Safety vs. security – what’s the difference?
Thousands of cyberattacks on businesses every day have raised the topic of IT security to the top of the agenda. But we keep noticing two terms that are often confused with each other: Security and safety. What’s the difference?
- Security and safety are often mentioned in connection with IT and OT operations. However, they are not synonymous.
- Security primarily addresses the protection of IT and OT systems and information against unauthorized access and data misuse. It is about logical security.
- Safety is more about protecting data and information from physical loss through accident or disaster.
Industry 4.0 not only refers to the convergence of classic IT, operational technology (OT) and industrial, computer-controlled IT systems, it’s resulted in convergent meanings of computing-related security and safety. But it’s important to recognize that security and safety are not interchangeable terms. Clarifying their meanings in context matters for more than semantic or academic reasons, rather, it helps provide a better understanding of each in practical ways.
Security is an essential part of every IT environment and system. This usually involves protecting hardware, applications and intellectual property from:
- unauthorized access to sensitive information, systems and solutions
- unauthorized disclosure of business information and data
- unauthorized use of proprietary information, systems and solutions
Information can be technical know-how, processes, production methods or software source code, and much more. Confidentiality and data protection play an important role here. Securing information involves common practices such as software updates, vulnerability scanning, strong passwords, multi-factor and biometric authentication, and so on. All of that falls under the metaphorical security umbrella.
Safety, on the other hand, means protection against accidental loss or mishandling in more physical terms. This entails safeguarding information, data or solutions against catastrophes such as flood or fire. One example is a backup solution that is geographically separated from the production system.
A striking example of the difference between security and safety comes from outside the IT world stemming from a 2008 fire at Universal Studios near Los Angeles. A 2019 story in The New York Times titled, “The Day the Music Burned,” asserted that the fire destroyed between 118,000 and 175,000 original, primary source, master audio recordings of almost 900 of the best-known or most important popular musicians of modern times dating back to the early 1900s. The Universal Music Group and some of the affected artists disputed those figures but a large number of recordings – some historic and irreplaceable – were lost. While the UMG music archives were located in a secure facility, their safety was compromised.
It’s not a matter of favoring either security or safety. Reliable operations are needed for both IT and OT. Each must be protected from unauthorized access using measures such as:
- continuous monitoring of systems to detect unusual activities at an early stage.
- regular updating of all IT and OT systems to close security gaps quickly and automatically with Unified Endpoint Management (UEM) solutions.
- consistent enforcement of policies governing configuration and maintenance of applications, devices and access rights. UEM also helps a lot here.
- regular and current backups for all IT and OT data and applications.
The increased use of mobile devices and portable storage devices like USB drives requires measures for both security and safety. Systems and data must absolutely be secured with a strong
password and encrypted with tools such as BitLocker. Otherwise, a safety issue like a lost or stolen laptop quickly becomes a security problem.
Ultimately, only when both aspects of protection are in place can companies ensure that their IT and OT environments are in fact secure and safe.
Learn how the baramundi Management Suite enables efficient and comprehensive security and safety with centralized management of data encryption and malware protection, device access control and software updates.