ELI5: What are Physical Controls?
Physical controls are real-world barriers you can touch — fences, locked doors, security cameras, and guards. They keep people’s bodies out of places they shouldn’t be.
Definition
Physical controls are security measures implemented in the physical world to restrict access to facilities, equipment, and assets. They form the outermost layer of a defense-in-depth strategy, preventing unauthorized physical access that could bypass all technical controls. Physical controls include barriers, access control mechanisms, surveillance, and personnel.
Key Details
- Examples: locks (mechanical, electronic, biometric), fences and bollards (perimeter security), mantraps/vestibules (tailgating prevention), security guards (human judgment), CCTV (surveillance).
- Physical controls address threats that technical controls cannot: theft of hardware, physical tampering with servers, shoulder surfing.
- Should complement administrative and technical controls in a layered defense-in-depth approach.
- CPTED (Crime Prevention Through Environmental Design): A physical security philosophy that uses building design and environment to deter crime.
- Even the best technical security can be defeated by an attacker with physical access to hardware.
Connections
- Parent: defense-in-depth — one of three control types in layered security
- See also: administrative-controls, technical-controls