay secure is to develop the program as error-, flaw-free. This way, we don’t have to worry about patching it and afraid of getting compromised by its vulnerabilities. Of course, it is not a perfect world, and that is why as much as we can, security should begin at the very start of the design.

Physical security is not exempted. The CPTED (Crime Prevention Through Environmental Design) is a discipline that structures the proper architectural design of a physical environment to reduce crime by directly affecting human behaviors and activities. The CPTED concept has been around since the 1960s. It provides guidance in loss and crime prevention through proper construction of buildings and the arrangement of environmental components.

CPTED elements

CPTED Key Concepts

So the idea of CPTED is before even the construction of a facility, it then address the landscaping, entrances, exits, neighborhood layouts, access roads and freeways, lightnings, and traffic patterns. It also puts into consideration the placement of offices, lobby, restrooms, campuses surrounding, and even up to the scale of the wider scope of the city. As you can imagine, before a facility is built, the security is already put in consideration. Putting the proper landscaping should deter intruders, or building the right height of fence or correct placement of lightnings should stop unauthorized people. Another good example is to architect the built of a data center to be located at the center of the facility so that the walls will protect it from any damages from outside.

Read the rest of this entry »