Physical security is the foundation for all computer security. The saying is, “No physical security equals no security.” Although there are arguable exceptions to this rule, it is virtually always true. Without strong physical security, no computer security control should be considered adequate.
If an attacker has logical (network) or even keyboard/mouse access to a computer, their interactions are limited by the OS and other security controls that are probably in place. Factors such as configuration management, malware scanners and access control can continue to hinder this attacker.
But once the attacker has access to the physical computer the situation changes. Intruders can now compromise data on the hard drive, replacing the OS or application software with his own software. He can manipulate the configuration of the OS or security applications. The attacker can even install hardware-based keystroke loggers or other security-defeating mechanisms.
It is crucial to the security of your assets that you protect them from an attacker’s physical access. This is true for all of your assets such as servers, clients and mobile computers, as well as other assets such as employees and buildings.