Industry Vertical

Being Connected

Examining why closed-network systems are not immune to cyber threats and how cloud services add layers of security to minimize risk

• By Francis Lachance
• Aug 01, 2017

Isolated corporate applications and infrastructures are becoming a thing of the past. That’s because trends such as bring-your-own devices (BYOD), internet of things (IoT) and cloud services are compelling businesses to become more connected. Now more than ever, IT departments are looking outside their environment at solutions that could lower costs and take the strain off their resources.

However, in the physical security industry, one common myth is still holding some decision-makers back: it’s the idea that keeping on-premises systems on closed networks is more secure. This article will not only help to debunk this false belief, but also show how companies can further enhance the security of their on-premises systems by connecting to the cloud services with built-in security mechanisms.

Why a Closed Network Doesn’t Protect Your Systems from Threats

The security of corporate data is critical to the integrity of operations. Yet, everywhere we turn, it seems like another company has become victim to some form of cyber threat, malware or ransomware attack. As more breaches occur and attract international press attention, fear grows, leading many to believe that opening up a network to external applications makes an organization more vulnerable to a cyberattack. This mentality is no longer accurate or true. In fact, many might be surprised to learn that a significant percentage of these breaches actually come from internal sources— whether unwitting or on purpose.

Last year, a data exfiltration study done by Intel revealed that “Internal actors were responsible for 43 percent of data loss, half of which was intentional, and half accidental.”1 Another report from Forrester called, “Understand the State of Data Security and Privacy,” found similar results.2 The study indicated that almost 40 percent of breaches came from inside a company, and that accidental and malicious intent was equal.

This data tells us that on-premises systems with closed networks are not entirely immune to threats. An employee can accidently open a phishing scam email and unleash a virus on a closed network. Or, a visitor could maliciously connect a USB stick to a computer with the intent to steal data or take down systems and halt operations.

Even when facing external threats, vulnerability often stems from systems that have not been updated with the latest fixes, or from passwords that have not been changed in months. For example, in the security industry specifically, many businesses unknowingly leave themselves vulnerable to hackers or prying eyes by not changing the default passwords on new video surveillance cameras.

While many believe that opening their network to cloud services might welcome greater risks, these studies and common mishaps suggest otherwise. Lack of employee education or defined cyber security policies, gaps in physical security and insufficient system maintenance contribute to the greatest number of threats.

How Connected Applications are Shaping Up to Be More Secure

Cloud is not all or nothing. Cloud services can be added to complement an on-premises system and its infrastructure. This can include using cloud applications to store long-term evidence, instead of on local servers or on external storage devices which can end up in the wrong hands. Cloud services can also play a critical role in disaster recovery.

In case servers are damaged by a fire or natural disaster, a full system back-up can be restored using cloud services so operations can continue without delay. Organizations can connect on-premises systems to cloud services to strengthen security and minimize internal and external threats. Here is how.

Automating Updates to Avoid Known Vulnerabilities

Many vulnerabilities that hackers prey on are quickly identified and fixed by vendors in software version updates. Even when an IT team sets scheduled updates in a closed environment, it might not happen fast enough to prevent a breach. The perk of deploying cloud services is that system updates are facilitated by the vendor. As soon as the latest versions and fixes are available, the client will have access to them. This helps to ensure that their systems are always protected against known vulnerabilities.

In connected environment, the vendor also knows what software versions are running at customer sites, and what fixes they might need. This helps the vendor personalize its services and make sure each client is getting the security updates and mechanisms that they need to bolster their environment.

Monitoring System Availability and Health

IT and security departments have many priorities. When they are busy, it’s not always possible to keep an eye out for potential system failures. However, knowing when a camera goes offline or when there is a server failure can help organizations avoid potential threats. Cloud services can automate this task by immediately sending email or text alerts to directors and managers if a system vulnerability is identified.

Then, they can securely log into the system to investigate the issue and take corrective measures. This solution helps organizations keep their on-premises systems secure and working at peak efficiency.

Considering Security in the Selection of Your Cloud Service Provider

All cloud solutions are not created equally. To identity the most secure cloud services, it’s important for organizations to take a closer look at the vendor’s security policies and built-in security mechanisms. This should include encrypted communications, data protection capabilities, and strong user authentication and password protection.

These mechanisms help protect organizations against hackers and other internet- based attacks. From an internal standpoint, they also ensure only those with defined privileges will be able to access or use resources, data and applications.

Organizations should also look at the back-end cloud platform on which the services are built. Tier-one cloud providers such as Microsoft have a global incident response team that works around the clock to mitigate attacks. The company also builds security into its cloud platform from the ground up, embedding mandatory security requirements into every phase of the development process. Top cloud providers also go out of their way to comply with international and industry-specific compliance standards, and participate in rigorous third-party audits which test and verify security controls.

Opening Up to Greater Connectivity and Security

Connecting an on-premises system to external applications does not invite threats. Instead, with the right vendor, organizations can use cloud services to strengthen and enhance the security of their onpremises systems.

These services provide the necessary updates, notifications and security mechanisms that keep on-premises systems free from common vulnerabilities that lead to more serious threats. They also help IT and security teams remain efficient and proactive in ensuring their systems are secure, and functioning at peak performance.

Here’s the truth—as adoption for the cloud increases, these cloud services will help organizations keep their on-premises system more secure than ever before.

This article originally appeared in the August 2017 issue of Security Today.