Protective Security – It’s Not a New Concept

The Difference – It’s Below The Surface

On one level, any difference between the two is difficult to make, but it’s how they are viewed and interpreted by distinct groups that significant divergence occurs.

To establish who those groups might be, the terms Protective Security and Physical Security were searched on Google, with the first one hundred results in each term being taken. (The results excluded sponsored sites and the effect of SEO is accepted).

From the search, two distinct groups were established, as they returned the highest results, IT (software/hardware suppliers, Training, Magazines) and Government (Central and local government, Police, Judiciary and Armed Forces). The results of the search were collated, analysed and are displayed on the graph, Google Search: Protective v Physical Security.

What the graph illustrates, within the context of this survey, is that IT accounts for 45% of all the results for Physical Security and is twice as likely as Government to use the term. The IT bias towards Physical Security is further emphasised by it being more than three times as likely to use the term as opposed to Protective Security.

Behind the numbers and from reading the results, IT sees Physical Security as being a “bricks and mortar” solution. It clearly can’t be judged from this limited research if that view is widespread across any organisation, but the online magazine, CSO online suggests that, “Physical security largely comes down to a couple of core components: Access control and surveillance.” Clearly if that is a common perception, it could severely limit the role that Physical Security plays in securing any organisation.

By contrast, Government is twice as likely to use the term Protective Security, as opposed to Physical Security and this is probably a reflection of how they understand the threats that there are and the response to them. What they are looking to protect is people, information and assets from hostile threat actors, who might wish to harm people, steal information or damage assets, to the detriment of the nation.

The Government response to those threats is integrated through three areas, Personnel Security, Physical Security and Information Security, the definitions of which are set out below. Importantly however, security is brought within a Risk and Governance regime. Although not separated out by Government, Personal Security is here, as it can have little to do with any of the three areas. Personal Security can be reflected through the effects of blackmail, travel or kidnapping all of which are highly sensitive and require specific advice and solutions.

To discover more about Protective Security, please click the link below to be taken to a podcast on Spotify.

Resilience – It’s a Defining Feature

The adaptability of security officers and the introduction, or at least re-purposing of equipment, in response to Covid-19, was highlighted by Perpetuity Research, in their report, as part of the Security Research Initiative, Covid 19 and the implications for the security sector: what happened and what has been and is being learned? July 2021. The report focuses largely on Physical Security and while there are always lessons to be drawn, perhaps Covid 19 was a bit unique. It affected everyone, everywhere and required a collective response, across governments and organisations worldwide to resolve it, the next time organisations could be on their own.

During the pandemic, for example, organisations quickly decanted from their offices and in a practice that continues, not only engaged in home, but hybrid working, which has had a significant impact on how organisations function. Although the physical location remains important, what is being transferred out of the offices are processes and this fundamentally changes the risk and resilience equation. If a Physical Security mindset is adopted, particularly if that is thought about in terms of access control and surveillance, it is unlikely to capture either the depth or breadth of what is required.

Defence in Depth – It’s Not Individual Measures

Security is often discussed as Defence in Depth, that series of measures which encircles protected assets. However, it is not those individual measures that provide security, it is their integration and the synergistic effect that has, which does. This is what is being developed by understanding, Personnel Security, Information Security, Physical Security and Personal Security as separate subject areas but through their synthesis, developing an effective integrated package and referring to it as Protective Security.

Protective Security – A Necessary Change

If security in an organisation is thought about purely in Physical Security terms of security officers or equipment, its role might be limited and its impact difficult to see. Extended supply chains, critical infrastructure operated by third parties, as well as critical suppliers are all outside the perimeter fence, never mind staff working from home, the train or in a cafe, each presents a significant security challenge.

On one level, Physical Security is all consuming, for the suppliers of services and equipment, for operational managers and in itself probably accounts for 80% of the overall security budget. However, at a senior management level, security is more concerned with understanding the organisation, the risks that there are and how security might affect them, resilience and ultimately the delivery of a security product that meets the organisations needs.

Protective Security enables a much wider view to be taken and is not limited to the perimeter fence. It allows the separate security components of, Physical, Personnel, Information and Personal, to be integrated, brought in total, within a risk and governance regime, to the benefit of the organisations concerned.

RedLeaf Consultancy – Advising Clients

RedLeaf Consultancy is a consultancy which is primarily concerned with advising clients on how security might impact on the risks that they have have and from that generating solutions.