Page 64 - Security Today, November/December 2018
P. 64
of connectivity, cybersecurity quickly becomes a physical concern.
Departments Converge
Engineers, integrators, and administrators of all systems today have a very heavy reliance on the network. If the core network system isn’t working correctly—or is under attack from internal as well as exter- nal threats—the system will not be able to perform its functions as intended, and any security breach can reach far beyond the security network to the rest of the organization’s digital infrastructure.
Edge devices of all types—cameras, locks, sensors, control pads— are vulnerable parts of a network. Any security system design must take this into account. Because one solution does not fit all applica- tions or address all threats, a multi-layered approach is best for de- ploying an optimally functional and secure network.
Due to the shift to a digital world, both facilities and IT now need to look at the network and physical assets together. Just as a facilities worker needs to understand wireless security on an access control unit, IT personnel need to worry about people getting unauthorized access to servers.
Network design considerations for security management are es- sential to ensure system performance, data integrity, and threat miti- gation. The challenge is that system security integrators are often confronted with a multitude of existing situations, which may not meet industry or manufacturer best-practice standards in today’s dy- namic cybersecurity-centric world. For this, Facility, Security and IT departments must work more closely than ever before—often merg- ing into single departments.
Critical Password Management
As we work to prevent access to the core network, the device layer becomes critical. System designers must secure all devices and make sure they are addressing the right resources and that the traffic has been authenticated. This can be done through the use of proper traf- fic certificates and password management.
Most devices today can encrypt command and control traffic, but to do this, a certificate needs to be assigned to it. Typically, a self- assigned certificate is used, but which in itself is not inherently secure. One of the best ways to do this is with a third-party, certificate/policy enforcement service utility.
With a certificate authority in the mix, the service says yes, this is a signed certificate between the device and the server. These two parties can now communicate. Password management systems such as YubiKey and LastPass, for example, can provide solid, easy-to-use hardware and software password management solutions. For additional protection, management utilities can dictate password changes and password hy- giene so administrators can request through the server that they want all devices to have a password with 25 characters and this will be randomly generated by the server, adding a high level of security.
We have seen big network-distributed denial-of-service hacks based on devices that for the most part still had default passwords in them—clearly a fundamental IT security mistake. If the IT de- partment had been involved, those devices probably would not have still had their default passwords and would have been secure. Pass- word management and certification hygiene are already essential topics for integrators, and this will only continue to become even more important.
The IoT Opportunity
As the Internet of Things continues to expand, the intersection of IT and physical security is more critical than ever. Integrators need to be knowledgeable in these solutions to deliver more value to their customers, and to ensure successful deployments. This requires the ability to work effectively with both security and IT departments for a comprehensive and holistic approach that provides the highest ef- ficiency and level of protection for their customers.
Now that IT and physical security are often using the same equip- ment and infrastructure, investment costs for each department can be reduced. For example, smart card or mobile phone solutions can be used for both IT applications (network logon or secure printing) and physical security (to gain access to the building itself or areas within the building).
The ability to gain additional utility not only helps lower the costs for each department but also simplifies management because a single credential is being used across multiple applications.
While the proliferation of IP-enabled equipment represents an opportunity for integrators to grow their business by securing a great- er percentage of a facility, the growth in connected solutions com- bined with declining hardware prices is driving solutions providers to search for new revenue streams.
Mobile Access
For security dealers and integrators who service environments of most any size, cost-effective, easy-to-deploy, and easy-to-use mobile access management systems are now attainable. The latest technol- ogy allows managers and developers to not only increase security and convenience but to increase the value of their properties by making convenient access a marketable asset to attract and retain residents.
With the majority of the population now relying on their mobile phones for managing nearly every aspect of their lives, mobile cre- dentials will soon become a requirement for many customers. This drastically impacts the way that access control software is delivered. Wireless and mobile technologies offer a secure, manageable and cost-effective approach without the need for expensive infrastructure.
Partner for Success
It’s critical today that integrators embrace emerging technologies such as mobile, cloud-based services and other new tools to make their jobs easier, their companies more profitable, and to provide bet- ter solutions for their customers.
It would be next to impossible for a single company to provide the in-depth expertise for planning for and managing all these concerns. Just as IT and Security departments are merging, and just as Physical Security and cybersecurity are becoming a single
discipline, it is essential that integrators seek out and work with manufacturers and other subject matter experts who understand, embrace and sup- port these technologies within their solutions.
Peter Boriskin is the vice president of product man- agement at ASSA ABLOY.
48
NOVEMBER/DECEMBER | SECURITY TODAY
GROWTH AND TRENDS
Zapp2Photo/Shutterstock.com