There is an opportunity within physical security today to embrace digitalisation and benefit from the utilisation of cloud technologies, [as discussed in our earlier blog]. Moving to cloud-based platforms and services can both improve the ability of surveillance cameras, access control and other security systems to protect and secure premises and staff, and at the same time, deliver increased value to other areas of the business.
In order for this to happen, current security endpoints such as video cameras and card or fingerprint scanners, need to become part of the internet of things (IoT). The ability to gather security data in the cloud and use it for real time automation and decision making relies on network connectivity to allow effective communication between the multiple security devices in operation.
What benefits do you think there would be/are to your organisation utilising IoT?
What benefits do you think there would be/are to your organisation utilising AI?
When implementing a new physical security solution, however, it’s vital that a customer can trust its cybersecurity features too. A system that is built without following the principle of Secure by Default[1] puts a company at unnecessary risk. But how do we evaluate whether or not a security partner is up to speed?
Bringing network connectivity into physical security can, understandably, make businesses nervous. It’s not unusual to hear organisations voice the concern that by doing so, a cybersecurity breach could put their physical security at risk. At the same time, deploying IoT solutions that haven’t been properly tested and evaluated for cybersecurity could present attackers with new vulnerabilities to exploit and gain access to a network.
Data breaches and unauthorised access by cybercriminals continue to pose an ongoing challenge for security professionals. According to a whitepaper entitled ‘Cloud - The Next Generation’ published by the Cloud Industry Forum (CIF), security and privacy concerns are among the main reasons given by businesses for their reluctance to adopt emerging technologies such as IoT or Blockchain. Three in five respondents to a survey that CIF commissioned believed that their security for cloud services could be better, and around half admitted that they were probably not compliant with all global regulations in the area. What’s important is not that there are concerns around security, but how those concerns are met.
“Three in five [respondents] conceded that the security and regulatory provisions of their cloud deployments needed to be improved, and 50% of respondents expressed doubts about their ability to comply with the regulations they need to”. CIF
CIF also found that as companies move through the process of digital transformation and bring more and more services into the cloud, many are grappling with skills shortages. Cybersecurity skills are currently the most in demand, yet over the next few years organisations state that recruiting professionals with the appropriate skills and knowledge will actually become less of a priority. That’s not because cybersecurity is becoming any easier: quite the opposite. It’s because of the increasing complexity that firms expect to outsource more and more of their cybersecurity needs to their service providers, who can provide better cybersecurity solutions than a business can itself.
In the case of video surveillance, for example, the same cloud platform that can analyse video data and deliver features such as motion detection, facial recognition and behaviour analysis, can also deliver best-in-class cybersecurity. Device management, from encryption keys to firmware upgrades, can all be conducted from the same administration interface. As new devices are added, they are automatically monitored for unusual behavior which could lead to weaknesses and therefore vulnerability to attacks.
Many firms who have experimented with IP-video cameras in the past have run into problems because devices have been added onto corporate networks without addressing cybersecurity issues such as default passwords or firmware upgrades.
A cloud platform for video surveillance that is designed from the ground up to ensure data is encrypted, and to be sensitive to new vulnerabilities or malwares, provides an additional layer of defence against both physical and cyber attacks. What’s left for the end user is to find a trusted provider who can supply it.
For more information on the Cloud Industry Forum visit https://www.cloudindustryforum.org/ or contact Morphean for a copy of the CIF white paper.
The Cloud Industry Forum was established in direct response to the evolving supply models for the delivery of software and IT services. Its aim is to provide clarity and advice for end users when assessing and selecting Cloud Service Providers based upon the clear, consistent and relevant provision of key information about the organisation/s, their capabilities and operational commitments.
[1] https://www.axis.com/blog/secure-insights/the-importance-of-secure-by-default/