Physical versus Virtual Security

Physical versus Virtual SecurityI just finished reading For the Win, the latest book by Cory Doctorow, that made me think long and hard about the way we look at physical and virtual or electronic worlds.  The story is about a group of people who play massively multiplayer online games (MMO or MMOG) and how their virtual worlds collide with the real world.  The games are run by major corporations and the players are from all over the world.  Many of the players play from Internet cafes. some from their homes, some from work and many from wherever they can get onto the Internet.

In the story, people in the the virtual worlds collect gold or other treasure to advance inside the games.  There is a market outside the games to sell these virtual goods, so that players don’t have to spend the hours needed to advance on their own.  This clash of virtual and real worlds is similar to the way we work today.  When I create a document, I am creating something virtual, since it’s just bits somewhere.  If I print it, the piece of paper I hold in my hand is physical.  If I’m on my laptop, that is physical to me, but if I’m connected to Facebook or, that seems virtual. 

Think about how you move back and forth between the physical and virtual worlds.  Sending email, posting Twitter updates, or entering information into your SaaS application is all virtual.  Managing your physical devices, printing documents, storing them and shredding them is all physical.

Most organizations have internal networks where they run application and file servers.  People access the applications and files with desktops, laptops and mobile devices and we print documents out on network printers.  We restrict access to the applications and devices through firewalls and other tools to keep the bad guys out.  This helps to protect and control information in the electronic or virtual world.

But what about the physical world?  Does your organization manage physical documents the same way it manages your computers and electronic documents? 

Documents are typically in one of three states: at rest, in motion or in use.  If an electronic document is at rest, it’s on a hard drive or removable piece of media.  If a physical document is at rest, it’s in a filing cabinet, sitting on your desk or inside someone’s briefcase.  If an electronic document is in motion, it’s being emailed to someone or otherwise transmitted through a network.  If a physical document is in motion, it’s being printed out or being sent through FedEx or other service.  If an electronic document is in use, someone is reading or editing it on a computer.  The same goes for a physical document, except that it’s on paper.

Your IT department has policies, rules and technologies in place to make sure that only authorized users and systems access your network.  That’s important, but they need to think about the physical security of documents too.  Here are a few questions to ask?

  1. Do you lock your filing cabinets when they are not in use?
  2. If you store files in a room, is the room locked?
  3. Do you track who takes files out of the rooms and cabinets?
  4. Do you shred documents once they are no longer needed?
  5. Can anyone grab a printed document from the output tray on your printers?


The lines of the physical and virtual worlds continue to blur as it becomes easier to access information from any device and print it.  Information is constantly moving from the virtual world to the physical world and back again as people create, print, scan and move information around. 

Make sure you pay as much attention to access of your physical information as you do to accessing your electronic or virtual information.  Having my laptop and its contents secured is useless if I print a confidential document and leave it on the printer for anyone to take.


Photo credit spablab

Book a meeting