Transforming Security - By now, we’ve all heard some variation of this question and wondered what it really means for our work, our organizations and the security market in general.

Transforming Security

Are you ready for the next big thing?

By now, we’ve all heard some variation of this question and wondered what it really means for our work, our organizations and the security market in general. Some people feel confident that they are ready, and they see great opportunities ahead. Others are not so confident, and while they feel somewhat familiar with the concept of what the Internet of Things is, they find it much harder to put their finger on exactly how the specifics will impact the security profession. That is the big question, and the answer will vary from organization to organization and even person to person.

THE INTERNET OF THINGS (IOT)

What exactly is the Internet of Things? The truth is, defining the exact nature and potential of the Internet of Things is difficult. The use of the phrase itself has already grown faster than the agreement on a definition. So, like some other technical topics of high interest, such as “cybersecurity” and “the cloud,” not everyone who is using these phrases is talking about the same thing. For the purposes of this article, here is a definition that will be sufficient:

The Internet of Things is a networked computing concept that describes the situation where sensors and devices in the real world have the capability to communicate with each other and with connected processors and humans, thereby reconnecting the virtual networked world, and all the information and capabilities therein, with the real world.

With this definition in hand, the implications to the security market are much easier to recognize, understand and plan for.

THE IOT AND SECURITY

What does the IoT mean for security? The short answer is that as more and more devices of all types, security and non-security, are connected to networks. The potential impact of the Internet of Things on security grows. The same connectivity that enables homeowners to check on their thermostats remotely also provides a pathway for hackers, thieves, and pranksters to reach the same devices. In business and professional settings, management clearly sees the upside of interconnected networks, making resources and collaboration available to their increasingly distributed businesses.

They see the downside, in that the same networks expose digital doorways to hackers of all types, and they rely on the IT and security departments to protect the firm from these threats. In many ways, this coincidence of upsides and downsides applies directly to professional security matters as well.

For security professionals, the focus has been on the potential problems and how to prevent them from damaging the firm. But there are also advantages.

First, there is the ability to connect multiple disparate systems together via an IP network, which can provide security with valuable data that can be used to assess an organization’s risk and even offer the potential to avert incidents before they can occur. In addition, IoT connectivity can enable technology which helps an organization with compliance regulations.

A GROWING CHALLENGE

There are growing challenges for security professionals. In particular, the number of potential network access points is growing rapidly as more security and nonsecurity devices are equipped with an IP address and connected to the network. This growing list of devices literally expands the entire ecosystem in which security plays a role. Therefore, security practitioners can either wait for this to happen or stay ahead of potential problems by creating and implementing proactive policies around networked devices.

SMARTER TECHNOLOGIES

In the age of the Internet of Things, the greater integration and interoperability between systems streamlines control and management of devices that are connected to the network. One of the more interesting and perhaps less obvious capabilities the IoT has enabled is the ability to bring technologies that have until now been thought of as “low-tech,” into the overall security network. This creates a number of opportunities and challenges for security professionals, making it essential that devices and systems are deployed and managed correctly. Traditionally, video surveillance has served as security’s entry point into the network.

The adoption rate of IP cameras and devices has been steadily growing for a number of years, to the point where networked video is widely used and accepted. However, this is not the only piece of the equation. There are a number of technologies, such as predictive analysis solutions, designed to allow access control, building management and numerous other systems to be networked and integrated.

TRANSFORMING LOCKS

One of the best solutions to come out of the Internet of Things has been the development of standalone smart electronic locks that are easy to use and can be unlocked using a smartphone. Thanks to new innovations, a new wave of networkable and manageable solutions have transformed locks from simple hardware into intelligent sensors that can gather and share data with a wide variety of systems. When incorporated into an overall security environment, they can be centrally managed and monitored to ensure the right individuals have access only to the information and assets they need to perform their job. Similar to how access control systems are managed today.

An ideal use for these manageable locks is for securing areas or assets that may fall outside of traditional access control, such as file cabinets containing financial information or lab test results. For these applications, installing a full access control solution would likely be cost-prohibitive. Keyed locks are a much more costeffective solution, but the time and effort required to manage keys can be extensive.

Another main feature of manageable locks is ease of installation, which again, is both good and bad. Solutions that can be deployed efficiently are certainly beneficial for an organization, but at the same time, individuals are also quite capable of installing smart locks themselves.

The potential for individuals to install their own smart devices on company networks underscores the need for security departments to recognize the reality of the Internet of Things and to proactively create and implement policies and standards covering their use distributed to all employees. Standards are designed to ensure that only certain technologies are introduced into the workplace so multiple mdisparate systems can be connected, integrated and managed organization-wide.

MOBILE CREDENTIALS

Integrating mobile technology is another key component of security the IoT enables. The truth is that the number of credentials individuals are issued and must carry is increasing, as is the potential for temporary, lost or stolen badges to be missed and potentially misused.

If someone loses a phone, they are likely to quickly notice and tell someone right away. With a badge, it may take longer, and until they either locate or replace it, they can always use a temporary or visitor badge. Having credentials on smartphones encourages people to take better care of them, and the ability to connect phones to a network to control and manage identities in a single location provides security with stronger reporting, easier management and greater clarity into how credentials are being used.

PREDICTIVE ANALYSIS

Expanding policies to include manageable smart locks opens up whole new areas to predictive analytics that are now starting to give us new insights into our access control systems. While access control locks tend to be limited to the perimeter of our buildings and high value areas, smart locks cost significantly less and can be used more extensively. Combining manageable smart locks with predictive analysis serves two main purposes. First, it provides an audit trail containing the who, what, when, where and why of each access attempt, both successful and unsuccessful. In other words, an organization can have “eyes” in locations where they didn’t have them before and can detect when someone is trying to abuse the lock system. At the same time, by adding more locks, organizations are able to collect more data, which makes the predictive analysis system more accurate and by extension increases overall security.

IDENTITY MANAGEMENT AND THE IOT

Physical Identity and Access Management (PIAM) solutions with predictive analysis capabilities can serve as the glue that holds an organization’s networked security and non-security devices and systems together by tying them in to a single platform for tracking and management.

With regard to access control and locks, nearly every organization faces two main challenges. The first is controlling who has access such as ensuring the offboarding of an identity if an individual’s role changes or if they leave the organization. The second is compliance, which tends to be the more difficult of the two, because it means an organization must keep a single detailed record that clearly shows that everything related to identities and access complies with a variety of requirements.

THE IOT: ENABLING IMPROVED SECURITY

The Internet of Things offers great potential to security professionals who recognize and understand the concept. The IoT will help build efficiency and generate cost savings, which is often the main driver behind organizations’ adoption of new technologies. For security professionals, however, the deployment of new technologies and networked sensors and devices has the potential to bring a new higher level of operational awareness that can be used to improve security and operations.

One key to capturing this potential is to avoid ‘playing catch-up’ by proactively creating and implementing policies and standards. Another is to make use of the wealth of new data that the connected devices will deliver, and recognize its security-related value. The thieves and hackers are looking forward to the future of the IoT with the right actions in place, security professionals will embrace the IoT too.

This article originally appeared in the January 2016 issue of Security Today.

Featured

  • Survey Shows Election Anxiety Crosses Party Lines

    New reports of election worker intimidation are raising concerns about election interference. A majority of Americans (71%) are worried about voter intimidation or safety at the polls, and 75% want security cameras at their voting place, according to a new national survey. Read Now

  • 66 Percent of Cybersecurity Pros Say Job Stress is Growing

    Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • Live from GSX 2024: Post-Show Recap

    Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now

    • Industry Events
    • GSX
  • Research: Cybersecurity Success Hinges on Full Organizational Support

    Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3