24
0919 | SECURITY TODAY
Untitled-6 1
Go to sp.hotims.com and enter 27 for product information. See us at GSX Booth 2440.
8/5/19 3:02 PM
CLOUD SECURITY
found. Choosing the right cloud provider, such as Google Cloud Plat- form (GCP), eliminates mundane infrastructure management tasks such as security upgrades, leaving manufacturers to concentrate on what’s most important: bolstering the platform’s security capabilities.
Finally, connectivity is always a concern, as users expect (and require) the ability to access data instantaneously. From a security perspective, a product must be able to mitigate different types of at- tacks including distributed denial of service (DDOS). Some provid- ers, including Google, mitigate these issues within their networking products, giving the manufacturer more time to focus on the product.
Testing, Testing, Testing
A regular part of the manufacturer’s process is the testing phase, which helps strengthen systems. Penetration testing, which includes efforts to circumvent the risk controls and security configuration of the product, attempts to engage the product in a denial of service, to access and authenticate on the product via unauthorized means, to elevate privilege on the product, and to exploit vulnerabilities.
Once a cloud-based service has been designed, tested and intro- duced to the market, the product testing shouldn’t stop, as new vul- nerabilities are found every day. As with every product that works over a network—such as today’s IP cameras and networked access control solutions—the data being collected and stored must be treat- ed with a multi-layered approach and protected through encryption to and from its final destination.
How to Integrate Security by Design as an Integrator
So how does the design of a product affect the integrator’s relation-
ship with an end user? There are a number of ways.
First, integrators are increasingly tasked with acting as a liaison
between the security side of the business and the IT departments. This means they are often responsible for ensuring networks and fire- walls are configured correctly to implement security solutions.
Integrators must also be adept at identifying where data privacy is paramount and communicating what information is being collected so that IT departments can protect said data from outside threats. Finally, integrators are an essential part of training end users on the proper use of cloud-based platforms and how to take the necessary steps in effectively using these tools to protect a facility (or multiple facilities across an organization).
It’s a Process
Throughout the years, the increasing popularity of cloud-based ser- vices and products has given rise to companies developing solutions that harness the exceptional power of the cloud. However, these com- panies are also tasked with ensuring that their products are providing adequate protection of the data being transmitted and stored.
Cloud security starts with design and doesn’t end when a prod- uct enters the marketplace. End-user customers who choose to transition to a cloud-based service must engage
in the stringent process of due diligence and
search for a manufacturer that has kept security
at the forefront of the design, development and
post-sale process in order to protect critical data
from outside threats.
Ben Rowe is a cloud and security architect at Arcules.