failure or outage? How can anyone be blamed when there is an explosion of devices and software that need constant attention?
To stop the blame game from continuing within the securi- ty industry the path forward requires three essential changes to the typical approach to design, installation and maintenance of building security systems:
All parties need to increase their “cyber IQ.” Everyone from manufacturers to installers to customers needs to understand and appreciate how their choices and actions impact network security. Ultimately security is a set of choices inside a race of imagina- tion. If we don’t work to understand the threat, we are choosing to fail before the race has even started.
We need to adopt business models that contemplate a living system versus a one-time sale. There is 100 percent certainty that a system remaining unpatched for months or years will eventu- ally contain a known vulnerability. Everyone in the value chain needs to be prepared for this reality. Manufacturers must in- clude security patches in subscription services, installers must insist on contracted maintenance and provide routine upgrades, customers will need to accept and pay for updates that are not driven by features.
A technical model that minimizes transition risk and makes upgrades almost invisible to the customer. This is primarily
a challenge for the manufacturers. We have to learn from the Google Chrome model and find ways to update software and firmware with minimal cost and interruption. We must imple- ment strong auto-update capabilities that are readily available and seamlessly installed. We must take responsibility to monitor our own devices to ensure that they are secure and not recruited to form a bot-net army.
Fortunately much of what we need to respond to these condi- tions is available to us today. Cyber security education is widely available to us. We can follow secure development practices as we create our products. We can perform continuous monitoring and vulnerability testing of systems while in production. We can deploy patches uniformly and quickly across numerous devices in a cost effective way without inconveniencing customers. We can have the discipline to avoid insecure products and practices when delivering our solutions.
Many industries have proven that all of these things are pos- sible. Now is the time for the security industry to step up to this challenge, as we are compelled to do it.
John Szczygiel is the executive vice president and chief operating officer responsible for business development, sales, product manage- ment and customer care at Brivo.
Make us your homepage!
Our website uses responsive design to adapt to whatever device you’re using.
• Breaking news
• Relevant industry news and trends
• The newest security products
• Online product database and directory
• Trending topic and product videos
• Training through Security Today Academy
1.5988 in
WWW.SECURITYTODAY.COM secur
Go to sp.hotims.com and enter 202 for product information.
ri
i
t
t
y
y
t
to
o
d
da
ay
y.
.c
c
om m NS13
o