Page 120 - Security Today, April 2018
P. 120
SECURE ENVIRONMENT
MAINTAINING STRENGTH
AS
security and regulatory compliance are not only critical risks, but also open significant gaps in the overall security mission to safe- guard life safety, privacy, intellectual property and business continuity.
Through strategic system planning and proactive maintenance methodologies, secu- rity professionals can close the gap on negli- gent vulnerabilities and move their programs forward from a reactive mode to serving the businesses effectively.
A PATCHWORK CONFIGURATION
“Design fatigue” sets in on many campuses over the years by way of acquisition and rapid technological advancement. Eventually, many security teams are faced with numerous brands, all varying in functionality and updated features. A patchwork quilt configu- ration begins to form consisting of older, out- dated systems that are mission-critical and often too expensive or complex to outright replace without a major capital project.
However, the extreme risk within these frag- ments are failure to alert on specific events, porous data security and unmanaged surrepti- tious access to video, records and location access. Often, the procurement and deploy- ment processes miss the big picture five-year plan; solving smaller issues piece by piece.
More clearly, physical security and IT should co-plan master platform investing and data ownership to ensure uptime, security and efficient spending.
Cybersecurity has been an issue on many campuses for decades. However, today’s Inter- net of Things (IoT) revolution allows a smart- phone to connect to almost anything with an IP address including: other smart devices, security cameras, databases, lab equipment, vehicles, door controllers, etc.
A two-fold approach to shoring up this security gap is: first, to ensure all selected manufacturers abide by current IT best prac- tices for patching and logical permission management, and the second is to ensure that selected products connect to the approved IT governance platforms.
strong physical security system is technology based and covers the gaps By Lance Holloway
ecurity professionals are faced with several challenges in today’s highly technical environment on campuses. Issues such as system architecture fragmentation, cyber-
CS36 WWW.CAMPUSLIFESECURITY.COM | APRIL 2018
A SPECIAL SECTION TO SECURITY TODAY AND THE JOURNAL
Often, IT manages anything on the net- work that can be identified. However, many physical security devices have been deployed on the campus network being neither identi- fied nor maintained, resulting in outdated devices susceptible to malware or unauthor- ized access. Devices compatible with IT SIEM, Directory Services or other manage- ment tools bring visibility and management to the system and can mitigate cyber-attack considerably.
Current system monitoring can have a sig- nificant gap where many IT systems watch the status of the IP address of a camera, for exam- ple; but are not configured to ensure the man- ufacturer firmware is up-to-date and that the hard drive is properly capturing usable video in the case of a forensic investigation. Plat-
forms dubbed “service assurance” have emerged that have developed their feature set to explicitly monitor all network elements involved in reproducing the archived video.
A typical recording path for security video may include camera, network switch, server, operating system and hard drive (cloud or clustered storage). Again, the gap is that many IT systems are set to monitor the uptime of an IP address on the network, but cannot warn the security department that recording laten- cy may crash the NVRs, resulting in a life safety gap in lost video. Service Assurance products are poignantly developed to greatly strengthen resource usability.
SYSTEM FAILURE
What can happen in the case of these systems
CAMPUS SECURITY & LIFE SAFETY