Transforming Security

Are you ready for the next big thing?

• By Don Campbell
• Jan 04, 2016

By now, we’ve all heard some variation of this question and wondered what it really means for our work, our organizations and the security market in general. Some people feel confident that they are ready, and they see great opportunities ahead. Others are not so confident, and while they feel somewhat familiar with the concept of what the Internet of Things is, they find it much harder to put their finger on exactly how the specifics will impact the security profession. That is the big question, and the answer will vary from organization to organization and even person to person.

THE INTERNET OF THINGS (IOT)

What exactly is the Internet of Things? The truth is, defining the exact nature and potential of the Internet of Things is difficult. The use of the phrase itself has already grown faster than the agreement on a definition. So, like some other technical topics of high interest, such as “cybersecurity” and “the cloud,” not everyone who is using these phrases is talking about the same thing. For the purposes of this article, here is a definition that will be sufficient:

The Internet of Things is a networked computing concept that describes the situation where sensors and devices in the real world have the capability to communicate with each other and with connected processors and humans, thereby reconnecting the virtual networked world, and all the information and capabilities therein, with the real world.

With this definition in hand, the implications to the security market are much easier to recognize, understand and plan for.

THE IOT AND SECURITY

What does the IoT mean for security? The short answer is that as more and more devices of all types, security and non-security, are connected to networks. The potential impact of the Internet of Things on security grows. The same connectivity that enables homeowners to check on their thermostats remotely also provides a pathway for hackers, thieves, and pranksters to reach the same devices. In business and professional settings, management clearly sees the upside of interconnected networks, making resources and collaboration available to their increasingly distributed businesses.

They see the downside, in that the same networks expose digital doorways to hackers of all types, and they rely on the IT and security departments to protect the firm from these threats. In many ways, this coincidence of upsides and downsides applies directly to professional security matters as well.

For security professionals, the focus has been on the potential problems and how to prevent them from damaging the firm. But there are also advantages.

First, there is the ability to connect multiple disparate systems together via an IP network, which can provide security with valuable data that can be used to assess an organization’s risk and even offer the potential to avert incidents before they can occur. In addition, IoT connectivity can enable technology which helps an organization with compliance regulations.

A GROWING CHALLENGE

There are growing challenges for security professionals. In particular, the number of potential network access points is growing rapidly as more security and nonsecurity devices are equipped with an IP address and connected to the network. This growing list of devices literally expands the entire ecosystem in which security plays a role. Therefore, security practitioners can either wait for this to happen or stay ahead of potential problems by creating and implementing proactive policies around networked devices.

SMARTER TECHNOLOGIES

In the age of the Internet of Things, the greater integration and interoperability between systems streamlines control and management of devices that are connected to the network. One of the more interesting and perhaps less obvious capabilities the IoT has enabled is the ability to bring technologies that have until now been thought of as “low-tech,” into the overall security network. This creates a number of opportunities and challenges for security professionals, making it essential that devices and systems are deployed and managed correctly. Traditionally, video surveillance has served as security’s entry point into the network.

The adoption rate of IP cameras and devices has been steadily growing for a number of years, to the point where networked video is widely used and accepted. However, this is not the only piece of the equation. There are a number of technologies, such as predictive analysis solutions, designed to allow access control, building management and numerous other systems to be networked and integrated.

TRANSFORMING LOCKS

One of the best solutions to come out of the Internet of Things has been the development of standalone smart electronic locks that are easy to use and can be unlocked using a smartphone. Thanks to new innovations, a new wave of networkable and manageable solutions have transformed locks from simple hardware into intelligent sensors that can gather and share data with a wide variety of systems. When incorporated into an overall security environment, they can be centrally managed and monitored to ensure the right individuals have access only to the information and assets they need to perform their job. Similar to how access control systems are managed today.

An ideal use for these manageable locks is for securing areas or assets that may fall outside of traditional access control, such as file cabinets containing financial information or lab test results. For these applications, installing a full access control solution would likely be cost-prohibitive. Keyed locks are a much more costeffective solution, but the time and effort required to manage keys can be extensive.

Another main feature of manageable locks is ease of installation, which again, is both good and bad. Solutions that can be deployed efficiently are certainly beneficial for an organization, but at the same time, individuals are also quite capable of installing smart locks themselves.

The potential for individuals to install their own smart devices on company networks underscores the need for security departments to recognize the reality of the Internet of Things and to proactively create and implement policies and standards covering their use distributed to all employees. Standards are designed to ensure that only certain technologies are introduced into the workplace so multiple mdisparate systems can be connected, integrated and managed organization-wide.

MOBILE CREDENTIALS

Integrating mobile technology is another key component of security the IoT enables. The truth is that the number of credentials individuals are issued and must carry is increasing, as is the potential for temporary, lost or stolen badges to be missed and potentially misused.

If someone loses a phone, they are likely to quickly notice and tell someone right away. With a badge, it may take longer, and until they either locate or replace it, they can always use a temporary or visitor badge. Having credentials on smartphones encourages people to take better care of them, and the ability to connect phones to a network to control and manage identities in a single location provides security with stronger reporting, easier management and greater clarity into how credentials are being used.

PREDICTIVE ANALYSIS

Expanding policies to include manageable smart locks opens up whole new areas to predictive analytics that are now starting to give us new insights into our access control systems. While access control locks tend to be limited to the perimeter of our buildings and high value areas, smart locks cost significantly less and can be used more extensively. Combining manageable smart locks with predictive analysis serves two main purposes. First, it provides an audit trail containing the who, what, when, where and why of each access attempt, both successful and unsuccessful. In other words, an organization can have “eyes” in locations where they didn’t have them before and can detect when someone is trying to abuse the lock system. At the same time, by adding more locks, organizations are able to collect more data, which makes the predictive analysis system more accurate and by extension increases overall security.

IDENTITY MANAGEMENT AND THE IOT

Physical Identity and Access Management (PIAM) solutions with predictive analysis capabilities can serve as the glue that holds an organization’s networked security and non-security devices and systems together by tying them in to a single platform for tracking and management.

With regard to access control and locks, nearly every organization faces two main challenges. The first is controlling who has access such as ensuring the offboarding of an identity if an individual’s role changes or if they leave the organization. The second is compliance, which tends to be the more difficult of the two, because it means an organization must keep a single detailed record that clearly shows that everything related to identities and access complies with a variety of requirements.

THE IOT: ENABLING IMPROVED SECURITY

The Internet of Things offers great potential to security professionals who recognize and understand the concept. The IoT will help build efficiency and generate cost savings, which is often the main driver behind organizations’ adoption of new technologies. For security professionals, however, the deployment of new technologies and networked sensors and devices has the potential to bring a new higher level of operational awareness that can be used to improve security and operations.

One key to capturing this potential is to avoid ‘playing catch-up’ by proactively creating and implementing policies and standards. Another is to make use of the wealth of new data that the connected devices will deliver, and recognize its security-related value. The thieves and hackers are looking forward to the future of the IoT with the right actions in place, security professionals will embrace the IoT too.

This article originally appeared in the January 2016 issue of Security Today.