Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to your network equipment and server racks.

You can invest thousands in your server room or datacenter. You can configure your firewalls properly and encrypt your VoIP traffic. You can do all of this, but an attacker can circumvent all of those measures by slipping into your company unnoticed and approaching your hardware directly. Locks, safes, and alarm systems provide some measure of protection... but only if they are selected and implemented wisely. Otherwise, they are mere speed bumps that can slow an attacker down slightly, but not act as a significant obstacle preventing them from accessing your sensitive data.

The CORE Group is a consulting outfit dedicated to specifically addressing the non-digital security needs of companies large and small. While the bulk of a typical corporation's security budget is spent on web application security and software scans, it is a very wise decision to also direct some resources towards the assessment of your physical facility. After all, attackers do not confine themselves simply to the parts of your operation with the strongest fortifications. If you spend all of your money on firewalls and an electronic IDS system a potential intruder isn't going to match your time and investment... they are simply going to try another path of access!

As one of our clients stated when we presented an after-action report to his company, "You just showed me more about our security vulnerabilities in one hour than we've learned in the past year... and it cost us less than an entire week of digital penetration testing!" His pleasure only increased when we demonstrated how he could fix the problems for a fraction of his overall security budget. "Making minor effective changes has increased our security posture more than a million dollar investment in new IT resources could have," was the CFO's shocked response.