C Y B E R S E C U R I T Y
Make Your Metadata
Cybersecure
How to safely share physical security metadata with your IT systems
By Wayne Dorris
ical security devices
We all know that phys-
capture a massive
amount of informa-
tion about the envi-
ronment in which they’re deployed. When
categorized and searched effi ciently, that
data transforms into actionable intelligence
to better protect the organization. That is
where metadata comes into play.
Metadata is often generated in con-
junction with a digital fi le – be it a video
image, a sensor reading, or a sound wave –
to describe the fi le and its contents.
For example, a digital image fi le may
include metadata like the date and time the
image was captured, its location, as well as
the camera ID and settings used. The meta-
data can also include details such as the type
of object (vehicle, person, animal, etc.), its
size, how fast it is moving, even the direction
of its movement. In essence, the metadata
provides a table of contents for the data to
simplify the process of understanding, sort-
ing, and locating the data it represents.
erational effi ciency and inform pivotal busi-
ness decisions. For instance, cameras could
confi rm QA/QC activity on a production
line to help reduce costly waste or frequent
remakes. Or the data they collect could help
the company fi nd events affecting workfl ow
and operation uptime, which in an industry
like automotive or circuit board manufac-
turing could save millions of dollars in lost
production time and help management fi g-
BUSINESS INTELLIGENCE
ure out ways to increase output.
With metadata multiple stakeholders can
While this might seem like an ideal syn-
extract different business intelligence from
ergy – using the same device to channel
the same data source. For example, a secu-
critical insights to multiple stakeholders –
rity camera can read license plates to bar
it raises signifi cant concerns about the
unauthorized vehicles from entering a re-
safety and integrity of data fl owing be-
stricted parking facility. It can also count
tween systems.
cars, compare that number to garage capaci-
ty, and automatically trigger electric signage
directing vehicles to an overfl ow parking lot.
It might be a security camera that
watches a fi re exit to prevent illegal usage
can also alert on detecting a blocked exit,
enabling the organization to avoid fi re code
violations and costly fi nes. Or security cam-
eras observing for theft at a construction
site can also be used to detect whether con-
struction workers are wearing their person-
al protection equipment as OSHA requires.
It is the metadata that makes it possible
for security camera data to contribute to op-
BECOMING A TARGET FOR
INFILTRATING CRITICAL SYSTEMS
Once security cameras primarily designed for
physical security tasks start streaming data
and metadata to enterprise operational and
business systems, it increases their visibility.
Instead of being largely ignored by hackers,
they suddenly become high-value targets that
can be used to infi ltrate and bring down vital
production and business operations.
In the past, physical security solu-
tions operated on their own independent
networks. Or IT sequestered the physical
alexskopje/stock.adobe.com
security system in a separate zone on the
network, isolating it from any critical busi-
ness and production functions. These deci-
sions were made because IT did not trust
that the cybersecurity measures on those
devices were up to IT standards.
WHAT IT EXPECTS FROM
DEVICES ON ITS NETWORK
For many physical security system manu-
facturers, software developers and users,
IT-level cybersecurity is a new ball game.
To play in IT’s sandbox, physical security
devices will need things like:
• Multilayer encryption
• Certifi cate protocols
• Zero-trust architecture
• Automated onboarding and provisioning
• Active Directory and Single sign-on
• Lifecycle management
These are not new security protocols.
They have been standard requirements in
IT systems for more than a decade. But
many are new to physical security devices.
UNDERSTANDING THESE
SECURITY PROTOCOLS
IT security protocols serve two purposes:
protecting the integrity of systems and
data and making it easier to manage the
devices on the network.
1 8 M A Y / J U N E 2 0 2 5 | S E C U R I T Y T O D A Y